There have been claims made against the IT security sector that the industry is experiencing issues due to inadequate regulation.
The SecureData Europe professional services director, Etienne Greeff, commented that companies taking the ‘trust me, I’m a doctor’ attitude to their customers when dealing with personal data may find that no longer pacifies their concerns in this era of cyber attacks and IT security risk. He also claimed that only few companies have achieved the ISO 27001 certification that SecureData accomplished recently.
Greeff went on to say the:
‘industry is totally under-regulated’
whereas there is a trade body in existence in the physical security sector for example which independently regulates companies to ensure they meet certain standards. However for those in cyber security jobs, there are no regulations on how personal information is used.
Greeff added that organisations attempt to self-regulate and hope that customers will place their trust in these businesses to handle their data in the right way. He continued:
“IT security is a matter of national interest and infrastructure and it is appropriate that IT systems are important to the national interest and that there are moves to do more and more. The next threat to the UK will be cyber so we need to work with GCHQ, but for the short term we need to start thinking about how organisations protect themselves and the best way to do that is to make security a base standard at a national level.”
If Greeff’s recommendations are heard then more businesses will opt for ISO 27001 accreditation and ensure those applying for information security vacancies are well qualified.