Institute is in with a fighting chance

The proposal this month for a proper professional Institute to oversee the development of information security practitioners is testament to the sudden importance of the security industry in both the private and public sectors.

Heavy reliance on the internet for all communications, plus a welter of new regulations on how information is used and managed, have put information security under the spotlight, and revealed the fragility of existing arrangements.

The Institute for Information Security Professionals is the brainchild of a group of individuals from large corporations, government and academia. They hope to bring some order and formality to what has hitherto been a mixture of ad hoc certification schemes.

"We want to make things more organised," said Ross Patel of the British Computer Society, which is involved in the project. "There's a groundswell of support for the idea that a common body of knowledge and support would massively aid the industry."

The institute has already secured funding from the Department of Trade and Industry, and will be inviting organisations and individuals to provide time and money to help the institute get off the ground.

A programme of work for the next few months has been laid out, including the development of professional training and mentoring programmes. The institute hopes to become a standard-bearer and point of reference for information security professionals.

"There is clearly a gap and we're in a position to do something about it," said Fred Piper, chairman and one of the institute's four founders. "But we're still at the wait-and-see stage at the moment. We're now at the point of deciding exactly what form the institute will take."

Piper is well-qualified to chair the programme. The Masters course in computer security he created and ran at Royal Holloway College has a world-wide reputation. And the support he has received from government and industry gives the institute a fighting chance of success.

He is also quick to show support for the existing certification programmes, although long-term it is hard to see how they will operate alongside each other.

"We're not at war with any established qualifications," said Piper. "If you look at our plan there's nothing that jumps out at you or surprises you. Fifteen significant people have put their names to it and others have supported it. Now it's a case of getting it right."

"It's absolutely about time this happened," said Richard Starnes, president of the Information Security Systems Association, who is involved in the project. "If we get this right it can provide a blueprint for the rest of the world."

He added: "We've reached a point now where information security and the regulatory and compliance environment we're in requires exactly this sort of movement."

And the body is already generating much interest. "I'm very pleased how it's going at the moment," said Patel. "The institute will have real clout and profile within the information security world, just look at who's involved already and you know it is going to be a success."