Problem solve Get help with specific problems with your technologies, process and projects.

Ensuring integrity of online cert exams

I see that the SANS security certification exam can be taken at home over the Internet. This is indeed convenient....

However, how does SANS ensure that it is the candidate who is answering the questions and without help from "friends." I want to take this exam but am worried that certification won't be regarded too highly because of this. Your insight on this will be very useful.

The question of "exam integrity" strikes right to the heart of the issue and is a primary motivator for many companies like Microsoft, Novell, Cisco and numerous others who require candidates to take their exams at Prometric or VUE testing centers under supervision, or like other security certifications (CISSP, CCP, etc.) offer their exams in proctored situations only at specific times and locations.

There are several ways to respond to your query:

  • Some exam providers elect to trust candidates and give them the option to "cheat" in unsupervised circumstances. The types of exams delivered in such circumstances, however, tend to be much more difficult and demanding than those given under more controlled circumstances. I believe the idea is to so overload a candidate with material, that unless the candidate is familiar and comfortable with that material, all the help (and extra materials) in the world won't enable them to complete the exam successfully anyway.

  • Nearly every certification program in general, and every security certification program I know of, includes a "Code of Ethics" as part of its requirements for would-be certificants. Item # 1 in the SANS NDA and Code of Ethics reads as follows:

    "1. I understand that the requirements for GIAC certification must be completed in full by me and me alone as the certification candidate. I further understand that all work submitted must be my own, and not developed by or in conjunction with other individuals or GIAC candidates. I declare that all of my work is original, and where I may have referenced the work of others, that work is clearly identified, credited, and used with appropriate permission."

    So, if somebody cheats or works with others, they are in violation of the code. If they get caught, they lose their certification.

    While it's true that not many certification programs work this way, I do not think this approach reflects negatively on the SANS credentials. I have not heard or read about them being questioned on the bases of fairness, accuracy or integrity anywhere in the media or newsgroups that I follow, either.

    If you're interested in SANS certification, don't let this characteristic stop you from pursuing those interests.

    For more information on this topic, visit these other searchSecurity resources:
    Best Web Links: Infosec Training, Careers and Events
    Executive Security Briefing: Revisiting the security certification landscape
    Featured Topic: Security certifications

  • This was last published in February 2002

    Dig Deeper on Information security certifications, training and jobs

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

    Please create a username to comment.