CISSP certification is evolving

Security Strategies This newsletter is sponsored by AT&T INTRODUCING NETWORK WORLD MOBILE ALERTS Network World news delivered to your phone. Categories include tech business news, security & compliance, servers & data center management, storage & business continuity, and mobility & unified communications. Information when you need it. However you want it. Wherever you are. Sponsored by AT&T -- Your world. Delivered. Sign Up Now! Network World's Security Strategies Newsletter, 08/21/07 CISSP certification is evolving By M. E. Kabay I recently spoke with Ed Zeitler, executive director of the (ISC)2 about recent developments at this important certification body for security professionals. In part one of this two-part series, Zeitler discusses the recent changes in the requirements for the Certified Information Systems Security Professional designation and the recent acceptance of CISSP as an international standard. * Tell us about the recent changes in CISSP certification requirements. There are three basic changes. First, experience goes from four years to five years. Second, in the past, you had to show experience in only one domain of the Common Body of Knowledge (CBK); now you need experience in at least two domains. Finally, the endorsement for applicants to the base certifications (i.e., CISSP, SSCP and CAP) must come from another (ISC)2-certified person who subscribes to the (ISC)2 Code of Ethics. Network World Security Buyer's Guide Find the right security products for your enterprise - fast. From anti-spam to wireless LAN security, our Buyer's Guides have detailed information on hundreds of products in more than 20 categories. With the side-by-side comparison tool you can evaluate product features to make the best decision for your enterprise. Click here to go to the Security Buyer's Guide now. * What led to the changes? We are committed to maintaining the professionalism and integrity of the certification. Our latest global survey of information security professionals (with over 4,000 respondents) who have responsibility for managing and developing security policies showed they have an average of 8.6 years of experience. We regularly revise our CBK and our examinations to keep them rigorous and relevant to the ever-changing threat environment. We do not want to lower the bar to meet increasing demands for certifications; we want the industry to rise up to meet those demands. Management must have confidence in our certifications and we want to ensure that rigor is maintained and recognized. IDC has estimated that there are 1.5 million people in the world doing information security, and we currently have around 50,000 certificate holders. So our certified members are an elite group. * How will the changes help to achieve your goals? We want to keep pace with the complex demands of information security today. To ensure that our certifications remain the gold standard in the industry, additional measures of experience are necessary to prove that candidates clearly demonstrate a thorough understanding of how to implement an effective information security program and manage information security risks. In changing the endorsement requirement so that only an (ISC)2-credential holder can endorse a candidate, we are better assured that the candidate will make the same ethical commitment as his or her endorser. And by vouching for the integrity of the candidate, the endorser is in effect putting his or her own professional reputation on the line. * How did you respond to the recent announcement from the U.S. federal government that all of its Information System Security Officers (ISSO) would have to achieve formal security certification? We have participated in a number of U.S. federal government programs that are aimed at professionalizing the workforce. Our involvement began before my tenure here at (ISC)2 but I am now actively involved. Our long history, the quality of our certifications and the fact they are accredited by the International Organization for Standardization (ISO) are important to the government experts. * Tell us more about the ISO link. The accreditation is managed in the U.S. by ANSI. They put us through a rigorous annual review of all our processes to be sure that we conform to their standards for certification bodies (ANSI/ISO/IEC 17024). For example, none of our (ISC)2 CBK course instructors is permitted to be involved in exam development. And in fact, we don’t refer to our courses as preparatory because they are not designed to teach to a specific exam. We must maintain a strict firewall between our exam and our education operations. More in part 2, when Zeitler discusses the new CISSP concentrations.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. 10 virtualization companies to watch 2. Skype outage continues, business users affected 3. The CD turns 25 and I'm getting old 4. 1.6M records stolen from Monster.com 5. Google/Viacom lawsuit takes hilarious turn 6. Aruba puts the squeeze on Cisco 7. Top 10 'networkiest' eBay oddities 8. Could onshoring become the new offshoring? 9. 10 claims that scare security pros 10. Verizon turns another hose on fire flap MOST E-MAILED STORY: VoIP of the people

Contact the author: M. E. Kabay, Ph.D., CISSP-ISSMP, is Associate Professor of Information Assurance and CTO of the School of Graduate Studies at Norwich University in Northfield, Vt. Mich can be reached by e-mail and his Web site. This newsletter is sponsored by AT&T INTRODUCING NETWORK WORLD MOBILE ALERTS Network World news delivered to your phone. Categories include tech business news, security & compliance, servers & data center management, storage & business continuity, and mobility & unified communications. Information when you need it. However you want it. Wherever you are. Sponsored by AT&T -- Your world. Delivered. Sign Up Now! ARCHIVE Archive of the Security Strategies Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007