Security certification needs to be strengthened

Security certification needs to be strengthened

But changing face of technology makes accreditation difficult to manage, says EU report

A report from the European Network and Information Security Agency (Enisa) on the economics of IT security has found that accreditation schemes for people and products in the European Union (EU) need to be strengthened and extended.

The EU should boost accreditation schemes related to people certification in IT security and encourage the development of skills certification adapted to different profiles, says the report.

Security accreditation is important because it ensures the products and staff that companies use are not going to compromise the business, according to the report.

"The availability of accreditation and certification schemes can contribute to the trustworthiness of electronic products and services by raising the level of security," it says.

"Information about such schemes should be widely disseminated."

A major challenge for all product certifications is a rapidly changing spread of threats – making it difficult to have a concrete set of standards against which products can be tested.

The report recommends that making security certificates mandatory by law would be problematic because changing technology would mean specific certificates quickly become out of date.

But governments could have a role to play by by encouraging the acceptance of certifications with merit within their own workforce.

The EU should also reinforce bridges between education in schools and universities and private training colleges who provide certifications.

Last week the Tories announced that children in schools and colleges would get IT security training if they got into power.