[ISN] Program focuses on security response

From: InfoSec News (isnat_private)
Date: Mon Jul 14 2003 - 22:56:46 PDT

  • Next message: InfoSec News: "[ISN] Student Hackers Settle Debit-Card Device"

    http://news.com.com/2100-1009_3-1025613.html
    
    By Robert Lemos 
    Staff Writer, CNET News.com
    July 14, 2003
    
    The Computer Emergency Response Team (CERT) Coordination Center, a 
    security-incident clearinghouse, introduced on Monday a program to 
    certify information technology professionals in incident handling and 
    response. 
    
    The certification program will train participants in how to react to 
    security incidents and network intrusions. Those people who take five 
    courses, including an elective, and pass a test administered by the 
    Software Engineering Institute will be granted a Certified Computer 
    Security Incident Handler Certification (CCSIHC). The Software 
    Engineering Institute is part of Carnegie Mellon University and 
    manages the CERT Coordination Center.
    
    "The incident response certification is a benchmark that says that the 
    leader knows how to lead and manage an incident response team," said 
    Barbara Laswell, technical manager of practices, training and 
    development at the institute. "It is important to know that the leader 
    of the team has the knowledge to do that job." 
    
    While security certifications have been criticized by many security 
    experts as not testing the true knowledge of the field, the 
    certification of information technology professionals got a big boost 
    in February from the Bush administration's National Strategy to Secure 
    Cyberspace. In its third of five priorities, the certification program 
    highlights the need for more security training and better ways to 
    certify knowledge.
    
    The government should, the program states, "promote private sector 
    support for well-coordinated and widely recognized professional 
    cybersecurity certifications." It says Department of Homeland Security 
    should "encourage efforts that are needed to build foundations for the 
    development of security certification programs"--programs that it 
    hopes "will be broadly accepted by the public and private sectors." 
    
    Last November, the Computing Technology Industry Association (CompTIA) 
    introduced its Security+ certification program, which it hopes will 
    become a standard requirement for those seeking network administration 
    jobs at companies and government agencies. CompTIA is made up of two 
    dozen trade and government security experts, including representatives 
    from Microsoft, IBM and the Federal Bureau of Investigation. 
    
    Perhaps the best known security certification is the the Certified 
    Information Systems Security Professional (CISSP) rating given by the 
    International Information Systems Security Certification Consortium. 
    
    "Those certifications are broad and cover a variety of topic areas," 
    Laswell said of the Security+ and CISSP ratings. "This certification 
    targets specifically incident response. The others are horizontal 
    certifications across domains--we are the vertical slice." 
    
    The certification created by the CERT Coordination Center prepares 
    participants to create and manage a Computer Security Incident 
    Response Team, according to the Software Engineering Institute. 
    Information on the new certification program can be found on the CERT 
    Coordination Center Web site.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Jul 15 2003 - 01:50:17 PDT