The CISSP receives international standardization

By Anne Saita, News Director 23 Jun 2004 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

The Certified Information Systems Security Professional just became a more coveted credential today after its governing body announced the CISSP received accreditation under ISO/IEC 17024.

It's the first IT program to earn such accreditation under this personnel-oriented standard from the International Organization for Standardization and the American National Standards Institute, according to James Duffy, executive director of the International Information Systems Security Certification Consortium (ISC)2.

Duffy said the CISSP, which (ISC)2 has administered the past decade, is now closer to becoming the global gold standard in information security. "Educated, qualified and certified information security professionals are the key to protecting the critical infrastructure on which businesses and governments around the world operate," he said in a statement.

They'll know, when there are shops that are ISO 17024, that there's a minimum qualification that's been met with their professionals. Howard Schmidt CISO, eBay

The development also signals that information security ranks are starting to solidify as a true specialty within IT. Practitioners now have a goal to obtain for advancement, and companies can add the credential to hiring criteria, if they chose.

U.S. government leaders like Rep. Adam Putman (R-Fla.), who chairs a prominent House subcommittee on technology, lauded the new accreditation as a way to encourage more federal employees to obtain IT security certification. So far, about 3,500 of the 28,000 holding a CISSP work for Uncle Sam.

The subcommittee's staff director, Bob Dix said at a press conference in Washington, D.C., that the ISO/IEC 17024 inclusion should motivate more security professionals to seek the CISSP, thus strengthening security at both public and private enterprises. "We need … to encourage, incentivize and motivate folks to go in that direction," he said.

To receive certification, a security professional must have at least four years' experience and pass a six-hour exam in 10 areas. Employees must abide by a code of ethics and undergo 120 hours of professional training triennially to maintain the credential.

Former White House cybersecurity czar Howard Schmidt hailed the news as a "major deal" for the federal government, whose national cybersecurity strategy called for such global accreditation. He also said it will be a big boost for enterprise security programs that hire CISSPs -- and those that use their services.

"They'll know, when there are shops that are ISO 17024, that there's a minimum qualification that's been met with their professionals," said Schmidt, who now is in charge of information security for online auction company eBay.

Tags: CISSP Certification,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT CISSP Certification IT security skills and certification pay Despite recession, pay climbs for top IT security certifications Information security book excerpts and reviews Security skills pay increases despite economic downturn How do I get CPE credits? Finding a security management job after an economic downturn What is the GISP certification and how does it compare to the CISSP certification? Security certifications Certification still pays for CISSPs, CISMs CISSP Domain 1 quiz: Security Management Practices CISSP Certification Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Certified Information Systems Security Professional  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary