Maintaining Certification Value
Businesses, governments and consumers all want the ability to access information, communicate and execute transactions at Internet speed with the assurance of real-world security. As connectivity and convenience advance, so do the threats to ensuring privacy and security. Qualified, certified information security professionals are the key to establishing and maintaining the stability and security of complex networked information systems.
In recognition of the need for trained professionals, private industry and government agencies around the world are requiring information security certification. Obtaining certification is a significant accomplishment; however, during the course of their careers, information security professionals are faced with constantly changing legislative requirements, business practices and generally accepted security standards. In order to manage and deploy an effective program, information security professionals must continually receive updates on industry best practices.
Qualifications of the professionals building and managing the technology, as well as their ability to stay up-to-date with issues and threats, are crucial to an effective IT security policy. Tried and trusted security practices must be implemented throughout the organization and must be understood and supported by every employee. Information security professionals are members of an experienced group who openly share their experiences, ideas, tools and knowledge so that all can benefit.
Maintaining certification value in the rapidly changing environment of information security requires professionals to complete a recertification process based on a standardized system. For example, the International Information Systems Security Certification Consortium (ISC)2 requires holders of the Certified Information Systems Security Professional (CISSP) to earn 120 continuing professional education credits every three years. Recertification is required for information security professionals to maintain their CISSP title.
Seminars, conferences, newsletters, journals, magazines, books and online forums are some of the ways and means through which information security professionals share knowledge and gain insight into the latest tools, technologies, policies and procedures for protecting information assets. The Internet continues to drive the demand for information security professionals globally. Information security certification value is maintained through the enhancement of internationally recognized best practices that improve the skills and qualifications of the professionals who promote and ensure trust in the networked economy.
As the information security field continues to grow in size and complexity worldwide, additional certifications are developed that validate in-depth, specialized knowledge and expertise in selected areas. Additional areas of specialization for information security certification have also been created in response to new regulations and legislation, such as the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley (GLB) Act.
HIPAA includes provisions that require new safeguards to protect the security and confidentiality of individual health information, and GLB requires full compliance with provisions that safeguard the integrity, confidentiality and availability of non-public customer data. Compliance with the Sarbanes-Oxley bill and the Patriot Act are also creating the need for specially designed information security credential and training programs.
As marketplace, geopolitical and professional demands evolve, information security certifications must continue to expand and improve in response to those demands. Maintaining certification value for information security professionals is not simply a matter of ensuring professional development and career advancement, but is critical to ensuring that relationships in the networked world are conducted in a trusted environment.
Dow A. Williamson, CISSP, director of communications for (ISC)2, has held executive marketing positions with Trusted Computer Solutions, a cybersecurity software provider, Sun Microsystems and RSA Security. He also spent 12 years in the Department of Defense in various information-assurance-related assignments, including the DoD Multilevel Security Program Office and the U.S. Strategic Command.