nCircle Sync Blog

New CISSP Requirements

In a press release yesterday, (ISC)2 announced new, stricter requirements for the CISSP.

* The minimum professional experience requirement for CISSP certification will be five years of relevant work experience in two or more of the 10 domains of the CISSP CBK, or four years of work experience with an applicable college degree or a credential from the (ISC)2-approved list. The current requirements for the CISSP call for four years of work experience in one or more of the 10 domains of the CISSP CBK, or three years of experience with an applicable college degree or a credential from the (ISC)2-approved list.

* Candidates for any (ISC)2 credential will be required to obtain an endorsement of their candidature exclusively from an (ISC)2-certified professional in good standing. The professional endorsing the candidate can hold any (ISC)2 certification - CISSP, SSCP or CAP. Currently, candidates can be endorsed by an officer from the candidate's organization if no CISSP endorsement can be obtained. The board believes that only an (ISC)2-credentialed professional bound by its Code of Ethics should provide a candidate endorsement.

As I recall the requirements were last changed about 4 years ago. Obviously, the board is working to maintain the high level of respect of the CISSP and the other (ISC)2 certifications by increasing the education/experience requirement. In particular, I like the second new endorsement requirement. By having to be endorsed by a CISSP, this means the candidate must actually interact with other people - attend conferences, meetings and shake some hands. Lets face it, people skills aren't always the top rated skills of a security professional. While on the other hand, so many security issues could be more easily alleviated with people skills early on in any process. Not everything has to be fixed by a new policy, network device or software.

--S

Posted by Andrew Storms on May 16, 2007 9:25 AM |

TrackBack

TrackBack URL for this entry:
http://blog.ncircle.com/cgi-bin/mt-tb.cgi/216

Comments (1)

BelchSpeak:

So to be a CISSP you have to be made into a CISSP by another? This is infosec vampirism! Or is it a tactic of the mafia?

"Hey, he's a good guy. He's a friend of ours."

Posted by BelchSpeak | May 16, 2007 11:05 AM

Posted on May 16, 2007 11:05

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Verification (needed to reduce spam):


About

This page contains a single entry from the blog posted on May 16, 2007 9:25 AM.

The previous post in this blog was Gotta Show Some Respect To Microsoft.

The next post in this blog is Does your vendor help or hinder your security methodologies?.

Many more can be found on the main index page or by looking through the archives.



Bio

Blog: Sync
Author: Andrew Storms

As nCircle's Director of Security Operations, Andrew Storms is responsible for the definition and enforcement of the company's security compliance programs as well as overseeing day-to-day operations for the Information Technology department.

Andrew's commentary on IT security issues has appeared in CNBC, Forbes and The New York Times, as well as many other publications. He is a Certified Information Systems Security Professional (CISSP), a member of Infragard and a graduate of the FBI Citizens' Academy. Andrew blogs at blog.ncircle.com/sync


Search

   


Recent Posts

   

Archives

   

Categories