One of the world’s leading security qualifications, the CISSP (certified information systems security professional), has become the first in the industry to meet the new ISO/IEC 17024 standard.
The 17204 benchmark was launched last year by the International Standards Organisation as a way of assessing whether qualifications across a range of professions could demonstrate minimum standards.
The CISSP security qualification, awarded by the non-profit industry consortium (ISC)2, is held by 25,000 IT staff - around 1,000 of them working in the UK.
Gaining the certificate rests on passing a six-hour exam that marks candidates on their understanding of broad-based security concepts, and is only open to professionals with at least four-years’ experience.
“Qualifications are important but they’re not the be all and end all. But if I interview someone with a CISSP, I know they have a baseline of knowledge,” said (ISC)2 president John Colley.
He stressed that it was not designed to rival supplier-specific qualifications such as Cisco's CCNP or Microsoft’s MCSE, but instead provide a higher-level equivalent that demonstrated knowledge of a range of systems.
In his view, such qualifications would become more important as security moved to the centre of the IT department, with staff increasingly hired on the basis of their proven security knowledge.
The CISSP was unlikely to become a necessity to get a job security job, he said, but suggested it was establishing itself as necessary for those members of the IT team tasked with hiring other security staff in industries such as banking.
John E Dunn writes for Techworld.com