CISSP: A Brief History

Historically, the field of computer and information security has not been a structured and disciplined profession; rather, the field has lacked many well-defined professional objectives and thus has often been misperceived.

In the mid-1980s, members of the computer security profession recognized they needed a certification program that would give their profession structure and provide ways for computer security professionals to demonstrate competence and present evidence of their qualifications. Establishing such a program would help the credibility of the computer and information security profession as a whole and the individuals who make up the profession.

In November 1988, the Special Interest Group for Computer Security (SIG-CS) of the Data Processing Management Association (DPMA) brought together several organizations interested in forming a security certification program. They included the Information Systems Security Association (ISSA), the Canadian Information Processing Society (CIPS), the Computer Security Institute (CSI), Idaho State University, and several U.S. and Canadian government agencies. As a voluntary joint effort, these organizations developed the necessary components to offer a full-fledged security certification for interested professionals. (ISC)² was formed in mid-1989 as a nonprofit corporation to develop a security certification program for information systems security practitioners. The certification was designed to measure professional competence and help companies in their selection of security professionals and personnel. (ISC)² was established in North America, but quickly gained international acceptance and now offers testing capabilities all over the world.

Because security is such a broad and diversified field in the technology and business world, the original consortium decided on an information systems security CBK composed of ten domains that pertain to every part of computer, network, business, and information security. In addition, because technology continues to rapidly evolve, staying up-to-date on security trends, technology, and business developments is required to maintain the CISSP certification. The group also developed a Code of Ethics, test specifications, a draft study guide, and the exam itself.

Caution

There has been a lot of controversy in the industry about (ISC)2, a nonprofit organization that maintains the CISSP certification and provides training for this certification. Many times the (ISC)2 Institute has told companies that they cannot have an exam set up for them unless the companies take the (ISC)2 Institute’s training. This is a conflict of interest that has been brought up for years, and civil suits have been threatened. Feel comfortable to take training that best fits your needs, whether it be through the (ISC)2 Institute or another vendor.