(ISC)² has announced changes in the professional experience and endorsement requirements for its Certified Information Systems Security Professional (CISSP) certification.
Effective 1 October 2007, the minimum work experience required for certification will be raised from four to five years in two or more of the 10 recognised CISSP topics. Candidates with applicable tertiary qualifications will be required to have four years of work experience, instead of the three years currently required.
Also to be introduced in October is the requirement for each CISSP candidate to be officially endorsed by a (ISC)²-certified professional in good standing. The new requirement abolishes current concessions that allow candidates to be endorsed by their own organizations if no official endorsement can be obtained.
Changes to the CISSP requirements come as a reflection on demands of the information security industry, according to Randy Sanovic, who holds both CISSP-ISSAP and ISSMP certifications, and chairs (ISC)²'s Board of Directors.
"With the increasingly complex demands information security professionals face today, the board decided that additional measures of experience and peer endorsement will ensure that a CISSP has a thorough understanding of how to implement an effective information security program," Sanovic said.
"Additional measures of experience and peer endorsement ensure a CISSP has a complete understanding of how to implement an effective information security program and manage information security risks and the ethical commitment to make the right choices along the way," he said.
While candidates who have already registered to take the CISSP test before the October 1 deadline will not be affected by the new requirements, Sanovic expects some leniency to be granted also to candidates taking the exam before the end of the year.
On average, 1100 professionals apply each month for the CISSP exam worldwide. With an estimated 1.5 million people working in information security globally, the 50,000 plus CISSPs must remain an elite group of professionals that are leading this industry, Sanovic said.
"Those candidates who have already signed up to take the CISSP test to be held after Oct. 1, 2007 will be 'grandfathered' into the old requirements, provided they take the exam by Dec. 31, 2007," he said.
"We've received very positive feedback thus far from our members," he said. "I believe that most CISSPs view these new requirements as a strength for the benefit of the certified community, and the profession at large."