IT Compliance Advisor

May 5 2009   6:03PM GMT

A certified security professional is not a compliance guarantee



Posted by: Scot Petersen
Tags:
certifications
compliance
cybersecurity
DHS
DoD
forensics
ICE
licensing
NSA

Compliance and security consultant and TechTarget contributor Kevin Beaver checked in about the Cybersecurity Act of 2009, aka the kill-switch bill.

He agrees with some other experts I’ve talked to about some key points in the proposed legislation that would mandate that only certified security professionals be allowed to work on critical cyber infrastructure.

  • Licenses and certifications may be OK, but new compliance regulations around security are not needed, considering all of the existing laws.
  • Compliance for compliance sake does not guarantee security.
  • In addition, the increased regulation of security professionals is spreading, with a few unintended consequences. As he wrote in a recent email:

    The same thing is being debated in the computer forensics field right now. Just like any other degree (i.e., M.D.), license (i.e., P.I. [private investigator], cybersecurity wizard, etc.), or certification (i.e., CISSP) — not a single one of them mean you’re all of a sudden going to know your stuff and provide quality services.

    What it’ll end up doing is limiting the amount of professionals in the field. The politicians will then have more “control.” But, the law of unintended consequences has shown time and again that, long term, this will likely serve to create nothing more than a monopoly consisting of substandard security professionals. Everyone suffers.

    Ironically, several government agencies are vying for control of cybersecurity, or rather not to control cybersecurity, as it is too big a job for one agency. By my count, four agencies — the Department of Defense, the National Security Agency, the Department of Homeland Security and the Commerce Department — are in the mix, and now we have the proposed White House cyber office that would be created under the Internet Communications Enhancement Act.

     Comment on this Post

     
    There was an error processing your information. Please try again later.
    Thanks. We'll let you know when a new response is added.
    Send me notifications when other members comment.

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

    Forgot Password

    No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

    Your password has been sent to: