Industry, govt. group issues security standards

[InfoSec News <isn () c4i org>]

http://www.nwfusion.com/news/2002/1203govsec.html

By Paul Roberts
IDG News Service
12/03/02

A group made up of representatives of the U.S. government and leading
technology companies has released new certification standards for
security professionals, according to a statement released Monday by
the Computing Technology Industry Association (CompTIA).

The new certification, known as Security+, is intended to provide a
standard method for training and evaluating the abilities of IT
professionals.

Among the organizations that participated in the Security+ committee
are major software and hardware vendors such as Microsoft, IBM, and
Sun, as well as leading security companies such as RSA Security,
Entrust and VeriSign.

The FBI, U.S. Secret Service and National Institute of Standards and
Technology along with leading industry trade groups also contributed
to the creation of the Security+ certification standards, CompTIA
said.

Security+ certification is targeted at professionals with at least two
years of computer networking experience and is intended to create an
objective measure that companies and organizations can use to assess
the security training of employees and job applicants.

Individuals seeking Security+ certification must pass an examination
covering security concepts ranging from methods of external attack to
authentication and access control.

Information professionals must also master areas such as cryptography
and organizational security concepts.

The ultimate goal of Security+ certification is to increase the number
of men and women who are properly trained to manage what CompTIA calls
the "frontline security-related positions" - those jobs with direct
oversight of the machines and systems that may come under attack or
otherwise be compromised, according to CompTIA.

In addition to an exam published by CompTIA, academic institutions and
technology courseware developers such as Sybex are in the process of
producing printed and software-based courseware for Security+
certification, according to CompTIA.

In addition to training offered from independent training vendors and
educational institutions, hardware and software companies and security
associations have indicated that they will use CompTIA's Security+
certification part of their company-specific senior-level security
certification programs, according to CompTIA.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.