From: InfoSec News (isnc4i.org)
Date: Tue Jul 15 2003 - 00:56:46 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://news.com.com/2100-1009_3-1025613.html

By Robert Lemos
Staff Writer, CNET News.com
July 14, 2003

The Computer Emergency Response Team (CERT) Coordination Center, a
security-incident clearinghouse, introduced on Monday a program to
certify information technology professionals in incident handling and
response.

The certification program will train participants in how to react to
security incidents and network intrusions. Those people who take five
courses, including an elective, and pass a test administered by the
Software Engineering Institute will be granted a Certified Computer
Security Incident Handler Certification (CCSIHC). The Software
Engineering Institute is part of Carnegie Mellon University and
manages the CERT Coordination Center.

"The incident response certification is a benchmark that says that the
leader knows how to lead and manage an incident response team," said
Barbara Laswell, technical manager of practices, training and
development at the institute. "It is important to know that the leader
of the team has the knowledge to do that job."

While security certifications have been criticized by many security
experts as not testing the true knowledge of the field, the
certification of information technology professionals got a big boost
in February from the Bush administration's National Strategy to Secure
Cyberspace. In its third of five priorities, the certification program
highlights the need for more security training and better ways to
certify knowledge.

The government should, the program states, "promote private sector
support for well-coordinated and widely recognized professional
cybersecurity certifications." It says Department of Homeland Security
should "encourage efforts that are needed to build foundations for the
development of security certification programs"--programs that it
hopes "will be broadly accepted by the public and private sectors."

Last November, the Computing Technology Industry Association (CompTIA)
introduced its Security+ certification program, which it hopes will
become a standard requirement for those seeking network administration
jobs at companies and government agencies. CompTIA is made up of two
dozen trade and government security experts, including representatives
from Microsoft, IBM and the Federal Bureau of Investigation.

Perhaps the best known security certification is the the Certified
Information Systems Security Professional (CISSP) rating given by the
International Information Systems Security Certification Consortium.

"Those certifications are broad and cover a variety of topic areas,"
Laswell said of the Security+ and CISSP ratings. "This certification
targets specifically incident response. The others are horizontal
certifications across domains--we are the vertical slice."

The certification created by the CERT Coordination Center prepares
participants to create and manage a Computer Security Incident
Response Team, according to the Software Engineering Institute.
Information on the new certification program can be found on the CERT
Coordination Center Web site.

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]