One of the world’s leading security qualifications, the
CISSP (certified information systems security professional), has
become the first in the industry to meet the new ISO/IEC 17024
standard.
The 17204 benchmark was launched last year by the International
Standards Organisation as a way of assessing whether qualifications
across a range of professions could demonstrate minimum
standards.
The CISSP security qualification, awarded by the non-profit
industry consortium (ISC)2, is held by 25,000 IT staff - around
1,000 of them working in the UK.
Gaining the certificate rests on passing a six-hour exam that
marks candidates on their understanding of broad-based security
concepts, and is only open to professionals with at least
four-years’ experience.
“Qualifications are important but they’re not the be all and end
all. But if I interview someone with a CISSP, I know they have a
baseline of knowledge,” said (ISC)2 president John Colley.
He stressed that it was not designed to rival supplier-specific
qualifications such as Cisco's CCNP or Microsoft’s MCSE, but
instead provide a higher-level equivalent that demonstrated
knowledge of a range of systems.
In his view, such qualifications would become more important as
security moved to the centre of the IT department, with staff
increasingly hired on the basis of their proven security
knowledge.
The CISSP was unlikely to become a necessity to get a job
security job, he said, but suggested it was establishing itself as
necessary for those members of the IT team tasked with hiring other
security staff in industries such as banking.
John E Dunn writes for Techworld.com