(ISC)² Security Transcends Technology



Mike Kilroy or Nancy Koprowski
Maples Communications, Inc.
(949) 477-0710, Ext. 303


Information Systems Security Engineering Professional (ISSEP®) will Help Screen Potential Employees and Contractors of NSA


WASHINGTON, D.C., Feb. 27, 2003 - The International Information Systems Security Consortium (ISC)² today announced a five-year contract with the National Security Agency's Information Assurance Directorate (IAD) to develop and administer the new Information Systems Security Engineering Professional (ISSEP®) credential for information security professionals who want to work for NSA, either as employees or outside contractors. The new certification will serve as an extension of the (CISSP®) (Certified Information Systems Security Professional), offered by (ISC)² for information security professionals with four years cumulative work experience in the field. Persons interested in taking the ISSEP exam will be required to already hold a CISSP credential. CISSP certification was designed to recognize mastery of an international standard for information security professionals and their understanding of the 10 domains of the (ISC)² Common Body of Knowledge (CBKTM) in forming security policies, standards and procedures.

"The U.S. government has a unique set of standards for information security," said Patricia L. Moreno, chief of staff for NSA's Information Assurance Directorate. "We believe (ISC)²'s longtime international expertise in professional certification best suits our training needs within NSA."

NSA has prepared the groundwork for this certification and will provide the subject matter experts to develop the ISSEP examination. (ISC)² will manage the additional domains and exam material for the extension. The new domains of the ISSEP will focus on the technical knowledge required of government information systems security engineers such as ISSE processes and government regulations. The ISSEP complements the CISSP by comprehensively addressing the systems engineering side of information security. As with the CISSP, the substance of the domains studied will be updated with the constantly changing field of information security.

"Creating the ISSEP extension to the CISSP for NSA is an honor and a privilege," said James E. Duffy, CISSP, executive director of (ISC)² , based in Framingham, Mass. "With more time and resources being applied to the protection of our government's information assets, (ISC)² values the opportunity to join the effort."

About NSA
The National Security Agency is the nation's cryptologic organization. It coordinates, directs and performs highly specialized activities to protect U.S. information systems and produce foreign intelligence information. A high technology organization, NSA is on the frontiers of communications and data processing. It is also one of the most important centers of foreign language analysis and research within the U.S. government. More information is available at www.nsa.gov.

About (ISC)²
Based in Framingham, Mass., with offices in London and Hong Kong, the International Information Systems Security Certification Consortium, Inc. (ISC)² is the premier organization dedicated to providing information security professionals and practitioners worldwide with the standard for professional certification. That standard is based on (ISC)²'s CBKTM, a compendium of best practices for information security professionals. Since its inception in 1989, the not-for-profit organization has provided training and certification and has advocated the need for one industry-wide security standard. (ISC)² provides two forms of certification, the Certified Information Systems Security Professional (CISSP) and the Systems Security Certified Practitioner (SSCP), both unique by requiring years of experience in their field and, for the CISSP, an endorsement by a professional familiar with the background of the candidate. For more than a decade, (ISC)² has certified thousands of security professionals in more than 85 countries.