John Colley (Global) - Governments Should Look to the International Professional Community to Drive a Broad Cyber Security Agenda

Cyber security is rising as a priority for governments internationally. Having recently participated in the 4th annual MEDays event in Tangiers, Morocco - attended by political and business leaders from the Mediterranean, African and Arab countries - I am encouraged to find recognition that cyber security requires global action to tackle today’s sophisticated global threat landscape. However discussions at this level tend to focus on two issues: cyber-crime and cyber terrorism with the spotlight firmly on the need to shore up defenses. The discussion needs to be much broader.

This conference focused on improving development in the Mediterranean South but the agenda reflected that of many international conferences: covering common issues of economic, social and political relevance. Leading economies and small countries alike are almost unanimously looking to a digital future in development efforts across these areas, and the security of that future will be a key success factor.

Political leaders should be driving a broad cyber security agenda that reflects an understanding of what is required to secure a healthy, digitally- enabled society. In doing so, they should build upon experience that exists in different parts of the world to ensure the most current advantage and create an internationally recognized, cohesive approach to the issues. This exercise has already been well initiated by the international information security professional organizations, making them an obvious first port of call in any strategic effort to address cyber security.

Unlike most recognized professions, for example medical or accountancy practice, information security has developed in an era of globalization built on accessible international communication and trade. Today many of the more established professions are making the effort to harmonize, share experience and ease the transferability of skills. The opposite is true in the practice of information security, which has been established on the foundations for a common understanding of cyber security-related issues across the globe. The result is a wealth of experience that policy makers can leverage within an increasingly organized and cohesive, international community.

Furthermore, it is a community keen to engage with and give back to society in recognition of the common goals of assuring a strong information security agenda. Professionals and their supporting membership bodies quite literally represent a globally savvy  army that  are organizing their efforts to serve as a significant resource to many stakeholders, including policymakers, the academic community, social organizations and the public at large across geographies. This is occurring at both a local, national and international level with the development of chapter initiatives and international programs looking at a broad set of issues from the skills gap to the threat landscape and general awareness, as well as cyber-crime and cyber-warfare.

The opportunity for engagement is varied. Policymakers can access knowledge sharing through the development of think tanks, online forums, conferences and workshops. They can access the collective knowledgebase to conduct both qualitative and quantitative research projects, and they can also work with this community to endorse and support the implementation of public initiative. The overarching benefit to all is the assurance of real-world input in the formulation and testing of the policies and programs developed – prior to roll out and investment. All too often political expediency leads to poorly conceived policy or regulatory efforts at great cost to the public purse and to the advancement of a nation’s security strategy.

If this engagement is to be effective, however, the opportunity must to be there to wield power and directly influence government. Often, policy makers set up alliances with industries’ professional bodies as part of their consultative process, for sector representation and information gathering, but in reality these alliances have no authority to influence decision making, making the whole process an unproductive exercise.

As cyber security rises up as a priority in political arenas, I encourage political leaders and policy makers alike to embrace the breadth of perspective and effort that is at their disposal with the existence of an internationally organized information security profession. It is the best mitigation against the risk of too much focus on national politics rather than a real understanding of what is required.

This article is the first in a series of three articles by John Colley, CISSP, Managing Director, (ISC)2 EMEA. (ISC)2 is the largest membership body of information security professionals, with 80,000 certified members worldwide, and the administrator of the CISSP®.


« David Blakey (South Africa): The Economics of Free Open Source Software


Ram Dixit (India): TV Apps as Potential Marketing Tools »


Do you think your smartphone is making you a workaholic?