Infosecurity agency Niser in training tie-up
13th January 2005 (The Star)

KUALA LUMPUR: The National ICT Security and Emergency Response Centre (Niser) has entered into an agreement with the nonprofit International Information Systems Security Certification Consortium or (ISC)2 to provide IT security professionals in Malaysia with training and testing.

The testing involves the latter's Certified Information Systems Security Professional (CISSP) and Systems Security Certified Professional (SSCP) qualifications.

Under the agreement, signed last Wednesday, Niser would also serve as a coordination centre for the community of (ISC)2-certified IT security professionals in this country.

Niser director Lt-Kol Husin Jazri said there was a great need for more IT security professionals here.

He said it was his impression that companies in Malaysia were growing more aware of security threats, particularly viruses, spam, misuse of IT resources and "phishing" - the use of deception, often by e -mail, to obtain sensitive personal information from unsuspecting users.

(ISC)2 president and chief executive James Duffy said there were about 90 CISSPs working in Malaysia. By comparison, he noted there was a similar number in Thailand, 700 in Singapore, 1,200 in Hong Kong, and 200 in Taiwan. There were some 32,000 worldwide, the majority in the United States.

The CISSP is one of a number of IT security professional certifications given out by professional bodies and companies in that field.

Duffy encouraged IT practitioners, middle and senior management, and IT academicians to take up the qualification.

To undergo the training and testing for the qualifications, prospective CISSP candidates must have four years of relevant working experience certified by a current CISSP, or a university degree, and prospective SSCP candidates must have one year.

They must also sign up to the (ISC)2 code of ethics and might have to undergo vetting, Duffy said.

They would be trained on the CBK, or Common Body of Knowledge, encompassing ten domains of IT security: Access control systems and methodology; applications and system development security; business continuity and disaster recovery planning; cryptography; law, investigation and ethics; operations security; physical security; security architecture and models; security management practices; and telecommunications and network security.

To ensure testing integrity, the testing is conducted by a external body, a US-based psychometrics firm, said Chester Soong, (ISC)2 regional director for certification services.

Certification as a CISSP had to be renewed every three years, Duffy said, either by re-sitting the test or by undergoing 120 hours of further training.

The CISSP qualification was itself accredited in June 2004 to the ISO/IEC 17024 benchmark for professionals by the International Standards Organisation and the American National Standards Institute.

Husin said Niser's role in all this was to organise training and testing in Malaysia. In addition, Niser would also organise gatherings and further professional training for the community of (ISC)2 -certified IT security practitioners in Malaysia.