Information Security News mailing list archives
Licensed to Hack
From: InfoSec News <isn () C4I ORG>
Date: Thu, 8 Mar 2001 22:50:48 -0600
http://www.ntsecurity.net/Articles/Index.cfm?ArticleID=20224 Mark Joseph Edwards March 7, 2001 Security is still a red-hot industry, showing no signs of cooling down any time soon. Opportunity abounds for security aficionados to niche themselves into this exploding market space, as witnessed by several new consulting firms that have catapulted themselves into the realm of Fortune 1000 clients. But, as with any hot market, we can expect to find wolves in sheep's clothing hoping to take advantage of someone. If you can't afford well-known and trusted security consultants, who do you hire to assist with your needs? How can you adequately and cost effectively investigate candidates? Some security-related professionals, such as gun-carrying security guards, are required to obtain training and licensing to ensure they're qualified for their jobs. Obviously that's not the case with information security, so screening candidates for security-related work isn't as easy as hiring an armed security guard, whose credentials and capabilities have already been verified to some extent. Would licensing information security professionals be a benefit to society? Some members of British government certainly think so. On December 7, 2000, a bill was introduced to the British House of Lords that proposes that all security consultants receive training and be licensed by the government before performing work for outside entities. Licensees would include anyone who performs security work for a third party. In the case of security consulting businesses, licensees would also include anyone in the company that manages all or part of the company's operations or its employees. According to the bill, the license could cost as much as 36 pounds (about $53 US), and licensees would have to undergo a background check to ensure they don't have a criminal history. One premise behind the bill is to help ensure that unsuitable people don't gain positions of trust in private industry. The other premise is to provide a deterrent in the form of criminal punishment for unlicensed practitioners and those people who hire unlicensed practitioners. The security industry does need better standards for security professionals (not to mention software developers), but I'm not sure how I'd react to such a bill if it were introduced into American government. Perhaps such standards are better left under direct public control, similar to how in America we rely on Underwriter's Labs for product safety and certification testing. Can a similar entity suffice for information security? ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Licensed to Hack InfoSec News (Mar 09)
- <Possible follow-ups>
- Re: Licensed to Hack InfoSec News (Mar 10)