Getty Images/iStockphoto

IISP gains Royal Charter status

The UK finally has its first national professional body for cyber security that will be responsible for setting the standards for skills and knowledge in the industry to reduce the skills gap and increase diversity

The Chartered Institute of Information Security Professionals (CIISP), formerly the Institute of Information Security Professionals (IISP), has achieved Royal Charter status, becoming the only chartered institute focused solely on cyber security.

The move comes almost a year after the former IISP joined a cross-sector alliance set up in response to a government brief to develop a national professional body for cyber security. The alliance was set up following a series of workshops led by the Department for Digital, Culture, Media and Sport, and coincided with the launch of public consultation on the issue.

A Royal Charter is an instrument of incorporation that reflects the high status of the body it is granted to, and is generally seen as a mark of distinction as it is limited to bodies that are pre-eminent in their field and exist to advance the public interest.

With this new status, the institute becomes the authoritative body for the industry and can further its mission of serving cyber security professionals by setting standards for skills recognition and career development.

“As the cyber security industry continues to grow, professionalisation has to be central to its agenda, and the institute’s Chartered status will be a key component driving this forward,” said Alastair MacWillson, chairman of the CIISP.

“The institute has spent over a decade using uniquely developed frameworks to set standards for skills, experience and roles across the profession, and it is hugely encouraging to see these standards and processes validated by Charter incorporation.

“With this new status, we look forward to welcoming new members and to becoming the recognised gold standard for cyber security in the UK.”

Achieving Royal Charter status will empower the CIISP to promote the advancement and dissemination of knowledge across the information security profession, as well as develop high professional standards for practitioners in the UK and globally in the longer term.

The move is also expected to encourage the standardisation of security skills, roles and education by removing complexity and confusion and giving the profession essential guidance in being able to identify and recognise qualified practitioners.

Unlike many other certifications, the institute does not accredit on knowledge alone, but requires professionals to provide evidence that they have successfully performed the required skills in the real world and have a track record of delivering to the highest standards.

Read more about the cyber security skills shortage

“Chartered status will also empower us to support critical efforts towards solving the cyber security skills gap,” said MacWillson. “For instance, the industry needs to put more effort into encouraging a more diverse range of applicants to seek employment in the profession, and work with academia to attract young people to begin careers in the industry.”

Workplace diversity in IT and security has become a key operational concern, as organisations broaden their efforts to encourage diversity and inclusivity amid the impact of the sector’s skills shortage on IT and cyber security recruitment and staff retention, according to advance findings of a study to be published later this month by (ISC)² – the world’s largest non-profit association of certified cyber security professionals.

The blind study of employees in 1,000 organisations in the UK and 250 in the Netherlands reveals that talent acquisition and retention is the leading operational reason why companies have been ramping up their diversity initiatives, according to 32% of respondents. Meanwhile, nearly one in three (29%) said diversity is important to their organisation because the workforce should represent the demographics in society.

“Workplace diversity encompasses multiple factors, including gender, ethnicity, age, origin and much more,” said Deshini Newman, managing director for EMEA at (ISC)².

“While it is important to spotlight changes and improvements in individual areas such as gender diversity, the wider diversity make-up of the IT department, cyber security teams and the organisation as a whole can speak volumes about the realities of inclusiveness, forward-thinking and openness to new ideas and approaches in the workplace.”

Newman said bringing new ideas, experience, alternative thinking and approaches to the table as part of a broad selection of skills, experience and backgrounds can “inspire, motivate and help organisations to find innovative solutions to today’s IT and security concerns”.

Read more on Hackers and cybercrime prevention