March 01, 2011
Debate

Debate: A governance body should be created to administer security certifications

FOR

Richard Starnes
president, Information Systems Security Association, Bluegrass chapter

For information security to mature as a discipline, we should explore the possibility of a professional governing body similar to that of doctors, lawyers or accountants. Certification seeks to ensure a basic level of knowledge and experience within a general area or in certain areas of specialty. There is no doubt that, because of certification, we have raised the level of professionalism in this industry over the past 20 years. To be clear, I do not believe that we should have a professional governing body administering all certification tests, though that is one approach raised. We already have several certification bodies that are industry recognized, ANSI-accredited and mature. However, it could be argued, these certifications might benefit from the independent review a professional governing body could provide. Independent review would add legitimacy, consistency and help curb some of the “fly-by-night” certifications that we have seen arise in our industry over the past several years.

 

 

AGAINST

W. Hord Tipton
executive director, (ISC)2

Prior to attempting to fix something, one must first be able to identify what is broken. Relevant to the statement above, I would ask, what problem is establishing a board of examiners attempting to solve? Are existing certifications really the problem of today's federal information security workforce?

The vast majority of industry stakeholders conclude that certifications as they exist today are not the cause of our nation's information security workforce challenges. Certification, standards and government bodies must instead work in collaboration to establish and reinforce a culture of security within federal agencies and to redirect the leadership toward security as a top priority with the goal of increasing funding for cybersecurity staffing, training and education initiatives.

After all, the efforts of all stakeholders to influence change will have a far greater impact than focusing on one narrow technical specialty.

From the March 2011 Issue of SCMagazine »
Similar Articles
Related Topics

More in Features

Behind the scenes: Privacy and data-mining

Behind the scenes: Privacy and data-mining

With data-mining firms harvesting personal information from online activity, privacy advocates, if not yet consumers, are alarmed, reports James Hale.

The great divide: Reforming the CFAA

The great divide: Reforming the CFAA

Aaron Swartz's death inspired Rep. Zoe Lofgren to want to reform the federal anti-hacking law, but some security pros worry this would sterilize a potent enforcement weapon, reports Dan Kaplan.

Suspect everything: Advanced threats in the network

Suspect everything: Advanced threats in the network

Are there ways to catch sophisticated malware that hides in trusted processes and services? Deb Radcliff finds out.