New User Group To Help Define Best Practices For Information Security

By Author: fiona
Total Articles: 191
Comment this article

Several U.S. information security firms have joined to help form the U.S. chapter of the CompTIA Security+ certification Information Security Management Systems International User Group (ISMS IUG). This new chapter will support users of information security management systems (ISMS) in various industries around the country.
Most people consider information security practices to include firewalls, security patches and anti-virus software, but a complete ISMS is far more complex. An ISMS is a systematic approach to guarantee the security of sensitive information, covering all aspects that come together to enforce an organization?s security policies people, processes and technology.
As with any emerging technological field, the best practices are still being established in the information security sector. Organizations are required to secure sensitive information by legislation, such as the Health Insurance Portability and Accountability Act (HIPAA), directed at health care organizations, and the Gramm-Leach-Bliley Act (GLBA), targeted toward financial institutions, and Sarbanes-Oxley ...
... legislation, designed to protect shareholders from corporate fraud and accounting errors. While these laws require compliance and include high-level standards, it is difficult for information security officers to determine the best practices and how to apply them.
According to Doug Landoll, president of Veridyn Inc. and vice-chair of the new U.S. chapter of the ISMS IUG, the user group will offer a forum for information security leaders to talk about these Project+ issues, determine industry-recognized standards and uncover the best practices for implementing those standards.
The formation of the U.S. chapter of the ISMS IUG is being spearheaded by Symantec, phi solutions, Veridyn and Majec Systems Inc. It will promote and support use of ISMS standards, including existing standards like ISO/IEC 17799, as well as considering other standards like COBIT and the forthcoming GAISP standard. Use of ISMS standards will be supported and promoted through activities such as development and usage workshops and conferences, as well as a user group Web site and publications.
As of April 1, 2004, Novell will no longer accept new candidates for its Certified Directory Engineer (CDE) certification. The closing of the CDE program follows Novell's acquisition of SuSE Linux, with which the company is now working to build additional courses and certifications focusing heavily on Linux and open-source initiatives.
The CDE certification was designed to be extremely rigorous, with a difficult, hands-on Practicum exam as one of its requirements. The certification was designed for IT professionals working with Novell's directory-enabled solutions to extend systems within their organizations and across the Internet.
Novell eDirectory, a high-end directory service and the core technology of the CDE certification, is a crucial part of Novell's security identity management solutions and multi-platform network services. Thus, the technology will still form a major part of Novell's testing for its other certifications, including the Certified Novell Administrator (CNA), Certified Novell Engineer (CNE), Master CNE, and Novell Certified Linux Engineer (CLE) credentials.
Candidates who are still interested in earning the CDE certification will be able to do so prior to the April 1, 2004 cutoff. Novell recommends contacting your local VUE testing center to schedule your exam for the certification. IT professionals who earn the CDE prior to April 1, 2004 will be recognized as CDEs by Novell and will be able to continue to use their 220-701 exam credential as needed, on their resumes and business cards. Novell also will continue to verify CDE certification to employers and potential employers upon request.