U.K. creates new IT security body

Published 12 January 2006

IT security body created in England to improve levels of training and certification in this increasingly important area

The U.K. Department for Trade and Industry (DTI) has approved the creation of the Institute of Information Security Professionals (IISP), which will certify experts in a similar way that the British Medical Association does for doctors, for example. The Institute has received initial funding from the DTI and from the Cabinet Office’s Central Sponsor for Information Assurance unit, which coordinates information security projects across government. The IISP is backed by leading businesses, including BP, HBOS, Royal Bank of Scotland (RBS), and Royal Mail, which want to create a minimum level of professionalism for IT security staff. “It is important to define a standard of professionalism and agree a bar, not just in knowledge but in judgment and experience,” said Paul Dorey, chairman of IISP and chief information security officer at BP. “Current security certifications are based on individual knowledge. But with projects such as Sarbanes-Oxley we need people who can make decisions and ensure they are based on a solid grounding,” he added.

Several of the founders, including BP, RBS, Vodafone and the government Communications Electronics Security Group, will offer a cross-organizational mentoring scheme for junior members. “As a doctor you don’t become a proper practicing professional until you have gone through an internship and received tutoring from experienced doctors and surgeons. We want IT security professionals to gain similar experience,” said Dorey.

-read more in this report