A new professional body for information security professionals launched today (Monday 27 February) will help raise the standards of IT security across the UK, leading employers have said.
The Institute for Information Security Professionals has won backing from major UK firms, which plan to use it as a benchmark for hiring IT security staff.
BT, BP, HBOS, Messagelabs, Barclays Bank, Standard Chartered Bank and government departments including the Cabinet Office and the Communications Electronic Security Group (CESG) are among the organisations supporting the new body.
The institute will lay down minimum standards for IT security professionals, including defining a common body of knowledge, a career development programme, and a code of ethics.
"There is a huge demand for membership," said Nick Coleman, interim CEO of the new organisation and head of security services at IBM. "It is much bigger than I expected. From local authorities to central government, to independent consultants, to police."
Martin Sadler, director of HP's trusted systems laboratory, said, "Qualifications such as CISSP (Certified Information Systems Security Professional) are the standards for knowledge. We want to go beyond that and look for the soft skills, the judgements that show people can do the job."
Chris Ensor, programme director at the CESG, said the institute would provide employers with a way of benchmarking existing security staff and new recruits.
Tony Neate, industrial liaison officer at the National High Tech Crime Unit, said the move was "well overdue". He added, "It will make it easier for law enforcement to obtain expert advice."
The institute grew from a collaboration between an informal group of security professionals from industry and academia.
It plans to pilot a mentoring programme with the Royal Bank of Scotland, BP, BT and Vodafone in the next six months. The programme aims to help companies develop chief information security officers, and to give security staff an insight into the way other organisations manage security.
The institute is holding talks with other bodies, including the British Computer Society and the Institute for Communications Arbitration and Forensics, about possible collaboration.
IT directors welcome new institute
"I'm completely supportive of the need for a chartered security professional qualification. I would hope that, over time, the various different types of qualifications within the industry could come together under one overall governing body. The Institute for IT Security Professionals is a good start."
Adam Burstow, IS director at property management firm Telereal
"The Institute for IT Security Professionals has got to be good for the industry. Any industry standard for IT security is worth pursuing."
Steve Hopson, county ICT officer at Cheshire County Council
"At least you have got some way of knowing what you are getting. We do insist our own security staff have a Cisco security qualification."
Tony Wright, director of IT services at University of East London