Qualifications devalued, warns IDC

Danger that certifications considered of a high value today will in the future become less significant

Nick Coleman: too many accreditations are confusing

Businesses view IT security qualifications as less relevant because there are so many of them, according to research published by analyst IDC.

The report says there is a danger that certifications considered of a high value today will in the future become less significant.

‘Six years ago, some 15 different security certifications were available in the marketplace,’ says the report. ‘Today the number has grown to more than 40 vendor-neutral and more than 25 specified certifications, making it difficult for employers to discern which certifications carry the greatest value.’

Phil Cracknell, president of the Information Systems Security Association (ISSA) UK director of technology assurance and advisory at Deloitte, says there are overlaps and gaps between various accreditations.

‘Some used to be highly valued but have been devalued because they are offered on a five-day boot camp,’ he said. ‘There are so many qualified people out there you can take your pick. If a qualification is your only criteria you are going about it wrong.’

Nick Coleman, interim chief executive of accreditation body the Institute of Information Security Professionals (IISP), says one overarching accreditation could embody smaller schemes.

‘If there are too many accreditations and you cannot relate how they fit together, it looks confusing,’ he said. ‘We need a framework for knowledge-based accreditations to understand how they contribute to an overall assessment of whether someone has the right knowledge.’