Security certification rules could shake up IT management

Security certification rules could shake up IT management
Security certification rules could shake up IT management 

By William Jackson

Requirements for professional security certification for information 
technology workers in civilian agencies, now being readied by the Office 
of Management and Budget, would have a major impact on how government 
and industry recruit, train and manage their IT staffs, a security 
expert said Wednesday.

"They are going to affect every one of us in the field," contractors and 
government employees, said George Datesman, a senior manager at Noblis 
Inc., a nonprofit high-tech consultant.

Datesman - who holds a master.s degree in criminology and has 30 years 
experience in law enforcement including a stint with the Justice 
Department - said at a Digital Government Institute conference on 
cybersecurity that OMB is finalizing minimum requirements for 
professional certification. He had no time frame for their release.

As IT security has become professionalized, a number of certifications 
have achieved general recognition industrywide, including a suite from 
the International Information Systems Security Certification Consortium 
(ISC2). ISC2 maintains and administers examinations for:

    * CISSP: Certified Information Systems Security Professional.
    * ISSEP: Information Systems Security Engineering Professional.
    * ISSAP: Information Systems Security Architecture Professional.
    * SSCP: Systems Security Certified Practitioner.

Organizations awarding certifications would have to be accredited to 
meet a federal mandate. Datesman likened situation to the 
law-enforcement field, which still is sorting out how to fully implement 
requirements for increased professional training and education 30 years 
after the movement began. Not only would there be new hiring 
requirements, there also could be increased responsibility and legal 
liability for workers and their employers.

"This is a change we have not faced in the IT security industry before," 
he added.


Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. 

Site design & layout copyright © 1986-2014 CodeGods