Licencing of IT security consultants revisited
Q G Campbell
Q.G.Campbell at newcastle.ac.uk
Thu, 10 May 2001 10:12:13 +0100
Where do we now stand on the licencing of IT security consultants and
practitioners given that the Home Secretary has refused to exempt them
explicitly from the Private Security Industry Bill?
I was wondering about how such vetting and approval might be carried out
but it appears that CESG already operates an accreditation service for
companies who carry out security reviews of other organisations' IT
systems.
Could it be that Straw has it in mind to make it compulsory for all IT
security consultants to be accredited by CESG before they can work in
this field? If so, how might this affect academic research, practice and
publication in this area?
Would the exemptions from the DPA granted by the Home Secretary to GCHQ
to cover its vetting procedures mean that CESG could simply refuse to
grant you a licence without proper explanation or redress, even in the
courts?
In an area that cries out for transparency, the situation seems to be
getting murkier.
=20
Quentin
--
PHONE: +44 191 222 8209 Computing Service, University of Newcastle
FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU.
------------------------------------------------------------------------
"Any opinions expressed above are mine. The University can get its own."