Well Singapore is stepping up and now licensing security service providers. A good idea or not?
What is your feelings and thoughts about this?
In the U.S. government licensing of professionals is justified by claiming the license process will have procedures to ensure the confirmed capability and responsibility of the licensed individuals. Think physicians, lawyers, and professional engineers (P.E.). However, in a great many cases, the push for licensing comes from trade organizations that are in reality moves to restrict access to the market, preserving a limite4d competition pool to the benefit of the "professionals" already in the business. ThInk licensing of hair braiders, florists, and interior designers (yes, those are all real). As for licensing of cybersecurity professionals, in one egregious case some years ago, one state in the US decreed that inforshc professionals working in forensic computer analysis had to hold licenses as private investigators. But he PI license was only available to retired law enforcement officers!
In general I am opposed to licensing of cybersecurity workers or companies, due to the abuse of free market entry so prevalent as described above. However, I am fine with establishing clear responsibilities for work int eh field.
@CraginS You make some interesting points, and so that is what happened with the state licensing. I had heard about it when it was going on but don't think I ever heard what happened to it int he end.
It's a hard topic for the reasons you have mentioned and I guess a lot would come down to the exact details behind it. While I can't understand a hair braider or a florist needing to be licensed I can understand a doctor or electrician. But then again at the same time we have people who have come to the US from other countries and even though they did the same work they don't qualify for a license in the US.
When I think of a security license I think of something that would provide repercussions against people cutting corners and not doing their basic due diligence. How many issues happen because of patches not applied or things being misconfigured? But on the other hand and you mentioned what a license should be and what it could be abused to be for are two very different things.
How many issues happen because of patches not applied or things being misconfigured?
Presuming your focus is more on life-safety than economic impact. A few publicly known examples:
Life-safety has long been a huge concern with computer controlled manufacturing equipment. Oftentimes, the "is it safe to start a cycle" decision is complicated enough to require a computer. Defending that computer is an absolute prerequisite to protecting the equipment operator from loss of life or limb.