IT departments looking to hire new staff will be interested to learn that one of the worlds leading security qualifications, the CISSP (certified information systems security professional), has become the first in the industry to meet the new ISO/IEC 17024 standard.
The 17204 benchmark was launched last year by the International Standards Organisation as a way of assessing whether qualifications across a range of professions could demonstrate minimum standards.
Despite its drab name, it is a good example of the way in which professional qualifications and those affecting IT and security in particular are increasingly coming under international scrutiny.
The CISSP security qualification, awarded by the not-for-profit industry consortium (ISC)2, is held by 25,000 IT staff globally, with around 1,000 of these currently working in the UK.
Passing the test requires taking an six-hour exam that marks candidates on their understanding of broad-based security concepts, and is only open to professionals with at least 4-years experience.
Qualifications are important but theyre not the be all and end all. But if I interview someone with a CISSP, I know they have a baseline of knowledge, said (ISC)2 president John Colley.
He stressed that it was not designed to rival vendor-specific qualifications such as Ciscos CCNP or Microsofts MCSE, but instead provide a higher-level equivalent that demonstrated knowledge of a range of systems.
In his view, such qualifications would become more important as security moved to the centre of the IT department and with staff increasingly hired on the basis of their proven security knowledge.
The CISSP was unlikely to become a necessity in order to get a job security job, but he suggested it was establishing itself as necessary for those members of the IT team tasked with hiring other security staff in industries such as banking.