Industry experts have welcomed the recent launch of the UK-based Institute of Information Security Professionals (IISP) which aims to improve the training, certification and supply of staff in this field.

Analyst firm Gartner said that, if the initiative is successful, it may spur other countries to set up similar institutes.

The UK's initiative to form a professional development organisation was taken by information security leaders from business, government and academia.

The body will address two principal concerns: demand for information security expertise increasingly exceeding supply; and managers lacking a way to provide assurance about a job candidate's abilities.

Gartner research vice president Jay Heiser said: "The term 'infosec professional' is almost a contradiction in terms.

"The field has grown organically and it remains ad hoc, with little agreement on what constitutes professionalism. Hiring decisions are complicated by a lack of agreement on the necessary abilities.

"However, it is agreed that industry and government cannot find enough qualified people, and this shortfall in security skills is exacerbated by a shortage of best practices.

"Many security problems are still unsolved, and will remain so until specialists pool their knowledge and experience."

However, Heiser warned that "it remains to be seen" whether there will be enough cooperation and participation to build an institution for the chartering of individuals in this burgeoning field.

The analyst believes that the organisation can only succeed if the market demands that the IISP becomes the authoritative professional development and standards-setting body.

Gartner advised UK firms and security practitioners concerned about problems in staffing to consider supporting the IISP through membership and participation in its programmes.

Those outside the UK should monitor the progress of the IISP, according to Heiser. If it does prove its usefulness, it will provide a model for the creation of similar bodies in other countries.