Another cause for concern is the lack of accountability for when the quality of work is not at the expected level. There is currently no helpful mechanism within the information security industry for individuals or companies to be held accountable for subpar or unfit products or services. Customers taken advantage of by these individuals have little or no recourse apart from an expensive court case to highlight the problems they have experienced and to alert others to prevent them from being victimized, too. An independent body (such as those seen in many other professions) with the ability to withdraw a company’s or an individual’s professional standing could be an option for these companies.
With the increasing interest and awareness by governments on the importance of information security to their national security and economic stability there is a need to ensure the appropriate input and expertise is being brought to bear on policy decisions that impact us all. Input from independent and trusted bodies rather than vested interests, such as lobbyists or large corporations, will become more and more essential.
When we look at the information security field, can we see any entity that can claim to truly represent it? Is there an independent mechanism that those who wish to engage an information security professional can employ to gain some level of confidence that he or she has a base level of expertise, adheres to an agreed set of ethical values, hasn’t a criminal background and can be held accountable for his or her performance?
As far as I can see, the answer is no. So I suggest that it’s time we take a serious look at how we can professionalize our field and examine how we present ourselves to and interact with those outside of the field, be they at corporate or government level.
This will be no easy task. Information security is a niche, but encompasses many areas of specialisation and there is a lot of disparity within the field. There are also many other considerations such as international issues, how to ensure that the solution does not create more problems (for example, by becoming a “closed shop” preventing new entrants into the industry) and how to ensure large firms do not gain a competitive advantage over others.
Still, isn’t finding solutions to hard problems the reason many of us enjoy working in the information security field?
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.