Security Certification � Standards for the Government IT Workforce

07-09-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

Security Certification � Standards for the Government IT Workforce

According to a recent GCN article, the federal government (civilian agencies) may be releasing a standardized list of security professional certifications required by the IT workforce that could see lasting benefits, however initial incur some immediate challenges.

Benefits:

The most obvious benefit would be the development of an assurance baseline for government security programs. Through the issuance of minimum qualification requirements for each staff position, the government could reduce staff qualification deficiencies, and optimize costs needed for an highly trained IT security workforce. The government must be agile, and must understand the competency of their security staff and IT professionals to maximize results. This could also establish a limited playing field for IT security firms, and idealize the importance certification offer, as it has achieved in the private sector.

Challenges:

Where does this certified workforce come from? As minimum requirements are published, it will require them to be phased in to allow a transition for existing staff through both fasttrack certification programs, and to enable organization to find staff to meet their immediate needs for IT security practitioners that have the appropriate credentials and background investigations. This also will require certification agents (to include ISC(2)) to actively qualify their organization's credentials to ensure current staff can qualify themselves under the new certification requirements. Other challenges would include increased recruiting costs, additional training costs for existing staff (including attending certification programs), and a wider adoption of specialized security certifications.

Conclusion

I see this as an essential step forward for ensuring the federal government workforce has the competency to meet the changes faced in the IT security landscape, and can appropriately meet the future challenges in this diverse and evolving field. I also think more specialized sector track will begin to emerge out of the transition, giving security practioners more focused and specialized security roles.