These are listed below:

• Compliance review
• Information assurance
• Security administration
• Technology audit

Organisations have become increasingly dependent upon information systems and networks, and these are valuable business assets that need to be protected. As the sophistication and number of malicious software and hacking attacks continue to grow, the importance and necessity of effective IT security is becoming clearer.

Effective IT Security means appropriately managing the business risks associated with Information Systems and networks, and there are a number of tools and techniques available to do this.

Typical tools and techniques cover:

• Risk Analysis and Management
• Classification of information and systems to indicate their importance to the organisation (for example assessing the requirements for Confidentiality, Integrity and Availability).
• Business Continuity Planning / Disaster Recovery
• Penetration testing / Password auditing
• Security / Audit Reviews
• Cryptography / Encryption Products
• Intrusion Detection/Prevention at both the Host and Network level
• Network monitoring and scanning tools, which report information such as Wireless LAN security, service pack levels, missing security patches, open shares, open ports, services/applications active on the computer, key registry entries, weak passwords, and more.
  

Most of the 1000+ Computer Science, Computing or Information Systems / Technology related first degrees offered by UK universities incorporate some security content. Details of these can be found under the UCAS website www.ucas.ac.uk under the key word of "Computing".

However there are a small number of first degrees which are focused more on Security, including Network Management and Security degrees, and few specifically on Information Security Management / Computer Systems Security. Details of these can be found under the UCAS website under the key word of "Security".

The following internationally recognised professional qualifications are available:

• The International Information Systems Security Certification Consortium (ISC)2 www.isc2.org offers two exam based qualifications: Certified Information Systems Security Practitioner (CISSP), and Systems Security Certified Practitioner (SSCP).
• The SANS (System Administration, Networking, and Security) Institute's Global Information Assurance Certifications (GIAC) www.sans.org or www.giac.org, covers key areas of information security, including security essentials, intrusion detection, incident handling, firewalls and perimeter protection, operating system security, and more.

The Information Systems Audit and Control Association (ISACA) offers two exam based qualifications: Certified Information Systems Auditor (CISA) and a Security Management qualification: Certified Information Security Manager (CISM), www.isaca.org, (or www.isaca.org.uk for UK regional information).

The Cabinet Office’s www.cabinetoffice.gov.uk Infosec Training Paths and Competencies (ITPC) scheme is available to practitioners working on systems operated by HMG or other public bodies. The ITCP operation will be transferred to the Institute of Information Security Professionals (IISP) with effect from April 2009.

The BCS ISEB www.iseb.org.uk offers exam based qualification in information security management.

There are a small number of specialised IT Security job Sites including:-

• www.acumin.co.uk
• www.barclaysimpson.com

Jobs that require a UK security clearance can be found at www.clearedjobs.co.uk/index.asp.

The BCS www.bcs.org/careers provides information on careers.

Internationally recognised bodies offering comprehensive information are:

• The International Information Systems Security Certification Consortium (ISC)2 www.isc2.org
• The Information Systems Audit and Control association (ISACA) www.isaca.org
• The SANS institute www.sans.org

Other associations and bodies that cater for information security professionals include:

• Association of Security Consultants www.securityconsultants.org.uk
• British Security Industry Association www.bsia.co.uk
• Information Assurance Advisory Council www.iaac.org.uk
• Institute of Information Security Professionals (IISP) www.instisp.org

The following standards are relevant:

• The British Standards Institute has a comprehensive set of security standards BS7799 parts 1 and 2 that form an information security management system. Part 1, the code of practice, was adopted by ISO in 2000, as an international code of practice, (ISO / IEC 17799.) Available to purchase and download from the BSI at www.bsonline.bsi-global.com
• ISO/IEC Standard 27001 Information Security Management Systems Requirements
• Standards for IS Control Professionals (as well as Auditors) are available from both ISACA www.isaca.org or (ISC)2 www.isc2.org

A Code of Conduct www.bcs.org/conduct and a Code of Good Practice www.bcs.org/practice are available from the BCS.

The following communities are relevant:

• BCS Information Security Specialist Group(ISSG)
• BCS Information Risk Management and Assurance Specialist Group  (IRMA)
• The Information Systems Audit and Control Association (ISACA) has a number of local chapters in the United Kingdom offering event and conference information www.isaca.org.uk.

There are many security books, magazines, security related email lists, blogs, computer security conferences, and Web pages. Google and Amazon can help locate available material, but some useful computer security links and magazines are given below:

• The SANS Institute www.sans.org security news, research projects, sample policy documents and training courses.
• SearchSecurity.com provides an summary of information security content on the Internet, as well as original featured columns and a security-specific search engine www.Searchsecurity.com.
• SC Magazine, published monthly, and an associated website www.scmagazine.com, features news, reviews and articles on Information Security matters.
• The INFOSYSEC Portal www.infosyssec.org is a comprehensive network and computer security resource for Information Systems Security professionals
• Information Systems Control Journal is published by ISACA. www.isaca.org
• Information Security magazine available on-line at http://infosecuritymag.techtarget.com

For those involved in projects for HMG, local authorities, or national infrastructure the CESG web site www.cesg.gov.uk/index.shtml is a useful starting point.

The BCS www.bcs.org/publications publishes journals, books and magazines.