These are listed below:

• Compliance audit
• Information assurance
• Security administration

Organisations have become increasingly dependent upon information systems and networks, and these are valuable business assets that need to be protected. As malicious software and hacking attacks continue to grow, the importance and necessity of effective IT security has become clear.

Effective IT Security means appropriately managing the business risks associated with Information Systems and networks, and there are a number of tools and techniques available to do this.

Typical tools and techniques cover:

• Risk Analysis and Management
• Classification of information and systems to indicate their importance to the organisation (for example assessing the requirements for Confidentiality, Integrity and Availability).
• Business Continuity Planning / Disaster Recovery
• Ethical hacking/ Password auditing
• Security / Audit Reviews
• Cryptography / Encryption Products
• Intrusion Detection/Prevention at both the Host and Network level
• Network monitoring and scanning tools, which report information such as Wireless LAN connections, service pack levels, missing security patches, open shares, open ports, services/applications active on the computer, key registry entries, weak passwords, and more.

Most of the 1000+ Computer Science, Computing or Information Systems / Technology related first degrees offered by UK universities incorporate Security matters. Details of these can be found under the UCAS website www.ucas.ac.uk under the key word of "Computing".

However there are a small number of first degrees which are focused more on Security, including Network Management and Security degrees, and few specifically on Information Security Management / Computer Systems Security. Details of these can be found under the UCAS website under the key word of "Security".

The following Internationally recognised professional certificated qualifications are available:

• The International Information Systems Security Certification Consortium (ISC)2 www.isc2.org offers two exam based qualifications: Certified Information Systems Security Practitioner (CISSP), and Systems Security Certified Practitioner (SSCP).
• The SANS (System Administration, Networking, and Security) institute's Global Information Assurance Certifications (GIAC) www.sans.org or www.giac.org, covers key areas of information security, including security essentials, intrusion detection, incident handling, firewalls and perimeter protection, operating system security, and more.

The Information Systems Audit and Control association (ISACA) offers two exam based qualifications: Certified Information Systems Auditor (CISA) and a Security Management qualification: Certified Information Security Manager (CISM) (introduced in 2003), www.isaca.org, (or www.isaca.org.uk for UK regional information).

The following professional certificated qualifications, offered by UK institutions are also available:

• The BCS ISEB www.iseb.org.uk offers exam based 
• The UK Institute of Internal Auditors, www.iia.org.uk, offers 3 internal audit specific qualifications:
• MIIA the Professional Qualification
• PIIA the Practitioner Qualification and
• QiCA Qualification in Computer Auditing.

There are a small number of specialised IT Security job Sites including:-

• www.acumin.co.uk
• www.barclaysimpson.com

Internationally recognised bodies offering comprehensive information are:

• The International Information Systems Security Certification Consortium (ISC)2 www.isc2.org
• The Information Systems Audit and Control association (ISACA) www.isaca.org
• The SANS institute www.sans.org

The UK and Ireland Professional body for Internal Auditors is:

• The Institute of Internal Auditors , and this offers various Internal Audit related information www.iia.org.uk

The following standards are relevant:

• The British Standards Institute has a comprehensive set of security standards BS7799 parts 1 and 2 that form an information security management system. Part 1, the code of practice, was adopted by ISO in 2000, as an international code of practice, (ISO / IEC 17799.) Available to purchase and download from the BSI at www.bsonline.bsi-global.com
• Standards for IS Control Professionals (as well as Auditors) are available from both ISACA www.isaca.org or (ISC)2 www.isc2.org

The following communities are relevant:

• BCS Information Security Specialist Group
• BCS Information Risk Management and Audit Specialist Group

There are many security books, magazines, and Usenet newsgroups, security related email lists, computer security conferences, and Web pages. Google and Amazon can help locate available material, but some useful computer security links and magazines are given below:

• The SANS Institute www.sans.org security news, research projects, sample policy documents and training courses.
• SearchSecurity.com provides an summary of information security content on the Internet, as well as original featured columns and a security-specific search engine www.Searchsecurity.com.
• SC Magazine, published monthly, and an associated website www.scmagazine.com, features news, reviews and articles on Information Security matters.
• The INFOSYSEC Portal www.infosyssec.org is a comprehensive network and computer security resource for Information Systems Security professionals
• Information Systems Control Journal is published by ISACA. www.isaca.org
• Information Security magazine available on-line at http://infosecuritymag.techtarget.com