By Steve Ranger, 6 March 2006 15:25
NEWS
The term 'infosec professional' is almost a contradiction in terms, according to analyst group Gartner, which warns the field of IT security is still finding its feet.
The analyst house said there is little agreement on what constitutes professionalism.
This means hiring decisions are complicated by a lack of consensus on the skills needed and, as a result, many security problems will remain unsolved until specialists pool their knowledge and experience, Gartner said in a briefing note.
The analyst said this all means UK organisations and security experts concerned about problems in staffing and the state of the practice should consider supporting the Institute of Information Security Professionals (IISP). If the group is successful it could become a model for the creation of similar bodies in other countries, Gartner said.
The IISP, formally launched last month, aims to improve the training, certification and supply of staff.
But the analyst added: "It remains to be seen whether there will be enough co-operation and participation to build an institution for the chartering of individuals in this burgeoning field."
Comments
There are 4 comments. Join the discussion
1. Steve
The only way to assess supposed security threats is to get the proof of concept from some haX0r site and try it in a lab environment. Then you figure out a way to stop it happening to you. Firefighting, monitoring these exploits, training the techs, tracking OS updates and setting best practice/policies sounds like a full time job to me. You have to be quite professional , too.
2. Roger Huffadine
CORGI for IT SECurity? - Na leave it out mate. We have enough 'regulation and compulsion' already without another [Gartner sponsored] organisation.
I agree with the oxymoron bit but for other reasons - real security is something that works but nobody - especially Gartner - gets to know what it is or how it works.
3. anonymous
Do you really trust the Gratner Group?
4. anonymous
The idea of a security pro' is a joke for most of the industry
You don't hire a security pro' to work with the cleaners to make sure they remmember to lock the door when their done do you...
You don't hire a security pro' to make sure somebody won't give their mate on the next desk their password.