S'pore looks to plug security skills hole
SINGAPORE--A local professional body has unveiled a new initiative to fill a "huge gap" and boost the pool of certified IT security professionals in Singapore.
The new Qualified Information Security Professional (QISP) program, jointly developed by the Association of Infocomm Security Professionals (AISP) and National University of Singapore's Institute of Systems Science (ISS), is designed to equip IT professionals with the relevant knowledge and skills to work in Singapore's information security field.
The QISP accreditation was announced at the SecureAsia@Singapore 2010 conference here Monday. The two-day conference is organized by the International Information Systems Security Certification Consortium (ISC)2, which also administers certification programs such as the Certified Information Systems Security Professional (CISSP).
According to AISP's president, Gerard Tan, QISP aims to fill a current void of certified security professionals in the local IT industry.
There are hundreds of thousands of businesses operating in Singapore today, each of which would presumably need an administrator to manage their company's IT security infrastructure, Tan said during a media briefing at the conference. However, only an estimated 1,000 to 2,000 professionals here currently hold security certifications, he said, adding that of this small group, not all currently work in the security field.
"Clearly, there's a huge gap between the [number of] practitioners and those who actually possess any form of formal qualification," he noted.
In addition, those who are not certified typically have expertise in very specific areas such as firewalls or infrastructure security, he said.
QISP, which curriculum and body of knowledge were derived from studying relevant global certifications such as the Certified Information Systems Security Professional (CISSP) or the Certified Information Systems Auditor (CISA), will provide a more broad-based knowledge base, said Tan.
"Security is more than just technical security--it's about governance, it's about broad-based baseline controls across a whole range of areas," he pointed out. "We hope that employers [in Singapore] will recognize that this is a desirable qualification to send their people to for training…and therefore, raise the professionalism, standing and competency of all the people working in this particular line."
Differentiated by local flavor
While Tan stressed the QISP is not meant to replace or compete with global certification such as the CISSP and CISA, he acknowledged that those who already possess such qualifications may not see the need to acquire the QISP accreditation.
However, he noted that the "local flavor" of the QISP which includes Singapore-specific laws and regulations such as the Computer Misuse Act, may still appeal as an additional qualification to CISSP- or CISA-certified individuals.
The AISP expects to certify some 800 participants under the QISP program over the next five years, said Tan. Certified individuals need to possess at least one year's relevant working experience in order to use the QISP title and be eligible for AISP membership. To retain AISP membership, individuals also need to clock 120 hours of "continuing education" within a period of three years, he added.
The QISP course will involve 5.5 days of classroom or workshop-based lessons and 35 e-learning sessions over a period of three months. At the end of the training, participants are required to undergo an examination consisting of a multiple choice segment and questions requiring written responses.
Training and examinations for QISP, which is run twice a year, will be administered by the ISS and its first class will commence in September. The course, which costs about S$6,300 (US$4,588.29), is eligible for up to 90 percent funding under the Singapore Workforce Development Agency's SPUR (Skills Programme for Upgrading and Resilience) initiative.