(ISC)2 to Increase Requirements for CISSP

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

<p><strong>Palm Harbor, Fla. &mdash; May 16</strong><br />The board of directors for (ISC)2, a nonprofit provider of education and certification for information security professionals throughout their careers, has approved new professional experience and endorsement requirements for the Certified Information Systems Security Professional (CISSP) certification. <br /><br />Effective Oct. 1, the minimum experience requirement for certification will be five years of relevant work experience in two or more of the 10 domains of the CISSP CBK, a taxonomy of information security topics recognized by professionals worldwide, or four years of work experience with an applicable college degree or a credential from the (ISC)2-approved list.&nbsp; </p><p>CISSP candidates are required to have four years of work experience or three years of experience with an applicable college degree or a credential from the (ISC)2-approved list in one or more of the 10 domains of the CISSP CBK.<br /><br />Also effective Oct. 1, CISSP candidates will be required to obtain an endorsement of their candidature exclusively from an (ISC)2-certified professional in good standing.&nbsp; </p><p>Candidates can be endorsed by an officer from the candidate&rsquo;s organization if no CISSP endorsement can be obtained.&nbsp; </p><p>The professional endorsing the candidate can hold any (ISC)2 base certification &mdash; CISSP, Systems Security Certified Practitioner (SSCP) or Certification and Accreditation Professional (CAPCM).<br /><br />&ldquo;It is critical that the rigors of our certification process reflect the increasingly complex demands information security professionals face today,&rdquo; said Randy Sanovic, CISSP-ISSAP, ISSMP, (ISC)2 board chairperson.&nbsp; &ldquo;Additional measures of experience and peer endorsement ensure a CISSP has a complete understanding of how to implement an effective information security program and manage information security risks and the ethical commitment to make the right choices along the way.&rdquo;<br /><br />The new work experience requirement will not affect current holders of the CISSP credential or those scheduled to take the CISSP examination on or before Sept. 30. The requirements for all other (ISC)2 certifications remain unchanged.<br /><br />&ldquo;More than any other certification available, the CISSP measures a comprehensive range of experience, knowledge and skills that professionals must have to develop and manage information security programs,&rdquo; said Ed Zeitler, CISSP, executive director of (ISC)2.&nbsp; &ldquo;The credential is the most rigorous in the information security field, measures the highest professional standards and is designed to help organizations worldwide ensure they have qualified information security management.</p><p>&ldquo;With an estimated 1.5 million people working in information security globally, the nearly 50,000 CISSPs remain an elite group of professionals that are leading this industry. (ISC)2 will continue to assess its certification criteria and processes, as well its examinations and educational programs, to ensure that remains the case.&rdquo;<br /><br />In addition to meeting the experience and professional endorsement requirements, CISSP candidates are required to pass an intensive examination on the CISSP CBK and subscribe to the (ISC)2 Code of Ethics.&nbsp; </p><p>Once certified, CISSPs must be recertified every three years by earning continuing professional education (CPE) credits.<br /><br />Considered the &ldquo;gold standard&rdquo; of achievement in the industry, the CISSP was the first information security credential accredited under ANSI/ISO/IEC Standard 17024, a global benchmark for certifying personnel, ensuring competency in different professions.<br /><br />The 10 domains of the CISSP CBK are:</p><ul><li> Information security and risk management</li><li>Access control</li><li>Cryptography</li><li>Physical (environmental) security</li><li>Security architecture and design</li><li>Business continuity (BCP) and disaster-recovery planning (DRP)</li><li>Telecommunications and network security</li><li>Application security</li><li>Operations security</li><li>Legal, regulations, compliance and investigation</li></ul>

Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone


Posted in Archive|