IT security body approved

The government has approved plans for an institute of IT security to give computer security experts professional status on a par with occupations such as accountancy and law.

The Department for Trade and Industry (DTI) has approved the creation of The Institute of Information Security Professionals (IISP), which will certify experts in a similar way that the British Medical Association does for doctors, for example.

The Institute has received initial funding from the DTI and from the Cabinet Office’s Central Sponsor for Information Assurance unit, which co-ordinates information security projects across government.

The IISP is being backed by leading businesses, including BP, HBOS, Royal Bank of Scotland (RBS) and Royal Mail, which want to create a minimum level of professionalism for IT security staff (Computing, 22 September).

‘It is important to define a standard of professionalism and agree a bar, not just in knowledge but in judgement and experience,’ said Paul Dorey, chairman of IISP and chief information security officer at BP.

‘Current security certifications are based on individual knowledge. But with projects such as Sarbanes-Oxley we need people who can make decisions and ensure they are based on a solid grounding,’ he added.

IT security professionals who gain membership will need to adhere to a code of conduct and take part in a continual professional development programme.

Several of the founders, including BP, RBS, Vodafone and the government Communications Electronics Security Group, will offer a cross-organisational mentoring scheme for junior members.

‘As a doctor you don’t become a proper practising professional until you have gone through an internship and received tutoring from experienced doctors and surgeons. We want IT security professionals to gain similar experience,’ said Dorey.

Cabinet Office minister Jim Murphy says the IISP will be key to delivering public services.

‘Ensuring the right level and range of IT skills across government is fundamental to providing good-quality e-enabled public services,’ he said. ‘The IISP will enable both the public and private sector to benefit from accredited information security staff.’ Murphy said.

‘The institute fits within our strategy for a government IT profession which will help departments achieve cost effective, professional and secure information systems.’