New CISSP concentrations

* News from the (ISC)2, Part 2

I recently spoke with Ed Zeitler, executive director of the (ISC)2 about recent developments at the certification body for security professionals. In part two of a two-part series, Zeitler discusses the new Certified Information Systems Security Professional (CISSP) concentrations and integration of the CISSP into university programs.

* You recently introduced three Information Systems Security Professional (ISSxP) concentrations for CISSP holders - the Architecture (ISSAP), Engineering (ISSEP) and Management (ISSMP) certifications. What was the motivation for introducing those?

The Engineering Professional concentration (CISSP-ISSEP) was developed in conjunction with the U.S. National Security Agency (NSA). They specifically wanted their people to have demonstrated expertise in engineering criteria and so they worked with (ISC)2 to establish the domain characteristics, which has worked out well.

Another example of cooperation was the ISSJP - Japanese Professional - launched in April 2007 and available only in Japanese. This program was a response to specific needs expressed by Japanese industry. The development process took about a year and a half.

The Information Systems Security Management Professional (CISSP-ISSMP) is designed for the advanced information security manager. It reflects a deeper management emphasis and understanding built on the broad-based knowledge of the CISSP Common Body of Knowledge (CBK) domains. The concentration is designed for information security/assurance/risk management professionals who focus on enterprise-wide risk management.

Information Systems Security Architecture Professional (CISSP-ISSAP) is the only credential for the advanced security architecture professional who focuses on high-level security for enterprise-wide systems and infrastructure.

* Are the CISSP and its concentrations available in other languages beyond English?

Yes! The CISSP exam is available in six languages: English, German, Spanish, French, Korean, and Japanese.

* How are the concentrations doing in the marketplace?

We’re too early in the product cycle to know yet. More than 1,700 concentration credentials have already been issued even though we haven’t put a lot of emphasis on them yet.

* (ISC)2 runs CBK review courses. How are those courses going?

The program is going very well. There are many courses. We don’t publish the pass rates of people taking the exams nor of those taking our courses and then the exams. While (ISC)2 is a non-profit, our education arm is the IT Professional Group (ITPG) and they provide our official educational program. We offer six-day, five-day, and one- and two-day courses (the latter by request). We also supply self-paced eLearning and instructor-assisted eLearning education as well as CBK texts and self-assessment exams. Our courses have garnered the _SC Magazine_ award for best security training program two years running.

* What do you think of the integration of the CISSP exam into university programs?

We think it’s great. There are several universities who sponsor CISSP exams at the completion of their courses and these are typically open to the public. We have created an Associate of (ISC)2 designation for people who have passed the examination but do not yet have the experience to qualify for the CISSP.

[MK notes: Norwich University’s BSCSIA program is seriously considering having our students take the Associate’s exam at the end of their studies as part of our university accreditation process. The MSIA program sponsors examinations by the (ISC)2 every June during its residency week for graduating students and anyone else who wants to register.]

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:
Now read: Getting grounded in IoT