The launch of the Institute of Information Security Professionals (IISP) at the end of February was attended by the great and good of the IT security profession. Well, actually, it’s not really a profession is it? That’s what the IISP is hoping to achieve. Anyway, there is always an element of the self-congratulatory at this sort of event, but the aims of the new organisation certainly seem laudable. The mutual back-slapping was kept to a minimum, and there appears to be a pressing need for a central body to galvanise IT security practitioners, to encourage more high-flyers to take up the role and to drive up standards.

It’s the journalist’s prerogative be cynical, so I’ve got to say it’s still a case of wait and see on this one – the ISSP may well struggle to make an impression in an already overcrowded throng of self-appointed IT bodies, unless it begins to add real value for its members.

A few weeks later I sat around a table with representatives from the IISP, the International Information Systems Security Certification Consortium (ISC2), IT recruitment agencies and, most interestingly, some MSc infosecurity students. Some of these bright young things had obviously not been to diplomacy school, but delivered some harsh lessons that I hope all the many, many IT organisations and associations will take to heart. One said he’d chucked in his British Computer Society membership because he expects more than a quarterly magazine for his fee. Another suggested that the large number of certifications currently on offer makes it very confusing for the IT security worker trying to decide which qualifications he or she needs for a particular job. Keep up the good work lads.

Something that hasn't been widely reported, though, is the potential benefits that the ISSP could bring in law enforcement. Tony Neate of the Serious Organised Crime Agency (Soca) made a convincing case for the ISSP, highlighting that every other profession, including law, accountancy and medicine, has an official body to which the police can turn when they need independent expert witnesses or help with ongoing investigations.

Neate’s point is no doubt very true, but the number of successful prosecutions for IT-related crime is much more likely to be raised by proposed changes in the Computer Misuse Act (CMA) and stronger international co-operation.