News

4/16/2015
09:53 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

ISACA is First to Combine Skills-based Cybersecurity Training with Performance-based Exams and Certifications to Address Global Cyber Talent Shortage

Rolling Meadows, IL, USA (16 April 2015)—ISACA today introduced a portfolio of new cybersecurity certifications that are the first to combine skills-based training with performance-based exams and certifications. The seven new Cybersecurity Nexus (CSX) certifications help professionals build and evolve their careers in a constantly changing field and help close the skills gap for employers. Global Knowledge, a leading IT and business skills training provider, is ISACA’s first authorized training provider for the CSX portfolio of courses, available in the third quarter of 2015.

The recently released State of Cybersecurity: Implications for 2015 study by ISACA and RSA Conference reveals that 82 percent of organizations expect to experience a cyberattack in 2015, yet more than one in three (35 percent) are unable to fill open cyber security positions. Less than half feel their current security teams are able to detect and respond to complex incidents. In addition, a million cyber security jobs around the world remain unfilled, according to the Cisco 2014 Annual Security Report. This gap between supply and demand is fueling a widespread vulnerability that has seen cyberattacks emerge as a top technology risk in the World Economic Forum’s Global Risks 2015 report.

Through CSX, a single resource for knowledge, tools, guidance and training at every stage in a professional’s career, ISACA is helping build a global cyber security workforce trained to combat advanced cyber threats and is providing a way for organizations to be confident that they are identifying and hiring employees with the right skills.

CSX training and certifications are now offered for skill levels and specialties throughout a professional’s career. ISACA already offers the Certified Information Security Manager (CISM) designation for those at the management level, and the Cybersecurity Fundamentals Certificate for those new to the field. Training is not required prior to taking an exam, but is recommended. The new certifications are:

  • CSX Practitioner—Demonstrates ability to serve as a first responder to a cybersecurity incident following established procedures and defined processes. (1 certification, 3 training courses; prerequisite for CSX Specialist)
  • CSX Specialist—Demonstrates effective skills and deep knowledge in one or more of the five areas based closely on the NIST Cybersecurity Framework: Identify, Detect, Protect, Respond and Recover. (5 certifications, 5 training courses; requires CSX Practitioner)  
  • CSX Expert—Demonstrates ability of a master/expert-level cybersecurity professional who can identify, analyze, respond to, and mitigate complex cybersecurity incidents. (1 certification, 1 training course; no prerequisites required)

All of the new certifications are aligned with globally accepted standards and frameworks, including the NIST Framework for Improving Critical Infrastructure Cybersecurity, NIST SP 800-53 Revision 4, ISO 27000, and the COBIT 5 framework.

“ISACA recognized the need for a different approach to cyber security training and certification because global businesses need more effective ways to identify and hire skilled professionals,” said Robert E Stroud, CGEIT, CRISC, international president of ISACA and vice president of strategy and innovation at CA Technologies. “In today’s threat environment, relying on technical staff who don’t have skills-based training and credentials is like relying on an army that has read a manual about strategy but has never engaged in combat.”

The CSX training and certifications were developed over a two-year period by a working group of global chief information security officers (CISOs) and other cyber security experts and went through a rigorous peer review by more than 100 experts. The innovative course delivery and testing components are the result of a collaboration with the Art of Exploitation® (AoE™) cyber security team of TeleCommunication Systems, Inc. (TCS) (NASDAQ: TSYS), a world leader in cyber security training and enterprise solutions.

Innovative Virtual Cyber Lab

A key feature of CSX’s training and skills verification is an adaptive, performance-based cyber laboratory environment. A professional’s skills and abilities are measured in a virtual setting using real-world cyber security scenarios.

PerformanScore®, a learning and development tool that measures a professional’s ability to perform cyber security job tasks, was specifically developed by TCS’ AoE team to allow trainers to provide exemplary guidance to professionals, based upon the professionals’ problem-solving approaches.  Recognizing that there are multiple ways to respond to cyber security threats, PerformanScore is unique in its ability to measure performance skills across the entire solution set of possibilities. The tool compares a professional’s actions to grading criteria, which is then referenced against an adaptive scoring rubric in real-time, enabling the instructor to provide specific feedback and allowing a professional to better learn and understand more efficient cyber security techniques. ISACA is the first organization to offer PerformanScore.

“The new CSX certifications will provide a benchmark that will help shape the future of cyber security hiring and career progression,” said Eddie Schwartz, CISA, CISM, chair of ISACA’s Cybersecurity Task Force and president and COO of WhiteOps. “Keeping cyber security skills current is a moving target, and by evolving with the industry and the adversaries they are facing, the CSX certifications will help ensure that our teams will have the most valuable and current skills, and organizations will know that candidates have the skills to address cyber security incidents from their first day on the job.”

Availability and CPE

CSX Practitioner training will be available in June 2015, with the exam available in July. Training and exams for the CSX Specialist series and CSX Expert certifications will be available during the second half of 2015. Continued professional education (CPE) will require certification-holders to annually demonstrate skills in a lab or other skills-based environment in addition to participating in knowledge-based learning. Certification-holders are required to re-test every three years at the highest level they have achieved.

More information about the new CSX certifications is available at www.isaca.org/csx-certifications and www.isaca.org/csxnews.

About ISACA

A global association of 140,000 professionals in 180 countries, ISACA® (www.isaca.org) helps business and IT leaders build trust in, and value from, information and information systems. Established in 1969, ISACA is the trusted source of knowledge, standards, networking, and career development for cybersecurity, and IS audit, assurance, risk, privacy and governance professionals. The association has more than 200 chapters worldwide.

Follow ISACA on Twitter:  https://twitter.com/ISACANews

Join ISACA on LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial   

Like ISACA on Facebook: www.facebook.com/ISACAHQ

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7399
PUBLISHED: 2019-02-17
Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms of Use" and Privacy pages.
CVE-2019-8392
PUBLISHED: 2019-02-17
An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to enable Guest Wi-Fi via the SetWLanRadioSettings HNAP API to the web service provided by /bin/goahead.
CVE-2019-8394
PUBLISHED: 2019-02-17
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.
CVE-2019-8395
PUBLISHED: 2019-02-17
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.
CVE-2019-8389
PUBLISHED: 2019-02-17
A file-read vulnerability was identified in the Wi-Fi transfer feature of Musicloud 1.6. By default, the application runs a transfer service on port 8080, accessible by everyone on the same Wi-Fi network. An attacker can send the POST parameters downfiles and cur-folder (with a crafted ../ payload) ...