Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


09:53 AM
Dark Reading
Dark Reading
Products and Releases

ISACA is First to Combine Skills-based Cybersecurity Training with Performance-based Exams and Certifications to Address Global Cyber Talent Shortage

Rolling Meadows, IL, USA (16 April 2015)—ISACA today introduced a portfolio of new cybersecurity certifications that are the first to combine skills-based training with performance-based exams and certifications. The seven new Cybersecurity Nexus (CSX) certifications help professionals build and evolve their careers in a constantly changing field and help close the skills gap for employers. Global Knowledge, a leading IT and business skills training provider, is ISACA’s first authorized training provider for the CSX portfolio of courses, available in the third quarter of 2015.

The recently released State of Cybersecurity: Implications for 2015 study by ISACA and RSA Conference reveals that 82 percent of organizations expect to experience a cyberattack in 2015, yet more than one in three (35 percent) are unable to fill open cyber security positions. Less than half feel their current security teams are able to detect and respond to complex incidents. In addition, a million cyber security jobs around the world remain unfilled, according to the Cisco 2014 Annual Security Report. This gap between supply and demand is fueling a widespread vulnerability that has seen cyberattacks emerge as a top technology risk in the World Economic Forum’s Global Risks 2015 report.

Through CSX, a single resource for knowledge, tools, guidance and training at every stage in a professional’s career, ISACA is helping build a global cyber security workforce trained to combat advanced cyber threats and is providing a way for organizations to be confident that they are identifying and hiring employees with the right skills.

CSX training and certifications are now offered for skill levels and specialties throughout a professional’s career. ISACA already offers the Certified Information Security Manager (CISM) designation for those at the management level, and the Cybersecurity Fundamentals Certificate for those new to the field. Training is not required prior to taking an exam, but is recommended. The new certifications are:

  • CSX Practitioner—Demonstrates ability to serve as a first responder to a cybersecurity incident following established procedures and defined processes. (1 certification, 3 training courses; prerequisite for CSX Specialist)
  • CSX Specialist—Demonstrates effective skills and deep knowledge in one or more of the five areas based closely on the NIST Cybersecurity Framework: Identify, Detect, Protect, Respond and Recover. (5 certifications, 5 training courses; requires CSX Practitioner)  
  • CSX Expert—Demonstrates ability of a master/expert-level cybersecurity professional who can identify, analyze, respond to, and mitigate complex cybersecurity incidents. (1 certification, 1 training course; no prerequisites required)

All of the new certifications are aligned with globally accepted standards and frameworks, including the NIST Framework for Improving Critical Infrastructure Cybersecurity, NIST SP 800-53 Revision 4, ISO 27000, and the COBIT 5 framework.

“ISACA recognized the need for a different approach to cyber security training and certification because global businesses need more effective ways to identify and hire skilled professionals,” said Robert E Stroud, CGEIT, CRISC, international president of ISACA and vice president of strategy and innovation at CA Technologies. “In today’s threat environment, relying on technical staff who don’t have skills-based training and credentials is like relying on an army that has read a manual about strategy but has never engaged in combat.”

The CSX training and certifications were developed over a two-year period by a working group of global chief information security officers (CISOs) and other cyber security experts and went through a rigorous peer review by more than 100 experts. The innovative course delivery and testing components are the result of a collaboration with the Art of Exploitation® (AoE™) cyber security team of TeleCommunication Systems, Inc. (TCS) (NASDAQ: TSYS), a world leader in cyber security training and enterprise solutions.

Innovative Virtual Cyber Lab

A key feature of CSX’s training and skills verification is an adaptive, performance-based cyber laboratory environment. A professional’s skills and abilities are measured in a virtual setting using real-world cyber security scenarios.

PerformanScore®, a learning and development tool that measures a professional’s ability to perform cyber security job tasks, was specifically developed by TCS’ AoE team to allow trainers to provide exemplary guidance to professionals, based upon the professionals’ problem-solving approaches.  Recognizing that there are multiple ways to respond to cyber security threats, PerformanScore is unique in its ability to measure performance skills across the entire solution set of possibilities. The tool compares a professional’s actions to grading criteria, which is then referenced against an adaptive scoring rubric in real-time, enabling the instructor to provide specific feedback and allowing a professional to better learn and understand more efficient cyber security techniques. ISACA is the first organization to offer PerformanScore.

“The new CSX certifications will provide a benchmark that will help shape the future of cyber security hiring and career progression,” said Eddie Schwartz, CISA, CISM, chair of ISACA’s Cybersecurity Task Force and president and COO of WhiteOps. “Keeping cyber security skills current is a moving target, and by evolving with the industry and the adversaries they are facing, the CSX certifications will help ensure that our teams will have the most valuable and current skills, and organizations will know that candidates have the skills to address cyber security incidents from their first day on the job.”

Availability and CPE

CSX Practitioner training will be available in June 2015, with the exam available in July. Training and exams for the CSX Specialist series and CSX Expert certifications will be available during the second half of 2015. Continued professional education (CPE) will require certification-holders to annually demonstrate skills in a lab or other skills-based environment in addition to participating in knowledge-based learning. Certification-holders are required to re-test every three years at the highest level they have achieved.

More information about the new CSX certifications is available at www.isaca.org/csx-certifications and www.isaca.org/csxnews.


A global association of 140,000 professionals in 180 countries, ISACA® (www.isaca.org) helps business and IT leaders build trust in, and value from, information and information systems. Established in 1969, ISACA is the trusted source of knowledge, standards, networking, and career development for cybersecurity, and IS audit, assurance, risk, privacy and governance professionals. The association has more than 200 chapters worldwide.

Follow ISACA on Twitter:  https://twitter.com/ISACANews

Join ISACA on LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial   

Like ISACA on Facebook: www.facebook.com/ISACAHQ

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Register for Dark Reading Newsletters
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-10-20
** DISPUTED ** The BIOS configuration design on ASUS ROG Zephyrus M GM501GS laptops with BIOS 313 relies on the main battery instead of using a CMOS battery, which reduces the value of a protection mechanism in which booting from a USB device is prohibited. Attackers who have physical laptop access ...
PUBLISHED: 2019-10-19
The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.)
PUBLISHED: 2019-10-19
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.
PUBLISHED: 2019-10-19
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.
PUBLISHED: 2019-10-18
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.