With the increasing adoption of ISO 27001, the information security management standard, there is a growing demand for professionals with relevant skills and qualifications. According to the UK Government’s 2014 Cyber Security Skills report and various recruitment sites, ISO 27001 qualifications are among the most desirable.
Working knowledge of information security standards like ISO 27001 is an important criterion for a variety of roles, from entry- and mid-level positions, through to highly-paid senior management roles. In the first three months of 2015, www.itjobswatch reported 1,208 ISO 27001 vacancies (up 30% year-on-year), with an average salary of £50,000.
Employers are right to demand relevant skills and qualifications, as a lack of ISO 27001 competence can negatively affect the implementation and successful maintenance of the organisation’s information security management system (ISMS).
Lack of ISO 27001 expertise is a big challenge
IT Governance’s ISO 27001 Global Report 2015 found that appropriate expertise is the second biggest challenge (44%) when implementing ISO 27001, exceeded only by raising staff awareness (45%).
However, 44% of respondents admitted that the person managing their ISMS doesn’t have a formal ISO 27001 ISMS qualification. Despite this lack of relevant training, 28% are not planning to train their ISMS manager, while 35% do not have control over that decision.
The need to invest in professional staff training
Implementing an ISO 27001-compliant ISMS is a complex undertaking that involves the whole organisation. The knowledge and experience of those responsible for the implementation is fundamental both to the success of the project and to the long-term effectiveness of the ISMS.
Moreover, the Standard requires that sufficient resources are available to work on the ISMS and that all employees affected by the ISMS have the proper training, awareness and competency.
Given the rising cyber threats and ISO 27001’s proven track record of improving information security, businesses should be investing more in high-quality cyber security education. Providing staff with the necessary knowledge and skills to manage the company’s ISMS effectively is the best way to tighten cyber security, successfully achieve ISO 27001 certification and get a return on investment.
ISO 27001 training and qualifications – where to start
IT Governance’s ISO 27001 learning pathway will equip you with the knowledge and skills to plan, implement, maintain and audit a best-practice information security management system (ISMS). It provides training courses from Foundation through to Advanced level (available in both classroom and Live Online formats) and offers opportunities to attain industry-standard qualifications awarded by IBITGQ.
 ISO 27001 Global Report 2015 – 96% of respondents say that ISO 27001 plays an important role in improving their company’s cyber security.