http://www.gcn.com/online/vol1_no1/46543-1.html
By William Jackson
GCN.com
06/25/08
Requirements for professional security certification for information
technology workers in civilian agencies, now being readied by the Office
of Management and Budget, would have a major impact on how government
and industry recruit, train and manage their IT staffs, a security
expert said Wednesday.
"They are going to affect every one of us in the field," contractors and
government employees, said George Datesman, a senior manager at Noblis
Inc., a nonprofit high-tech consultant.
Datesman - who holds a master.s degree in criminology and has 30 years
experience in law enforcement including a stint with the Justice
Department - said at a Digital Government Institute conference on
cybersecurity that OMB is finalizing minimum requirements for
professional certification. He had no time frame for their release.
As IT security has become professionalized, a number of certifications
have achieved general recognition industrywide, including a suite from
the International Information Systems Security Certification Consortium
(ISC2). ISC2 maintains and administers examinations for:
* CISSP: Certified Information Systems Security Professional.
* ISSEP: Information Systems Security Engineering Professional.
* ISSAP: Information Systems Security Architecture Professional.
* SSCP: Systems Security Certified Practitioner.
Organizations awarding certifications would have to be accredited to
meet a federal mandate. Datesman likened situation to the
law-enforcement field, which still is sorting out how to fully implement
requirements for increased professional training and education 30 years
after the movement began. Not only would there be new hiring
requirements, there also could be increased responsibility and legal
liability for workers and their employers.
"This is a change we have not faced in the IT security industry before,"
he added.
[...]
Received on Thu Jun 26 03:34:25 2008