The question of "exam integrity" strikes right to the heart of the issue and is a primary motivator for many companies like Microsoft, Novell, Cisco and numerous others who require candidates to take their exams at Prometric or VUE testing centers under supervision, or like other security certifications (CISSP, CCP, etc.) offer their exams in proctored situations only at specific times and locations.
There are several ways to respond to your query:
"1. I understand that the requirements for GIAC certification must be completed in full by me and me alone as the certification candidate. I further understand that all work submitted must be my own, and not developed by or in conjunction with other individuals or GIAC candidates. I declare that all of my work is original, and where I may have referenced the work of others, that work is clearly identified, credited, and used with appropriate permission."
So, if somebody cheats or works with others, they are in violation of the code. If they get caught, they lose their certification.
While it's true that not many certification programs work this way, I do not think this approach reflects negatively on the SANS credentials. I have not heard or read about them being questioned on the bases of fairness, accuracy or integrity anywhere in the media or newsgroups that I follow, either.
If you're interested in SANS certification, don't let this characteristic stop you from pursuing those interests.
For more information on this topic, visit these other searchSecurity resources:
Best Web Links: Infosec Training, Careers and Events
Executive Security Briefing: Revisiting the security certification landscape
Featured Topic: Security certifications
This was first published in February 2002