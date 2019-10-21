Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

Chartered Institute of Information Security Calls for Better Collaboration on Skills and Pathways

Speaking four months after the IISP was renamed as the Charted Institute of Information Security (CIIS), CEO Amanda Finch said the re-branding was “great for us, as it puts on the map” after three and a half years of application.

Speaking at Plymouth University's Secure South West conference, she said that chartered status was important as it is “recognizing us as a proper profession” and that the CIIS is “the only pure play information security institution to have been granted Royal Charter status and is dedicated to raising the standard of professionalism in information security.”

She said that cybersecurity is still “badly defined” as a term, and work is needed to make it a profession. Admitting that we cannot be “renaissance people who do everything,” the profession has grown from when you needed to be generalist to consider multi-disciplined areas, taking in physical science, psychology, legal, compliance and different skill sets.

The CIIS determines that professionalism depends on:

  • An agreed body of knowledge and skills that professionals need to have to work effectively in the field
  • Ways to provide those skills through education and training programs
  • Ways to accredit this process (both those identifying the body of knowledge and those teaching it) and attest that the individual has acquired those skills
  • The mastery of certain defined skill sets through these processes
  • Ways to demonstrate that practitioners have acquired those skills and can apply them competently
  • Ways practitioners can refresh that knowledge through continuing education
  • Codes of Ethics to ensure that practitioners act professionally

Finch argued that we need to recognize what we do have, and what we need to be developing to attract the best people. “We’ve been helping organizations to develop capabilities using development methodologies and frameworks” and also accrediting for competencies as, she said.

“So we developed a methodology to look at existing capabilities and skills and developing teams in this environment,” Finch said.

While companies may not always get “people with 100% of skills,” they should look at a person’s potential, “what basic skills you want them to have and upskill them.”

There will still be a need for specialists though, and to bring in expertise where it is needed, she said, concluding that we need to work as a community to bring the best talent in, and find good pathways to “demonstrate we’re a profession and make sure people come to us.”

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Italians Rocked by Ransomware

2
News

Girl Scouts of USA Launch First National Cybersecurity Challenge

3
News

A New Strain of Malware Is Terrorizing Docker Hosts

4
News

UK Government Announces Major New Cybersecurity Partnerships

5
News

Baltimore Doubles Up on Cyber-Insurance Following Ransomware Attack

6
News

New US Privacy Bill Would Intro Jail Time for CEOs

1
Interview

Interview: Martin Lee, Outreach Manager and Technical Lead, Cisco Talos

2
News

Chartered Institute of Information Security Calls for Better Collaboration on Skills and Pathways

3
News

Chinese National Gets 40 Months for Exporting US Military Kit

4
News

Trojanized Tor Browser Steals Users’ Digital Currency

5
News

US Lawmakers Call on Apple to Reverse Hong Kong App Ban

6
Opinion

Equifax and Capital One: What Should We Learn?

1
Webinar

How Segmentation Leads to Visibility and Enables Compliance

2
Webinar

Identifying and Defending Against Advanced and Automated Attacks

3
Webinar

The Insider's Motive: Defending Against the 7 Most Common Insider Threats

4
Webinar

#HowTo Improve Security & Efficiency for Your File Transfers

5
Webinar

Mitigating the Spear-Phishing Attack Threat

6
Webinar

Are You At Risk? Know Your Cybersecurity Posture With Security Ratings

1
Blog

Security by Sector: Study Explores Cyber-Threats Impacting the Utility Industry

2
Webinar

#HowTo Improve Security & Efficiency for Your File Transfers

3
Next-Gen

The Rise of the Security Developer

4
News

#ISWUK: Ransomware Remains Top Threat For Present and Future

5
Opinion

Why Understanding the User Experience is Essential to Good Security

6
News

Thoma Bravo to Buy Sophos Group for $3.8bn