1 research outputs found
The Professionalisation of Information Security: Perspectives of UK Practitioners
In response to the increased “cyber” threats to business, the UK and US Governments are
taking steps to develop the training and professional identity of information security
practitioners. The ambition of the UK Government is to drive the creation of a recognised
profession, in order to attract technology graduates and others into the practice of cybersecurity.
Although much has been written by state bodies and industry commentators
alike on this topic, we believe this qualitative study is the first empirical academic work
investigating attitudes to that professionalisation amongst information security workers.
The results are contextualised using concepts from the literature in the fields of professionalisation
and social topics in information security.
Despite the movement to establish professional status for their industry, these practitioners
showed mixed levels of support for further professionalisation, with a distinctly
wary attitude towards full regulation and licensing and an explicit rejection of elitist and
exclusive models of profession. Whereas the UK Government looks to establish “professional”
status in order to attract entrants, such status in itself was seen to be of little import
to those already working in the area. In addition there are significant tensions between
managers embracing business- and human-centred security and those more interested in
the technical practice of executing policy.
While these tensions continue, the results suggest that state attempts artificially to
catalyse the professionalisation process for this group would be precipitate. Historically
such projects have risen from the front line; ambitions to move the industry in that direction
might see more success by identifying and delegating control to a single regulatory
body, founded and respected by the people it aims eventually to regulat