Page Two

By eweek  |  Posted 2002-11-26 Print this article Print

: Readers Respond: Security Cert Provider Cries Foul"> I can only agree with David Foote, president and chief research officer at Foote Partners LLC; (ISC)2 has not been able to adapt to the changing landscape where there is more than a single delivery mechanism for the CISSP training. They should concentrate on key issues such as validating credentials, establishing a network of authorized schools for delivery of training worldwide, looking after the updates and content of the CBK, establishing firm communication with constituents, delivering advisories and tools to help the membership, acting as the lead in development of standards and consensus and a lot of other areas that are not related to the training portion of the certification. It is funny to see CISSPs worldwide subscribe to SANS advisories and newsletters as their number one source of information when there is a membership of 15,000 people ready to help others but that is not considered or asked to help.
In closing, I believe that ISACA is an organization that has as many credentials as (ISC)2. They have made a strong demonstration of their abilities to run a certification with the CISA.
It would be nice if a follow-up to the article could be posted with the other side of the coin. Thanks
Clement Dupuis
It seems unfortunate that we have this kind of debate over certification. The academe (unusually) doesnt seem to have this kind of problem. Both (ISC)2 and ISACA have considerable knowledge and skills in specific areas of computer security, and I doubt that either would feel it sensible to claim that they alone have all the knowledge required for every possible aspect. When reality takes hold, perhaps people will realise that there has to be overlap between the knowledge these bodies require, just as there has to be differences. MBAs study accounting, but not the point of being accountants, although they may become CFOs. The issue is to understand clearly what the body of knowledge represents as value to a business. If you consider that the British Standard (now international ISO/IEC 17799) has, in Britain, a certification standard (Part 2) it may be a useful model in this debate. Organizations accredited to issue certificates must use staff who are adequately qualified, and their work is subject to periodic external review. Either the (ISC)2 or the ISACA qualification could be very sensible indicators of capability, as could certificates from other sources. When work is reviewed it is not the qualification that is being checked, but the conduct of the work. That is, and I trust will remain, paramount. Reviews may well need more than one expert when skill overlaps have to be addressed, and organizations may need more than one kind of person to carry out the certification tasks properly. So please could we have a return to a more rational approach to these matters rather than what might be misunderstood to be nothing more than a turf fight. Kind regards
Steve Mathews
(FIMC and CMC and on the CESG CLAS list)


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel