Security Certification Pretest Available Online

February 15, 2008

Test preparation is not just for elementary, high school and college students anymore. Information security professionals seeking to obtain certifications now have the opportunity to use an online self-assessment tool to gauge their knowledge of information security topics prior to taking certification exams. The test-taking simulation could be particularly useful to defense contractors as the U.S. Defense Department requirement looms for certification of all personnel working on department systems in an information security role.

Called studISCope, the tool enables security staffs and individuals to assess their knowledge of the security topics that appear on (ISC)2 certification exams. Companies also may use the test to assess their staff’s information security knowledge, skills and ability. Originally developed for Defense Department personnel, it comprises questions from previous versions of the Certified Information Systems Security Professional (CISSP) and Systems Security Certified Practitioner (SSCP) exams as well as new questions developed by (ISC)2-certified subject matter experts.

According to Lynn McNulty, director of government affairs at (ISC)2, the nonprofit organization that designed studISCope, his team decided to make the security knowledge assessment tool available to industry after experiencing success with the military. He adds that in light of Defense Department Directive 8570.1, many more information technology professionals will be seeking certifications, so the time is right to introduce an assessment tool for industry. (ISC)2 is one of five organizations that administer the information security certification exams stipulated by the Defense Department as requisite for certain employment positions, and the only one that offers the CISSP and SSCP certifications.

Directive 8570.1 requires that all Defense Department information assurance personnel be tested and certified in the field; this condition is being phased in for defense contractors conducting comparable work. The contractor requirement process began in fiscal year 2007; by the end of fiscal year 2010, all contractor personnel performing information assurance duties on department systems must be certified.

The comprehension assessment tool is available online for single, subsidized or voucher purchase that includes performance results tracking for one year, and as part of a package that features an education program and other (ISC)2 services. The personalized reporting system includes learning progress indicators that highlight an individual’s strengths and weaknesses and a readiness gauge that shows comprehension levels in specific areas. This information enables certification candidates to focus their study time on topics that need the most attention.

McNulty shares that his organization predicts the number of information security specialists seeking information systems security certifications this year could be as high as 30,000.