IT giants push certification standard for security professionals

Leading technology companies and the US government have released new certification standards for IT security professionals.

Leading technology companies and the US government have released new certification standards for IT security professionals.

Security+ is intended to provide a method for training and evaluating the abilities of IT professionals, according to the Computing Technology Industry Association (CompTIA).

Organisations participating in the Security+ committee include Microsoft, IBM and Sun Microsystems, as well as leading security companies such as RSA, Entrust and VeriSign.

The US Federal Bureau of Investigation, the US Secret Service and the National Institute of Standards and Technology, along with leading industry trade groups also contributed to the creation of the Security+ certification standards, CompTIA said.

Security+ certification is aimed at professionals with at least two years of networking experience and is intended to create an objective measure companies and organisations can use to assess the training of employees and job applicants.

Peter Sommer, senior research fellow at the Computer Security Research Centre at the London School of Economics, said, "This is a good idea but it is not the first attempt to create this sort of standard."

Security+ had more chance of success than previous efforts because of the strength of the organisations backing it, said Sommer. However, he warned that generic qualifications were not a complete answer.

"When you employ a security professional you need to know that someone is not just generically good," said Sommer, "but specifically good for your environment."

Sommer added that efforts by the British government to create security accreditation for IT professionals had got bogged down.

Individuals seeking Security+ certification will be required to pass an examination covering security concepts ranging from methods of external attack to authentication and access control.

Information professionals will also have to master topics such as cryptography and organisational security concepts.

Hardware and software companies and security associations have indicated that they will use CompTIA's Security+ certification part of their company-specific senior-level security certification programs, according to CompTIA.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.