(ISC)2(R) to Increase Requirements for CISSP(R) Credential to Validate Information Security Expertise

(ISC)2 Asia-Pacific
2007-05-15 17:14 582

'Gold Standard' in Information Security Certification Will Require Five Years of Professional Experience to Verify Skills in Increasingly Complex Threat Environment

Hong Kong, May 16 /Xinhua-PRNewswire/ -- (ISC)2(R) ("ISC-squared"), the non-profit global leader in educating and certifying information security professionals throughout their careers, today announced its board of directors has approved new professional experience and endorsement requirements for the Certified Information Systems Security Professional (CISSP(R)) certification.

Effective 1 October 2007, the minimum experience requirement for certification will be five years of relevant work experience in two or more of the 10 domains of the CISSP CBK(R), a taxonomy of information security topics recognized by professionals worldwide, or four years of work experience with an applicable college degree or a credential from the (ISC)2-approved list. Currently, CISSP candidates are required to have four years of work experience or three years of experience with an applicable college degree or a credential from the (ISC)2-approved list, in one or more of the 10 domains of the CISSP CBK.

Also effective 1 October, CISSP candidates will be required to obtain an endorsement of their candidature exclusively from an (ISC)2-certified professional in good standing. Currently, candidates can be endorsed by an officer from the candidate's organization if no CISSP endorsement can be obtained. The professional endorsing the candidate can hold any (ISC)2 base certification -- CISSP, Systems Security Certified Practitioner (SSCP(R)) or Certification and Accreditation Professional (CAP(CM)).

"It is critical that the rigors of our certification process reflect the increasingly complex demands information security professionals face today," said Randy Sanovic, CISSP-ISSAP, ISSMP, (ISC)2 board chairperson. "Additional measures of experience and peer endorsement ensure a CISSP has a complete understanding of how to implement an effective information security program and manage information security risks and the ethical commitment to make the right choices along the way."

The new work experience requirement will not affect current holders of the CISSP credential or those scheduled to take the CISSP examination on or before 30 September 2007. The requirements for all other (ISC)2 certifications remain unchanged.

"More than any other certification available, the CISSP measures a comprehensive range of experience, knowledge and skills that professionals must have to develop and manage information security programs," said Ed Zeitler, CISSP, executive director of (ISC)2. "The credential is the most rigorous in the information security field, measures the highest professional standards and is designed to help organizations worldwide ensure they have qualified information security management."

"With an estimated 1.5 million people working in information security globally, the nearly 50,000 CISSPs remain an elite group of professionals that are leading this industry," Zeitler said. "(ISC)2 will continue to assess its certification criteria and processes, as well its examinations and educational programs, to ensure that remains the case."

In addition to meeting the experience and professional endorsement requirements, CISSP candidates are required to pass an intensive examination on the CISSP CBK(R) and subscribe to the (ISC)2 Code of Ethics. Once certified, CISSPs must be re-certified every three years by earning continuing professional education (CPE) credits.

More information about the CISSP and the new requirements can be found at .

About (ISC)2

The International Information Systems Security Certification Consortium, Inc. (ISC)2(R) is the internationally recognized Gold Standard for certifying information security professionals. Founded in 1989, (ISC)2 has certified over 50,000 information security professionals in 129 countries. Based in Palm Harbor, Florida, USA, with offices in Washington, D.C., London, Hong Kong and Tokyo, (ISC)2 issues the Certified Information Systems Security Professional (CISSP(R)) and related concentrations, Certification and Accreditation Professional (CAP(CM)), and Systems Security Certified Practitioner (SSCP(R)) credentials to those meeting necessary competency requirements. The CISSP, CISSP-ISSEP(R), CISSP-ISSAP(R) and SSCP are among the first information technology credentials to meet the stringent requirements of ANSI/ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel. (ISC)2 also offers a continuing professional education program, a portfolio of education products and services based upon (ISC)2's CBK(R), a taxonomy of information security topics, and is responsible for the annual (ISC)2 Global Information Security Workforce Study. More information is available at .

(C) 2007, (ISC)2 Inc. (ISC)2, CISSP, SSCP, ISSAP, ISSEP and CBK are registered certification marks and CAP is a service mark of (ISC)2, Inc.


Kitty Chung

(ISC)2 Asia-Pacific

Tel: +852-3520-4001


Source: (ISC)2 Asia-Pacific