ISC2

Last updated
International Information System Security Certification Consortium
Founded1989
TypeNon-profit
Focus Cybersecurity, Information Security, Software Security, Infrastructure Security
Location
Area served
Worldwide
ServicesProfessional Certifications
Members
600,000+ (2024) [1]
Debra Taylor (acting) [2]
Website https://www.isc2.org

The International Information System Security Certification Consortium, or ISC2, is a non-profit organization which specializes in training and certifications for cybersecurity professionals. [3] [4] It has been described as the "world's largest IT security organization". [5] The most widely known certification offered by ISC2 is the Certified Information Systems Security Professional (CISSP) certification. [6] [7]

Contents

History

In the mid-1980s a need arose for a standardized and vendor-neutral certification program that provided structure and demonstrated competence in the field of IT security, and several professional societies recognized that certification programs attesting to the qualifications of information security personnel were desperately needed.

In June 1988, a conference was hosted by the National Institutes of Standards and Technology (NIST) and the Federal Information Systems Security Educators Association (FISSEA) at Idaho State University in Pocatello, Idaho to address the need for standardized curriculum for the burgeoning profession. Organizations in attendance included:

During the conference, the question was raised why virtually every group represented, save NIST and ISU, was creating a professional certification. The conference participants agreed to form a consortium that would attempt to bring together the competing agendas of the various organizations. In November 1988, the Special Interest Group for Computer Security (SIG-CS), a member of the Data Processing Management Association (DPMA), brought together several organizations interested in this. The ISC2 was formed in mid-1989 as a non-profit organization with this goal in mind.

By 1990, the first working committee to establish something called the Common Body of Knowledge (CBK) had been formed. The work done by that committee resulted in the first version of CBK being finalized by 1992, with the CISSP credential launched by 1994, followed by the SSCP credential in 2001, the CAP credential in 2005, and the CSSLP credential in 2008, the CCFP and HCISPP in 2013 and the CCSP in 2015.

In 2001, ISC2 established its Europe, Middle East and Africa regional office in London. In 2002, ISC2 opened its Asia-Pacific regional office in Hong Kong. In 2015, ISC2 introduced its North America regional office in Washington, D.C.

Since 2011, ISC2 organizes the annual ISC2 Security Congress conference. The 2019 conference will be the first international iteration of the event and will be held in Orlando, Florida.

In 2022, ISC2 pledged to expand and diversify the cybersecurity workforce by providing free ISC2 Certified in Cybersecurity education and exams to one million people worldwide. [8]

In August 2023, ISC2 launched their new website and rebrand, changing the abbreviation of their name from (ISC)2 to ISC2. [9]

Professional certifications

ISC2 maintains what it calls a Common Body of Knowledge for information security for the following certifications: [10]

and including:

All ISC2 certifications are accredited and meet ANSI/ISO/IEC Standard 17024. [12] Additionally, all certifications other than the CC meet DoD 8570.1 Baseline Certification standards. [13] The CGRC is still listed as CAP on the DoD's table.

Continuous Professional Education

All ISC2 certified professionals are required to earn Continuous Professional Education (CPE) credits on an annual basis in order to maintain their certifications. CPE credits can be obtained by attending industry events or conferences, writing articles/book reviews/books, etc. [14]

Code of Ethics

All certified ISC2 professionals are required to support the ISC2 Code of Ethics. Violations of the code of ethics are each investigated by a peer review panel, within the potential of revoking the certification. [15] ISC2 (along with other security certification organizations) has been criticized for lack of education in the area of ethics. [16]

See also

Related Research Articles

<span class="mw-page-title-main">SANS Institute</span> American security company

The SANS Institute is a private U.S. for-profit company founded in 1989 that specializes in information security, cybersecurity training, and selling certificates. Topics available for training include cyber and network defenses, penetration testing, incident response, digital forensics, and auditing. The information security courses are developed through a consensus process involving administrators, security managers, and information security professionals. The courses cover security fundamentals and technical aspects of information security. The institute has been recognized for its training programs and certification programs. Per 2021, SANS is the world’s largest cybersecurity research and training organization. SANS is an acronym for SysAdmin, Audit, Network, and Security.

CISSP is an independent information security certification granted by the International Information System Security Certification Consortium, also known as ISC2.

ISACA is an international professional association focused on IT governance. On its IRS filings, it is known as the Information Systems Audit and Control Association, although ISACA now goes by its acronym only. ISACA currently offers 8 certification programs, as well as other micro-certificates.

The Australian Computer Society (ACS) is an association for information and communications technology professionals with 40,000+ members Australia-wide. According to its Constitution, its objectives are "to advance professional excellence in information technology" and "to promote the development of Australian information and communications technology resources".

The Ten Commandments of Computer Ethics were created in 1992 by the Washington, D.C. based Computer Ethics Institute. The commandments were introduced in the paper "In Pursuit of a 'Ten Commandments' for Computer Ethics" by Ramon C. Barquin as a means to create "a set of standards to guide and instruct people in the ethical use of computers." They follow the Internet Advisory Board's memo on ethics from 1987. The Ten Commandments of Computer Ethics copies the archaic style of the Ten Commandments from the King James Bible.

The following outline is provided as an overview of and topical guide to information technology:

<span class="mw-page-title-main">Howard Schmidt</span> American computer security expert (1949 - 2017)

Howard Anthony Schmidt was a partner with Tom Ridge in Ridge Schmidt Cyber LLC, a consultancy company in the field of cybersecurity. He was the Cyber-Security Coordinator of the Obama Administration, operating in the Executive Office of the President of the United States. He announced his retirement from that position on May 17, 2012, effective at the end of the month.

<span class="mw-page-title-main">Cyberethics</span> Ethics of online activities

Cyberethics is "a branch of ethics concerned with behavior in an online environment". In another definition, it is the "exploration of the entire range of ethical and moral issues that arise in cyberspace" while cyberspace is understood to be "the electronic worlds made visible by the Internet." For years, various governments have enacted regulations while organizations have defined policies about cyberethics.

Corey Schou is University Professor of Informatics and Associate Dean at Idaho State University, director of the National Information Assurance Training and Education Center (NIATEC) and the Simplot Decision Support Center (SDSC), and for ten years the chair of the Colloquium for Information Systems Security Education (CISSE).

EC-Council is a cybersecurity certification, education, training, and services company based in Albuquerque, New Mexico.

<span class="mw-page-title-main">Robert Slade</span> Canadian information scientist

Robert Michael Slade, also known as Robert M. Slade and Rob Slade, is a Canadian information security consultant, researcher and instructor. He is the author of Robert Slade's Guide to Computer Viruses, Software Forensics, Dictionary of Information Security and co-author of Viruses Revealed. Slade is the author of thousands of technical book reviews, today published on the techbooks mailing list and in the RISKS Digest, and archived in his Internet Review Project. An expert on computer viruses and malware, he is also the Mr. Slade of "Mr. Slade's lists".

The Institute for the Certification of Computing Professionals (ICCP) is a non-profit institution for professional certification in the Computer engineering and Information technology industry. It was founded in 1973 by 8 professional computer societies to promote certification and professionalism in the industry, lower the cost of development and administration of certification for all of the societies and act as the central resource for job standards and performance criteria.

Offensive Security Certified Professional is an ethical hacking certification offered by Offensive Security that teaches penetration testing methodologies and the use of the tools included with the Kali Linux distribution. The OSCP is a hands-on penetration testing certification, requiring holders to successfully attack and penetrate various live machines in a safe lab environment. It is considered more technical than other ethical hacking certifications, and is one of the few certifications that requires evidence of practical penetration testing skills.

Donn B. Parker was an information security researcher and consultant and a 2001 Fellow of the Association for Computing Machinery. Parker had over 50 years of experience in the computer field in computer programming, computer systems management, consulting, teaching, and research.

The Computing Technology Industry Association, more commonly known as CompTIA, is an American non-profit trade association that issues professional certifications for the information technology (IT) industry. It is considered one of the IT industry's top trade associations.

The Security Industry Association (SIA), based in Silver Spring, Maryland, is a U.S. trade association, founded in 1969, representing global security solutions providers. The organization today represents nearly 1,400 firms and organizations in the security industry, and in 2017 the association expanded membership to include an academic category. Longtime CEO R. Walden Chace resigned under pressure in 2010 due to excessive spending and collaborations with Reed Exhibitions.

Mark Weatherford is an American cybersecurity professional who has held a variety of executive level positions in both the public and private sectors. He was appointed as the first deputy under secretary for cybersecurity at the US Department of Homeland Security from 2011 to 2013. He is currently the Global Information Security Strategist for Booking Holdings.

User behavior analytics (UBA) or user and entity behavior analytics (UEBA), is the concept of analyzing the behavior of users, subjects, visitors, etc. for a specific purpose. It allows cybersecurity tools to build a profile of each individual's normal activity, by looking at patterns of human behavior, and then highlighting deviations from that profile that may indicate a potential compromise.

<span class="mw-page-title-main">Gregory Touhill</span> American general

Brigadier GeneralGregory (Greg) J. Touhill is Director of the world renowned Carnegie Mellon University Software Engineering Institute’s CERT Division. Previously, he was the president of AppGate Federal Group . He was previously appointed by President Barack Obama as the first Federal Chief Information Security Officer of the United States, stepping down in January, 2017. He was previously the Deputy Assistant Secretary, Office of Cybersecurity and Communications, National Programs and Protection Directorate, Department of Homeland Security. While at DHS he concurrently served as Director of the National Cybersecurity and Communications Integration Center (NCCIC) during 2014–2015.

References

  1. "ISC2 about page". ISC2. Retrieved 2024-05-16.
  2. "ISC2 CEO Clar Rosso CC Steps Down". www.isc2.org. Retrieved 2024-10-11.
  3. Ashford, Warwick (2012-09-11). "Skills shortage means no unemployment in IT security, says (ISC)2". ComputerWeekly. Retrieved 2024-05-16.
  4. Dunn, John E. (2012-04-18). "New board connects (ISC)2 security professionals to public policy". ComputerWorld UK. Archived from the original on 2015-09-28.
  5. Kerner, Sean Michael (2012-09-14). "(ISC)2: Execs Must Buy Into IT Security". eSecurity Planet. Archived from the original on 2017-12-10. Retrieved 2024-05-16.
  6. "(ISC)2 releases government program for conference in Philly alongside ASIS". Government Security News. 2012-08-03. Archived from the original on 2013-05-21. Retrieved 2024-05-16.
  7. Parizo, Eric (2011-09-22). "(ISC)2 at a crossroads: CISSP value vs. security industry growth". SearchSecurity. Archived from the original on 2021-04-22. Retrieved 2024-05-16.
  8. "ISC2 Opens Global Enrollment for One Million Certified in Cybersecurity". ISC2. 2022-08-31.
  9. "ISC2 Announces Major Milestone as Community Grows to Half a Million Strong". www.isc2.org. 2023-08-18. Retrieved 2024-05-16.
  10. "About (ISC)2". Archived from the original on 2008-12-17. Retrieved 2024-05-16.. (ISC)2
  11. "Become an HCISPP – HealthCare Information Security and Privacy Practitioner". ISC2. Retrieved 2024-05-16.
  12. "ANSI Accreditation Services - International Information System Security Certification Consortium, Inc" . Retrieved 2024-05-16.
  13. "DoD Approved 8570 Baseline Certifications". DoD Cyber Exchange. Archived from the original on 2023-03-13. Retrieved 2024-05-16.
  14. "ISC2 Certification Maintenance Handbook" (PDF). ISC2. Retrieved 2024-05-16.
  15. "ISC2 Code Of Ethics". ISC2. Retrieved 2024-05-16.
  16. "Security Certifications' Ethics Programs Merely Window-Dressing". 2008-09-01. Archived from the original on 2013-05-21. Retrieved 2024-05-16.