Analytics
12/6/2012
07:39 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

(ISC)2 Election Puts New Blood On Its Board Of Directors

The security certification group has faced criticism from its members regarding the CISSP certification

The new year will be bringing some change to the board of directors of the International Information Systems Security Certification Consortium (ISC)2.

The board's recent election has resulted in a mix of old and new blood coming to the board, which come January will include former board member Diana-Lynn Contesti, Hiroshi Yasuda, incumbent board member Corey Schou -- and Dave Lewis, one of agroup of candidates nicknamed the "Four Horsemen" that started petitions to be placed on the ballot and were not endorsed by the board. Of the four, only Lewis garnered enough signatures to be included.

Contesti was also not among the candidates endorsed by the board and got on the ballot after launching a petition for support.

"I was one of those people where I was sitting there going, 'I'm not entirely understanding what the value of the certification is at this point, what am I getting for my annual dues'," Lewis tells Dark Reading.

Not wanting to sit on the sidelines, he decided to run, he says.

(ISC)2 has faced criticism from some its members, particularly in regards to the administration of a certification known as CISSP (Certified Information Systems Security Professional), with some members complaining that the certification is out of touch with the practical realities of the security world. Others have called the organization out regarding issues of transparency.

According to Hord Tipton, executive director of (ISC)2, the CISSP exam has to be constantly updated to reflect changes in technology, threat concerns, and realities such as the boom of mobile devices.

"Each quarter we have workshops that look at the questions ... and each of those are analyzed with respect to success on those questions, the level of difficulty, their relevance, are they current and ... [add] new relevant questions and delete those that become obsolete," Tipton says. "That's an ongoing process of maintaining credentials."

In January, Tipton plans to address some of the issues surrounding testing by bringing a few new ideas before the board for consideration. For example, he says, the fact that tests are now fully computer-based allows the organization to structure questions differently.

"Although the exams currently contain scenario-based questions to test for application of knowledge, additional virtual depictions can test deeper into ones hands on abilities through what we call innovative questions," he explains.

Tipton says there are plans in the works to add new technical credentials and to expand the outreach efforts of the chapters.

"Our chapters will broaden community outreach including security awareness and direct involvement in educational activities in our schools and universities," he says. "Our scholarship program has proved to be very appreciated when awarded to deserving aspiring security professionals and cyber competition winners. These programs will grow with our increasing membership."

Lewis, who works at Advanced Micro Devices and founded Liquidmatrix Security Digest, says there is a disconnect between the organization and some of its members, and that the "shine had gone off the diamond for quite a lot of people."

"I think part of the reason, too, is that the organization as a whole may not have done the best job reaching out to the user base that they could have done, or a very good job of publicizing effectively what programs are going on, and things to that effect," he says.

Though he did not lay out specific plans for any reforms he would push for, Lewis says that part of the reason he was elected was because people want to see some positive change.

"A lot of people voted for me, a lot of people put their trust in me, so I'm going to be on there, and hopefully do a good job for them," he adds.

*This story has been updated.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ASchmuhl371
50%
50%
ASchmuhl371,
User Rank: Apprentice
1/28/2013 | 4:45:04 PM
re: (ISC)2 Election Puts New Blood On Its Board Of Directors
If used in the proper way, it's great. That is, if you took someone with a CISSP and thought "this person has a great foundation in security knowledge" the test would be hugely helpful. The problem is that the security field has made it into this end-all-be-all judge of qualification. It's not.
DarkReadingTim
50%
50%
DarkReadingTim,
User Rank: Strategist
12/12/2012 | 4:00:23 AM
re: (ISC)2 Election Puts New Blood On Its Board Of Directors
Applause to the folks who choose to get involved, rather than just stand on the sidelines and complain. What do you readers think about the CISSP and other security certifications out there?
--Tim Wilson, editor, Dark Reading
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

CVE-2012-1317
Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

CVE-2012-1366
Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

CVE-2012-3062
Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

CVE-2012-3918
Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web