'[ISN] Security certification rules could shake up IT management'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Security certification rules could shake up IT management
From:       InfoSec News <alerts () infosecnews ! org>
Date:       2008-06-26 8:34:25
Message-ID: Pine.LNX.4.61.0806260334160.7893 () conundrum ! infosecnews ! org
[Download RAW message or body]

http://www.gcn.com/online/vol1_no1/46543-1.html

By William Jackson
GCN.com
06/25/08 

Requirements for professional security certification for information 
technology workers in civilian agencies, now being readied by the Office 
of Management and Budget, would have a major impact on how government 
and industry recruit, train and manage their IT staffs, a security 
expert said Wednesday.

"They are going to affect every one of us in the field," contractors and 
government employees, said George Datesman, a senior manager at Noblis 
Inc., a nonprofit high-tech consultant.

Datesman - who holds a master.s degree in criminology and has 30 years 
experience in law enforcement including a stint with the Justice 
Department - said at a Digital Government Institute conference on 
cybersecurity that OMB is finalizing minimum requirements for 
professional certification. He had no time frame for their release.

As IT security has become professionalized, a number of certifications 
have achieved general recognition industrywide, including a suite from 
the International Information Systems Security Certification Consortium 
(ISC2). ISC2 maintains and administers examinations for:

    * CISSP: Certified Information Systems Security Professional.
    * ISSEP: Information Systems Security Engineering Professional.
    * ISSAP: Information Systems Security Architecture Professional.
    * SSCP: Systems Security Certified Practitioner.

Organizations awarding certifications would have to be accredited to 
meet a federal mandate. Datesman likened situation to the 
law-enforcement field, which still is sorting out how to fully implement 
requirements for increased professional training and education 30 years 
after the movement began. Not only would there be new hiring 
requirements, there also could be increased responsibility and legal 
liability for workers and their employers.

"This is a change we have not faced in the IT security industry before," 
he added.

[...]


_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic