Institute of Information Security Professionals aims to improve the training, certification and supply of staff
Experts welcome UK security training body
/v3-uk/news/1980749/experts-welcome-uk-security-training-body
08 Mar 2006, Robert Jaques , V3
Industry experts have welcomed the recent launch of the UK-based Institute of Information Security Professionals (IISP) which aims to improve the training, certification and supply of staff in this field.
Analyst firm Gartner said that, if the initiative is successful, it may spur other countries to set up similar institutes.
The UK's initiative to form a professional development organisation was taken by information security leaders from business, government and academia.
The body will address two principal concerns: demand for information security expertise increasingly exceeding supply; and managers lacking a way to provide assurance about a job candidate's abilities.
Gartner research vice president Jay Heiser said: "The term 'infosec professional' is almost a contradiction in terms.
"The field has grown organically and it remains ad hoc, with little agreement on what constitutes professionalism. Hiring decisions are complicated by a lack of agreement on the necessary abilities.
"However, it is agreed that industry and government cannot find enough qualified people, and this shortfall in security skills is exacerbated by a shortage of best practices.
"Many security problems are still unsolved, and will remain so until specialists pool their knowledge and experience."
However, Heiser warned that "it remains to be seen" whether there will be enough cooperation and participation to build an institution for the chartering of individuals in this burgeoning field.
The analyst believes that the organisation can only succeed if the market demands that the IISP becomes the authoritative professional development and standards-setting body.
Gartner advised UK firms and security practitioners concerned about problems in staffing to consider supporting the IISP through membership and participation in its programmes.
Those outside the UK should monitor the progress of the IISP, according to Heiser. If it does prove its usefulness, it will provide a model for the creation of similar bodies in other countries.
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
More of the Same?
In what way will this body replace the (ISC)2 organisation that already runs the widely used and recognised CISSP accreditation program? Is this merely adding a competing, albeit British, body?
Posted by Dave, 09 Mar 2006
Infosec is global
... The UK is not particularly known to understand there's life off it's barren cliffs.
Will the UK need standardisation of information security professionalism, or would it need submission to the world's existing (..!) standards on informations ecurity professionalism? The last thing 'we' the world needs, is yet other local (read: provincial) standards.
Posted by Jurgen, 09 Mar 2006
yet another certification
Thank goodness there's yet another bit of paper I can pay several hundred pounds for which will prove that I am a "security professional." It will somehow be magically better than the other four or so bits of paper I could have.
Heaven forbid an employer simply look at my six year's security experience instead.
Posted by Mike, 09 Mar 2006
OK.. another Institute, another Standard
OK, so I?ve been in the security industry for a long time, I'm cynical about the ?boys clubs? and so-called certification schemes currently lurking in this field, but putting to one side Jay Heiser?s unsubstantiated and unwarranted comment, it?ll be interesting to see if this becomes just another money spinning initiative.
Now, before you write off this comment, look around at the other qualifications and ?clubs? available, anyone see any real method of monitoring the ability and professionalism of the masses? I actually welcome this initiative if it fulfils the following:
a. Isn?t just a cash cow for someone.
b. Actually forces members to exhibit a high level of skill and professionalism (otherwise what?s the point)
c. Provides a method for training and education for those that nearly make the grade and continually assess those that have.
d. Doesn?t become an elitist or snobbish, ?fuddy duddy? organisation that few people who understand the industry wish to associate themselves with.
Buy-in will be hard to achieve but is necessary to gain the trust and respect such a body would require.
?God Bless All Who Sail On Her?
James
Posted by James Wootton, 08 Mar 2006