Looking back, there were many reasons 2005 could be designated the “Year of the Information Security Professional.” Perhaps it was employers’ demand for expertise in this field, or maybe even IT security pros’ much-vaunted compensation. (The latter is definitely justifiable: CertMag’s 2005 Salary Survey showed that these folks were making an average salary of $92,790, more than any other job role.)
However, the impetus behind the International Information Systems Security Certification Consortium’s (ISC)2’s “Year of the Information Security Professional” (YISP) program came down to awareness. It might be hard for those of us inside the tech industry to believe that IT security pros aren’t recognized for what they do, as we’re often saturated with news about this discipline. However, we weren’t really the target audience for this initiative, said Sarah Bohne, (ISC)2’s director of communications and constituent services.
“The goal behind the YISP program, as we affectionately call it, was to increase awareness outside of the information security industry for the vital work and services that information security professionals provide,” she said. “I think there were several years before 2005 that could have been labeled as such, and probably several years to come could be labeled as such. We chose 2005 because we really felt that there were a lot of economic, political and defense things going on that were going to invoke the services of information security professionals. The level of appreciation for how critical those folks are didn’t match the need, so that was really why we chose last year to put that label on.”
This mission included educating end users about cyber-threats and some of the steps they can take to make their PCs and networks more secure. Another objective was to demonstrate the value of high-quality security professionals and solutions in organizations’ IT environments, Bohne said. “It’s so hard for information security professionals to justify the budget and personnel allocations that they need to executive management and other business units.”
One of the more beneficial results of the program was the construction of a global network of affiliated academic institutions, government agencies and private-sector companies for (ISC)2 that will last long after 2005. “We were able to get endorsements for the initiative from more than 65 organizations worldwide, more than half of which were outside of the U.S.,” Bohne said. “I think that’s one of the most important outgrowths of the program. We’re going to continue to work with them in some capacity.”
Another positive upshot was the promotion of the information security profession through programs such as college scholarships and the YISP Student Excellence Award, which Singapore resident Namasivayam Viswanathan received in December. “One of the goals was to encourage early commitment to the profession and attract new talent to the field,” Bohne said. “That award was one way we were able to do that, as well as draw attention to the field itself.”
In other (ISC)2 news, the American National Standards Institute (ANSI) awarded (ISC)2’s Systems Security Certified Practitioner (SSCP) credential with the ISO/IEC 17024 accreditation. (ISC)2’s Certified Information Systems Security Professional (CISSP) certification has also been accredited. “We’re very excited about this development,” Bohne said. “We are very proud of this fact, because it shows that an independent, globally recognized standards body recognizes that our credentials meet some very strict requirements in terms of fairness and opportunity for the folks we run through our certification program. It also qualifies us under the new Department of Defense mandates to certify all of its information security personnel.”
For more information, see www.isc2.org.