With all of the new certifications entering the information security field there is a lot of fog and confusion for those seeking credentials. Your article was well written, and I am sure it will shed some light to those seeking to find there way through the darkness. For future updates, you may want to include DRII's business continuity/disaster recovery certifications and ISACA's Certified Information Security Manager (CISM).
Thanks for your recent e-mail and for your mention of the CISM -- it's a new one to me and sounds like a worthwhile credential. I see on the ISACA Web site that the exam won't be ready until June, 2003, so my lack of coverage of that credential in the latest survey won't slow anybody down much. Thanks very much for bringing this to my attention.
Likewise, while I was aware of the DRII stuff, I look at that as more orthogonal (or tangential, if you will) to standard infosec certs. I need to think some more on whether I want to mention DRII in the context of out-and-out infosec (and yes, I do recognize that continuity/disaster recovery is one traditional knowledge domain in the general infosec field) certs. Maybe it should go into a sidebar entitled "Related certs" into which I could move CIA, CISA and some of the other tangential/orthogonal certs as well.
Thanks again for the feedback.