Information Security News
mailing list archives
Rebuttal to "CISSPs - Do You Know Your Organization" by anonymous
From: InfoSec News <isn () c4i org>
Date: Fri, 8 Jun 2001 02:50:45 -0500 (CDT)
From: nkoprowski () maples com
To: jya () pipeline com
Cc: james.wade () rich frb org
Subject: Rebuttal to "CISSPs - Do You Know Your Organization" by
Date: Thu, 7 Jun 2001 11:46:17 -0700
Below is an article written in response to "CISSPs - Do You Know Your
Organization" by Anonymous, published by Cryptome.org, May 3,
2001. Please let me know if you choose to post it on your Web site.
PH: (949) 253-8737
FX: (949) 253-8751
June 7, 2001
(ISC)2's Response to "CISSPs - Do You Know Your Organization"
By James R. Wade, CISSP
Facts About (ISC)2:
* (ISC)2 is a not-for-profit organization under the laws of the United
States of America and is chartered in the state of Massachusetts.
* (ISC)2 opened its European headquarters in London in March 2001.
Candidates interested in obtaining an (ISC)2 information security
certification must meet minimum experience requirements, sign the
* (ISC)2 Code of Ethics, and successfully pass a written
examination. Certified people must meet the minimum requirements in
continuing information security education in order to maintain their
* (ISC)2 has CISSPs in 48 countries other than the U.S.
Since January 1, 2001, more than 400 people from countries other
than the U.S. have taken (ISC)2 information security certification
* With respect to the Waiver-for-Examination (WFE) process having
little international participation, shortly after the initial WFE
period closed, a second period was opened exclusively for
international applicants. As a result, several international
information security professionals were certified at that time.
Allegations that the genesis of the CISSP program was based on a
contract with the U.S. Postal Service are false. The (ISC)2 Common
Body of Knowledge (CBK) was based extensively on work performed by an
international committee led by Mr. Corey Schou, a professor with Idaho
Likewise, the CISSP Certification examination was developed by a large
number of people following a very rigorous process to develop
information security test items. Suggesting that the U.S. Postal
Service contract was the "genesis of the CISSP program" fails to
acknowledge the hard work of a number of U.S. and international
information security professionals in launching the CISSP
With respect to "the associated training remained largely
U.S.-oriented, with heavy emphasis on the U.S. government standards
developed in the early 1980s by the U.S. National Security Agency
(NSA)": As most people who have been involved in information security
since the 1980s know, the so-called "Rainbow Series" of documentation
developed by NSA was a source of information security processes and
methodologies. In 1998 and 1999 (ISC)2 invested significant effort and
resources to "internationalize" the CISSP certification by removing
references to US law and policy and incorporating international
standards like BS7799.
(ISC)2, as a not-for-profit organization, invests all surplus income
over the costs of operations back into its programs. As previously
stated, (ISC)2 made significant investment in upgrading the materials
supporting the CISSP Certification in 1998 and 1999. (ISC)2 is an
independent, not-for-profit company whose programs are not tied to any
vendor, technology, methodology or government.
Moreover, it is a mystery why the author launches into a diatribe
against the United States and concludes that any U.S. organization is
automatically a pawn of the U.S. Government or puppet of the NSA.
(ISC)2 believes there is a clear need for Europe to endorse
information security certifications as one of the ways to help
safeguard its critical and sensitive information and systems. (ISC)2
is the independent body that has the knowledge, vast experience, and
infrastructure to support the information security certification needs
of Europe and the rest of the world.
More information about (ISC)2 is available at www.isc2.org
# # #
ISN is hosted by SecurityFocus.com
To unsubscribe email isn-unsubscribe () SecurityFocus com
- Rebuttal to "CISSPs - Do You Know Your Organization" by anonymous InfoSec News (Jun 08)