Chartered Institute calls for standardisation of information security qualifications

The Chartered Institute of Information Security hopes to play a bigger role in security regulation and professional accreditation after being formally conferred the Royal Charter in June

Acquiring the Royal Charter is really about recognising people for their skills and expertise, said Amanda Finch, CEO of the Chartered Institute of Information Security, formerly the Institute of Information Security Professionals (IISP).

The organisation was formally conferred the Royal Charter in June. "To get the Royal Charter, we had to go through a very rigorous and laborious process, which meant that we had to prove that we were the only professional body in that particular space," said Finch. 

"Although there were lots of other organisations that represent sectors of the security profession or has the profession as part of their membership, we were the only pure-play security professional body."

The transition came at a time when the UK is drafting an alternative law on data protection and privacy for all individual citizens in place of the General Data Protection Regulation (GDPR). of the European Union and the European Economic Area, which would not be applicable in the region after the Brexit.

"We will be an influence in forming the regulations," said Finch. "What we would be doing (in setting up the regulation) is having an industry voice. We have individual members and organisational members. We also work with academia and the government. We have a lot of influencers in our membership."

IISP will mobilise its thoughts and intentions to help shape policy and its direction, said Finch. The department for digital, culture, media & sport, UK, is working towards setting up a cyber-security council. It also helps that IISP is already a part of a larger cyber-security alliance in the UK. 

However, lack of trained manpower and limited budgets act as major roadblocks, said the IISP annual report on the security profession. IISP aims to alleviate the talent scarcity with its in-house programmes and industry partnerships, said Finch. There are various accreditation levels for security professionals, from affiliates to fellows.

A full membership, the gold standard as Finch puts it, calls for five to ten years of experience in the security profession. Assessment will be about their knowledge and how they have demonstrated this in their workplace.

"A lot of security is about influencing, explaining and understanding business needs. So they have to have technical knowledge but they also need to demonstrate that they have interpersonal skills," said Finch.

The ISP Skills Framework, developed in conjunction with academia, government and the industry, is another training and certification programme in place. The aim is to reach a situation where a senior security professional has to go through the chartered route to get a corporate position, she said. "The standardisation will come over time."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews