Reputation the key driver for IT security

If you fail to address the security issue, then you can lose your company bonus, quips Adrian Davies, EMEA MD, (ISC)², at the Infosecurity Europe Show 2014.

The issue of cyber security
The issue of cyber security

This summer marks the 25th anniversary of the formation of the (ISC)² – the International Information Systems Security Certification Consortium – and at the Infosecurity Europe Show this week, Adrian Davies, the newly-installed EMEA managing director explained to SCMagazineUK.com his view of the IT security industry and the general threat landscape.

Davies, who joined (ISC)² in March this year, is no stranger to the security business. As well as being a veteran of the industry, he has held a senior position with the ISF – the Information Security Forum – for several years.

His new role with (ISC)², he told SCMagazineUK.com, is to continue the Consortium's work in promoting information security education and certification.

First a little history - the (ISC)² was founded in the summer of 1989 as non-profit organisation, with the CISSP credential launched by 1994, followed by the SSCP credential in 2001, the CAP credential in 2005 and the CSSLP credential in 2008.

Davies says that the Consortium has just launched the global academic programme, which seeks to address the growing gap in availability of qualified cybersecurity professionals.

That education strand continues apace, he said, and there are plans in hand to announce academic link-ups with several European universities very shortly.

The aim of the link-ups, he explained, is to encourage the academic course creators to include security as a standard feature of their courses – and not just in the field of IT.

“The aim is to get the principle of security firmly embedded into the courses,” he said, adding that he is now seeing a more open approach to security in academic courses.

The ultimate aim of linking up with universities, he went on to say, is to develop a more well rounded approach to security – and, ultimately, more well rounded individuals operating in the field of IT security and beyond.

“Companies are crying out for these skills, says Davies, as their customers understand the need for security in the products and services they develop.

Inconvenience, he explained, is a key driver in this regard, as consumers are aware that if their information is compromised, it can hurt them, as well as their data.

And it's not just companies and consumers that are becoming aware of the need for security in the products and services they buy, says the EMEA managing director of (ISC)², it is also the board members that are having to understand the technology of security.

“There are three main reasons for this. Firstly consumers are driving the security agenda. Secondly boards are becoming more tech-savvy. And thirdly there is the regulatory issue,” he said.

Regulation is a key driver, he added, because of the individual liability and reputation issues.

“Basically, if you fail to address this driver, then you can lose your company bonus,” he explained.

The bottom line to the current IT security threat landscape, says Davies, is that criminals are not stupid.

“Why do criminals rob banks? Because that's where the money is. This is why we see cybercriminals using technology to steal money – they too go where the money is,” he concluded.