Rebuttal to "CISSPs - Do You Know Your Organization" by anonymous

[InfoSec News <isn () c4i org>]

http://cryptome.org/cissp-who2.htm


From: nkoprowski () maples com
To: jya () pipeline com
Cc: james.wade () rich frb org
Subject: Rebuttal to "CISSPs - Do You Know Your Organization" by
anonymous
Date: Thu, 7 Jun 2001 11:46:17 -0700 

Dear Editor: 

Below is an article written in response to "CISSPs - Do You Know Your
Organization" by Anonymous, published by Cryptome.org, May 3,
2001.  Please let me know if you choose to post it on your Web site. 

Thank you, 

Nancy Koprowski
Account Executive
Maples Communications
PH: (949) 253-8737
FX: (949) 253-8751 



--------------------------------------------------------------------------------

June 7, 2001 

(ISC)2's Response to "CISSPs - Do You Know Your Organization"  
By James R. Wade, CISSP

President
(ISC)2 

Facts About (ISC)2: 


* (ISC)2 is a not-for-profit organization under the laws of the United
  States of America and is chartered in the state of Massachusetts. 

* (ISC)2 opened its European headquarters in London in March 2001. 
  Candidates interested in obtaining an (ISC)2 information security
  certification must meet minimum experience requirements, sign the

* (ISC)2 Code of Ethics, and successfully pass a written
  examination.  Certified people must meet the minimum requirements in
  continuing information security education in order to maintain their
  certification. 

* (ISC)2 has CISSPs in 48 countries other than the U.S. 
  Since January 1, 2001, more than 400 people from countries other
  than the U.S. have taken (ISC)2 information security certification
  examinations. 

* With respect to the Waiver-for-Examination (WFE) process having
  little international participation, shortly after the initial WFE
  period closed, a second period was opened exclusively for
  international applicants. As a result, several international
  information security professionals were certified at that time. 

Allegations that the genesis of the CISSP program was based on a
contract with the U.S. Postal Service are false.  The (ISC)2 Common
Body of Knowledge (CBK) was based extensively on work performed by an
international committee led by Mr. Corey Schou, a professor with Idaho
State University.

Likewise, the CISSP Certification examination was developed by a large
number of people following a very rigorous process to develop
information security test items.  Suggesting that the U.S. Postal
Service contract was the "genesis of the CISSP program" fails to
acknowledge the hard work of a number of U.S. and international
information security professionals in launching the CISSP
Certification program.

With respect to "the associated training remained largely
U.S.-oriented, with heavy emphasis on the U.S. government standards
developed in the early 1980s by the U.S. National Security Agency
(NSA)": As most people who have been involved in information security
since the 1980s know, the so-called "Rainbow Series" of documentation
developed by NSA was a source of information security processes and
methodologies. In 1998 and 1999 (ISC)2 invested significant effort and
resources to "internationalize" the CISSP certification by removing
references to US law and policy and incorporating international
standards like BS7799.

(ISC)2, as a not-for-profit organization, invests all surplus income
over the costs of operations back into its programs.  As previously
stated, (ISC)2 made significant investment in upgrading the materials
supporting the CISSP Certification in 1998 and 1999.  (ISC)2 is an
independent, not-for-profit company whose programs are not tied to any
vendor, technology, methodology or government.

Moreover, it is a mystery why the author launches into a diatribe
against the United States and concludes that any U.S. organization is
automatically a pawn of the U.S. Government or puppet of the NSA.  
(ISC)2 believes there is a clear need for Europe to endorse
information security certifications as one of the ways to help
safeguard its critical and sensitive information and systems.  (ISC)2
is the independent body that has the knowledge, vast experience, and
infrastructure to support the information security certification needs
of Europe and the rest of the world.

More information about (ISC)2 is available at www.isc2.org

#   #   # 




ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.