News Stay informed about the latest enterprise technology news and product updates.

A certified security professional is not a compliance guarantee

Compliance and security consultant and TechTarget contributor Kevin Beaver checked in about the Cybersecurity Act of 2009, aka the kill-switch bill.

He agrees with some other experts I’ve talked to about some key points in the proposed legislation that would mandate that only certified security professionals be allowed to work on critical cyber infrastructure.

  • Licenses and certifications may be OK, but new compliance regulations around security are not needed, considering all of the existing laws.
  • Compliance for compliance sake does not guarantee security.
  • In addition, the increased regulation of security professionals is spreading, with a few unintended consequences. As he wrote in a recent email:

    The same thing is being debated in the computer forensics field right now. Just like any other degree (i.e., M.D.), license (i.e., P.I. [private investigator], cybersecurity wizard, etc.), or certification (i.e., CISSP) — not a single one of them mean you’re all of a sudden going to know your stuff and provide quality services.

    What it’ll end up doing is limiting the amount of professionals in the field. The politicians will then have more “control.” But, the law of unintended consequences has shown time and again that, long term, this will likely serve to create nothing more than a monopoly consisting of substandard security professionals. Everyone suffers.

    Ironically, several government agencies are vying for control of cybersecurity, or rather not to control cybersecurity, as it is too big a job for one agency. By my count, four agencies — the Department of Defense, the National Security Agency, the Department of Homeland Security and the Commerce Department — are in the mix, and now we have the proposed White House cyber office that would be created under the Internet Communications Enhancement Act.

    Start the conversation

    Send me notifications when other members comment.

    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

    Please create a username to comment.

    -ADS BY GOOGLE

    SearchCIO

    SearchHealthIT

    SearchCloudComputing

    SearchDataCenter

    SearchDataManagement

    SearchSecurity

    Close