ISO endorses key security certification

Computerworld - The International Standards Organization last week gave its stamp of approval to the CISSP security certification for IT workers, and a half-dozen security managers said the endorsement should help enhance the certification's legitimacy and acceptance.
They added that boosting CISSP's credibility would be a welcome development at a time when companies are increasingly being asked by their boards of directors and by auditors and regulators to prove that they have done due diligence on all matters related to IT security -- including the hiring of security managers and other IT staffers.
The American National Standards Institute, the U.S. representative to the Geneva-based ISO, announced that the standards bodies are granting certificate accreditation to the Certified Information Systems Security Professional credential. Roy Swift, an ANSI program director, said CISSP is the first IT certification to be accredited under ISO/IEC 17024, a global benchmark for workers in various professions.
The accreditation will hopefully give CISSP a shot in the arm, said Christofer Hoff, director of enterprise security services at Western Corporate Federal Credit Union, a San Dimas, Calif.-based company with $25 billion in assets. "While broadly accepted as a benchmark credential, it's still viewed in some circles as being somewhat soft in the certification process," he added.
In fact, most IT certification programs "are often under fire for being too lenient and not reflecting the actual skills of the person," said Andrew Plato, president of Anitian Corp., a network security consulting firm and systems integrator in Beaverton, Ore. "The ISO accreditation will likely help dispel notions that the CISSP certification is meaningless."
'A Positive Step'
The CISSP credential is awarded by International Information Systems Security Certification Consortium Inc., a nonprofit organization in Vienna, Va., known informally as (ISC)². Although it's just one of several similar certifications, CISSP is considered the most popular. More than 27,000 IT security workers have earned the certification so far, according to (ISC)².
The ISO's accreditation of CISSP should lessen some of the uncertainty that now exists for IT managers because of the competing certification programs, said Kim Milford, information security manager in the IT department at the University of Wisconsin-Madison.

"It's made hiring more confusing at times, as we need to weigh the strengths of different certifications against each other," Milford said. The university now plans to require security professionals to have CISSP credentials in order to qualify for senior positions, she added.
David Stacey, global IT security director at St. Jude Medical Inc. in St. Paul, Minn., already requires a CISSP certificate for any senior security