Governments should look to the maturing international professional community to drive strategy and standards

London, UK - 16th November 2011 - With more and more governments recognising the need for cyber security strategies, (ISC)² (“ISC-squared”), the world’s largest not-for-profit information security professional body and administrators of the CISSP®, urges national governments to recognise the requirement for internationally recognised skills, principals and practices to tackle what is a very sophisticated global threat landscape. With its own research anticipating a doubling of the workforce by 2015, (ISC)² is encouraging policy makers to leverage the collective expertise of the professional community to address skills requirements, as well as their defences. 

Cyber security is rising up as a priority in political arenas, as evidenced by the recent London cyber security conference attended by world leaders from 60 countries; however, the skills and competency requirements do not appear to be high on the international discussion agenda, points out John Colley, CISSP, managing director for EMEA, (ISC)². 

“I believe many countries are examining the capacity and competencies required for national security, but there is a risk of too much focus on national politics rather than a real understanding of what is required.  They should be careful not to work in isolation,” he warns, adding that “nationally focused schemes risk confusion in a landscape that requires an ability to communicate and operate across borders.”

Highlighting these concerns with political and business leaders from the Mediterranean, African and the Arab world at the 4th annual MEDays Forum, Nov 16-19 in Tangiers, Morocco, Colley is calling on all political leaders driving the cyber security agenda to invest in three key areas:

- Engagement with the information security profession – Policymakers should leverage the collective expertise of the profession and facilitate information and knowledge sharing during the cyber security strategy development and competency assessment process to avoid the development of poor policy at a very high cost to the public.

- Skills development for the future – Governments and academics should be looking to resource for the future in terms of workforce, generational instincts and skill requirements. There is, for example, a real gap across the EMEA region with most academic programmes targeting the lucrative working student with graduate MSc programmes. Public investment should encourage career interest and unearth instincts at an earlier stage, while public-private partnerships should support the development of skills that are in demand in the workplace. 

- Public education and awareness – Many governments and organisations have undertaken programmes to create public awareness of the threats and educate all age groups on the safe use of IT and the Internet. This is another area in which there is a growing body of collective international experience and an active professional community that can serve as an essential resource in all countries to meet this need.

Colley, who currently chairs the UK Government Information Assurance Professional Bodies Advisory Group, adds: “The international professional organisations, who have harnessed the collective experience of subject matter experts at the top of their field representing private and public sector organisations alike, put a great deal of effort into establishing the foundations for a common understanding across the globe. They represent a cohesive community that serves as a significant resource to all stakeholders, including policymakers, the academic community, and many other social and publicly focussed organisations.” 

MEDays brings together heads of state, business, as well as international and intergovernmental organisations, and academic experts to debate and develop actionable recommendations on geopolitical, social and economic issues. (ISC)² has over 80,000 certified members in 135 countries.