@dcontesti   So does New Zealand too, which is definitely well back behind the eighth ball.

Regards

Caute_Cautim

"Needs work" is an understatement. I'm a CISSP and a licensed Professional Engineer. I have zero legal liability as the former and extensive legal liability as the latter. Yet the licensing body, Professional Engineers Ontario, doesn't recognize "security engineering" as a real area of practice; I have to write it in when I report what kind of engineering I do.

To a point, I understand. Ontario defines engineering in legislation as “any act of planning, designing, composing, evaluating, advising, reporting, directing or supervising that requires the application of engineering principles and concerns the safeguarding of life, health, property, economic interests, the public welfare or the environment, or the managing of any such act”. We don't have agreed-to definitions of "engineering principles" in Security, and security is not one of the concerns that needs to be safeguarded under the engineering legislation. It is very much a grey area that needs clarification so that security engineers can be held to account.

@jmikesmith    Your points are clear and precise.

If a professional Civil Engineer can be prosecuted due to the collapse of a building built 30 years ago, because it collapsed and killed a number of people during an earthquake e.g. Christchurch TV building.

https://nzhistory.govt.nz/media/photo/ctv-building-collapse

There have been calls for the prosecution of the Civil Engineers responsible for the architecture and building of the entire building.   Yes there needs to be a complete shakeup, as professional information security or cybersecurity practitioners we all have responsibilities or even architects ourselves.

Regards

Caute_Cautim