The International Information Systems Security Certification Consortium, (ISC)2, recently announced the release of its new Certification and Accreditation Professional (CAP) credential. The CAP was developed in conjunction with the U.S. Department of State, which has already certified a few dozen of its own employees through the program, and is currently available worldwide alongside all other (ISC)2 credentials.
“The ideal candidate should have experience, knowledge and skills in IT security, information assurance, information risk management, certification and system administration,” Tony Baratta, CISSP-ISSAP, ISSMP, SSCP and director of certification and IT at (ISC)2. “It pretty much runs the gamut of people in the information assurance business.”
The certification and accreditation (C&A) sphere revolves around evaluating information systems and ensuring that they have adequate security to handle the levels of risk in operations. Provisions laid out in the U.S. Federal Information Security Management Act (FISMA) deal specifically with the process used to review the risks and security requirements of these systems. “I think (CAP) was developed more in line with the recognition that the formal process needs to be further formalized by showing that people have this level of competency,” Baratta said. “The ideal way to do that is by exam. Like all exams, this implies a minimum level of competency in a particular area. This ensures that people who hold this credential have that minimum level of competency and understanding and experience within that discipline.”
The collaboration with the State Department was the result of a suggestion that came…
Please log in or subscribe to read this article