[ISN] Rebuttal to "CISSPs - Do You Know Your Organization" by anonymous

From: InfoSec News (isnat_private)
Date: Fri Jun 08 2001 - 00:50:45 PDT

  • Next message: InfoSec News: "[ISN] Security hole found in Exchange 2000"

    From: nkoprowskiat_private
    To: jyaat_private
    Cc: james.wadeat_private
    Subject: Rebuttal to "CISSPs - Do You Know Your Organization" by
    Date: Thu, 7 Jun 2001 11:46:17 -0700 
    Dear Editor: 
    Below is an article written in response to "CISSPs - Do You Know Your
    Organization" by Anonymous, published by Cryptome.org, May 3,
    2001.  Please let me know if you choose to post it on your Web site. 
    Thank you, 
    Nancy Koprowski
    Account Executive
    Maples Communications
    PH: (949) 253-8737
    FX: (949) 253-8751 
    June 7, 2001 
    (ISC)2's Response to "CISSPs - Do You Know Your Organization"  
    By James R. Wade, CISSP
    Facts About (ISC)2: 
    * (ISC)2 is a not-for-profit organization under the laws of the United
      States of America and is chartered in the state of Massachusetts. 
    * (ISC)2 opened its European headquarters in London in March 2001. 
      Candidates interested in obtaining an (ISC)2 information security
      certification must meet minimum experience requirements, sign the
    * (ISC)2 Code of Ethics, and successfully pass a written
      examination.  Certified people must meet the minimum requirements in
      continuing information security education in order to maintain their
    * (ISC)2 has CISSPs in 48 countries other than the U.S. 
      Since January 1, 2001, more than 400 people from countries other
      than the U.S. have taken (ISC)2 information security certification
    * With respect to the Waiver-for-Examination (WFE) process having
      little international participation, shortly after the initial WFE
      period closed, a second period was opened exclusively for
      international applicants. As a result, several international
      information security professionals were certified at that time. 
    Allegations that the genesis of the CISSP program was based on a
    contract with the U.S. Postal Service are false.  The (ISC)2 Common
    Body of Knowledge (CBK) was based extensively on work performed by an
    international committee led by Mr. Corey Schou, a professor with Idaho
    State University.
    Likewise, the CISSP Certification examination was developed by a large
    number of people following a very rigorous process to develop
    information security test items.  Suggesting that the U.S. Postal
    Service contract was the "genesis of the CISSP program" fails to
    acknowledge the hard work of a number of U.S. and international
    information security professionals in launching the CISSP
    Certification program.
    With respect to "the associated training remained largely
    U.S.-oriented, with heavy emphasis on the U.S. government standards
    developed in the early 1980s by the U.S. National Security Agency
    (NSA)": As most people who have been involved in information security
    since the 1980s know, the so-called "Rainbow Series" of documentation
    developed by NSA was a source of information security processes and
    methodologies. In 1998 and 1999 (ISC)2 invested significant effort and
    resources to "internationalize" the CISSP certification by removing
    references to US law and policy and incorporating international
    standards like BS7799.
    (ISC)2, as a not-for-profit organization, invests all surplus income
    over the costs of operations back into its programs.  As previously
    stated, (ISC)2 made significant investment in upgrading the materials
    supporting the CISSP Certification in 1998 and 1999.  (ISC)2 is an
    independent, not-for-profit company whose programs are not tied to any
    vendor, technology, methodology or government.
    Moreover, it is a mystery why the author launches into a diatribe
    against the United States and concludes that any U.S. organization is
    automatically a pawn of the U.S. Government or puppet of the NSA.  
    (ISC)2 believes there is a clear need for Europe to endorse
    information security certifications as one of the ways to help
    safeguard its critical and sensitive information and systems.  (ISC)2
    is the independent body that has the knowledge, vast experience, and
    infrastructure to support the information security certification needs
    of Europe and the rest of the world.
    More information about (ISC)2 is available at www.isc2.org
    #   #   # 
    ISN is hosted by SecurityFocus.com
    To unsubscribe email isn-unsubscribeat_private

    This archive was generated by hypermail 2b30 : Fri Jun 08 2001 - 02:53:45 PDT