BBC CISO Helen Rabe says accreditation schemes like ISO 27001 are a costly burden, and have questioned their value to businesses.
The BBC CISO says she is a “consummate cynic” about cybersecurity certifications. Helen Rabe believes schemes like the widely recognised ISO 27001 standard are “time consuming” and “cumbersome” to maintain for tech teams, and could be ripe for reform.
Rabe was speaking as part of a panel at the Infosec Europe conference in London, where she joined Munawar Vallji, CISO at rail ticketing platform Trainline, and Dr Emma Philpott, of advisory group the IASME Consortium for a panel on the future of cybersecurity certifications.
BBC CISO ‘cynical’ about cybersecurity certifications
Cybersecurity certifications are designed to ensure organisations have an appropriate level of security across their teams. The most common certification is the ISO 27001 from the International Organisation of Standards, which was updated last year and is held by more than 30,000 companies.
While these certifications are not a legal requirement, they can be a contractual stipulation for IT buyers, particularly in public sector organisations. Speaking to Tech Monitor last year, Alan Calder, founder and executive chairman of cyber risk and privacy management company IT Governance, said: “The Department of Work and Pensions, for instance, requires organisations it is contracting to have ISO specification.