News

4/16/2015
09:53 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

ISACA is First to Combine Skills-based Cybersecurity Training with Performance-based Exams and Certifications to Address Global Cyber Talent Shortage

Rolling Meadows, IL, USA (16 April 2015)—ISACA today introduced a portfolio of new cybersecurity certifications that are the first to combine skills-based training with performance-based exams and certifications. The seven new Cybersecurity Nexus (CSX) certifications help professionals build and evolve their careers in a constantly changing field and help close the skills gap for employers. Global Knowledge, a leading IT and business skills training provider, is ISACA’s first authorized training provider for the CSX portfolio of courses, available in the third quarter of 2015.

The recently released State of Cybersecurity: Implications for 2015 study by ISACA and RSA Conference reveals that 82 percent of organizations expect to experience a cyberattack in 2015, yet more than one in three (35 percent) are unable to fill open cyber security positions. Less than half feel their current security teams are able to detect and respond to complex incidents. In addition, a million cyber security jobs around the world remain unfilled, according to the Cisco 2014 Annual Security Report. This gap between supply and demand is fueling a widespread vulnerability that has seen cyberattacks emerge as a top technology risk in the World Economic Forum’s Global Risks 2015 report.

Through CSX, a single resource for knowledge, tools, guidance and training at every stage in a professional’s career, ISACA is helping build a global cyber security workforce trained to combat advanced cyber threats and is providing a way for organizations to be confident that they are identifying and hiring employees with the right skills.

CSX training and certifications are now offered for skill levels and specialties throughout a professional’s career. ISACA already offers the Certified Information Security Manager (CISM) designation for those at the management level, and the Cybersecurity Fundamentals Certificate for those new to the field. Training is not required prior to taking an exam, but is recommended. The new certifications are:

  • CSX Practitioner—Demonstrates ability to serve as a first responder to a cybersecurity incident following established procedures and defined processes. (1 certification, 3 training courses; prerequisite for CSX Specialist)
  • CSX Specialist—Demonstrates effective skills and deep knowledge in one or more of the five areas based closely on the NIST Cybersecurity Framework: Identify, Detect, Protect, Respond and Recover. (5 certifications, 5 training courses; requires CSX Practitioner)  
  • CSX Expert—Demonstrates ability of a master/expert-level cybersecurity professional who can identify, analyze, respond to, and mitigate complex cybersecurity incidents. (1 certification, 1 training course; no prerequisites required)

All of the new certifications are aligned with globally accepted standards and frameworks, including the NIST Framework for Improving Critical Infrastructure Cybersecurity, NIST SP 800-53 Revision 4, ISO 27000, and the COBIT 5 framework.

“ISACA recognized the need for a different approach to cyber security training and certification because global businesses need more effective ways to identify and hire skilled professionals,” said Robert E Stroud, CGEIT, CRISC, international president of ISACA and vice president of strategy and innovation at CA Technologies. “In today’s threat environment, relying on technical staff who don’t have skills-based training and credentials is like relying on an army that has read a manual about strategy but has never engaged in combat.”

The CSX training and certifications were developed over a two-year period by a working group of global chief information security officers (CISOs) and other cyber security experts and went through a rigorous peer review by more than 100 experts. The innovative course delivery and testing components are the result of a collaboration with the Art of Exploitation® (AoE™) cyber security team of TeleCommunication Systems, Inc. (TCS) (NASDAQ: TSYS), a world leader in cyber security training and enterprise solutions.

Innovative Virtual Cyber Lab

A key feature of CSX’s training and skills verification is an adaptive, performance-based cyber laboratory environment. A professional’s skills and abilities are measured in a virtual setting using real-world cyber security scenarios.

PerformanScore®, a learning and development tool that measures a professional’s ability to perform cyber security job tasks, was specifically developed by TCS’ AoE team to allow trainers to provide exemplary guidance to professionals, based upon the professionals’ problem-solving approaches.  Recognizing that there are multiple ways to respond to cyber security threats, PerformanScore is unique in its ability to measure performance skills across the entire solution set of possibilities. The tool compares a professional’s actions to grading criteria, which is then referenced against an adaptive scoring rubric in real-time, enabling the instructor to provide specific feedback and allowing a professional to better learn and understand more efficient cyber security techniques. ISACA is the first organization to offer PerformanScore.

“The new CSX certifications will provide a benchmark that will help shape the future of cyber security hiring and career progression,” said Eddie Schwartz, CISA, CISM, chair of ISACA’s Cybersecurity Task Force and president and COO of WhiteOps. “Keeping cyber security skills current is a moving target, and by evolving with the industry and the adversaries they are facing, the CSX certifications will help ensure that our teams will have the most valuable and current skills, and organizations will know that candidates have the skills to address cyber security incidents from their first day on the job.”

Availability and CPE

CSX Practitioner training will be available in June 2015, with the exam available in July. Training and exams for the CSX Specialist series and CSX Expert certifications will be available during the second half of 2015. Continued professional education (CPE) will require certification-holders to annually demonstrate skills in a lab or other skills-based environment in addition to participating in knowledge-based learning. Certification-holders are required to re-test every three years at the highest level they have achieved.

More information about the new CSX certifications is available at www.isaca.org/csx-certifications and www.isaca.org/csxnews.

About ISACA

A global association of 140,000 professionals in 180 countries, ISACA® (www.isaca.org) helps business and IT leaders build trust in, and value from, information and information systems. Established in 1969, ISACA is the trusted source of knowledge, standards, networking, and career development for cybersecurity, and IS audit, assurance, risk, privacy and governance professionals. The association has more than 200 chapters worldwide.

Follow ISACA on Twitter:  https://twitter.com/ISACANews

Join ISACA on LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial   

Like ISACA on Facebook: www.facebook.com/ISACAHQ

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer,  10/12/2018
Most IT Security Pros Want to Change Jobs
Dark Reading Staff 10/12/2018
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.
CVE-2018-18375
PUBLISHED: 2018-10-16
goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter.
CVE-2018-18376
PUBLISHED: 2018-10-16
goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter.