Certification Magazine - October 2007 - (Page 33) DoD didn’t always recognize certifications from one branch of service to the next. To complicate the situation even more, in some cases, civilian and contractor workers might have received their training from multiple outside sources, and formal certifications were not always available to validate knowledge and skills. DIAP concluded that if it wanted to certify its people so they could secure the different IA systems and move freely within the departments, existing commercial certifications were a viable solution. “We talked to people who were doing the job, defined what the roles are and, since then, have done a job task analysis, which confirmed that what we put in the manual is what people are doing,” Bieber said. “We looked at just about every certification that existed, starting with more than 100 certifications that had some aspect of security in them.” For people engaged in securing the different DoD information systems and infrastructure, job titles ranged from computer specialist to IT manager to system administrator to HR generalist. The IA WIP manual detailed what training and certifications were appropriate for each relevant job, whether a part-time or full-time position, according to the job’s location in the information system. “The manual said the DoD would not use commercial certifications that did not meet ISO/IEC 17024,” Bieber explained. “That standard required security of the testing, that a certification expire, so you either have to get continuous learning credits, or you have to retest.” Additionally, he said some of the certifications in the manual are not yet accredited by American National Standards Institute (ANSI), and those that are not are working toward that goal and expect to achieve it within the two-year time frame that is in the manual. The DoD hopes certification will elevate performance and skills for its IA or security posture and professionalize the workforce. Bieber also said certifications could be a mechanism to raise the bar on future skills by enabling IA workers to react fairly rapidly to change. “The certification is only one part — we want to be able to manage the workforce,” he said. “The de- partment is also working to put databases in place so that we’ll know who’s doing the job and what their status is, and this information will allow us to plan for training and certification expenses over time. The other thing is by requiring certification, because of that ISO standard, there’s a requirement embedded in that for continuous training. This is a mechanism to help elevate information assurance training in the competition for training dollars.” Directive 8570.1 was signed in 2004, and its accompanying manual was approved in December 2005. The DoD established a four-year implementation period to set up program mechanisms, and Bieber said this began early in 2006. The organization is engaged in compliance and evaluation activities to determine whether the program is working effectively. “The goal is to have the databases in place the workforce identified and to get 10 percent of the people certified this year,” he said. “We’re trying for 30 percent additional next year. We’ve had some evidence in our training exercises that where organizations have a larger percentage of people who are certified, they seem to be able to do better, but there could be other factors involved. There hasn’t been rigorous analysis to make that determination. But the very idea that now you have to study and be tested — it’s like education. There are very few people who say that education won’t make a difference. This is just an extension of education.” To help the different DoD components meet the requirements Directive 8570.1 set forth, the DIAP offers many educational outlets, outside its own IA training course assessments, where personnel can receive training. These outlets include Web-based training from the Defense Information Systems Agency and classes held by the National Defense University’s Information Resources Management College. The college offers some advanced management courses, as well as courses to help people prepare for ISACA, (ISC)2 and other certifications. Students don’t have to pay to attend service schools, nor are they required to pay for expenses related to commercial certification education and testing or external education providers. INTERFACE continued on page 39 October 2007 CERTIFICATION MAGAZINE 33
Table of Contents Feed for the Digital Edition of Certification Magazine - October 2007 Editor's Letter Contents Data Stream Tech Careers Dear Techie Academic Connection Virtual Village Rebooting Your Career Development Inside Certification Forensics Investigators: Cybercrime Fighters Interface Building Your Skills Through Security Tools Ad Index Endtag Certification Magazine - October 2007 Certification Magazine - October 2007 - (Page Cover1) Certification Magazine - October 2007 - (Page Cover2) Certification Magazine - October 2007 - Editor's Letter (Page 3) Certification Magazine - October 2007 - Editor's Letter (Page 4) Certification Magazine - October 2007 - Contents (Page 5) Certification Magazine - October 2007 - Contents (Page 6) Certification Magazine - October 2007 - Contents (Page 7) Certification Magazine - October 2007 - Data Stream (Page 8) Certification Magazine - October 2007 - Data Stream (Page 9) Certification Magazine - October 2007 - Tech Careers (Page 10) Certification Magazine - October 2007 - Tech Careers (Page 11) Certification Magazine - October 2007 - Dear Techie (Page 12) Certification Magazine - October 2007 - Dear Techie (Page 15) Certification Magazine - October 2007 - Academic Connection (Page 16) Certification Magazine - October 2007 - Academic Connection (Page 17) Certification Magazine - October 2007 - Virtual Village (Page 18) Certification Magazine - October 2007 - Virtual Village (Page 19) Certification Magazine - October 2007 - Rebooting Your Career Development (Page 20) Certification Magazine - October 2007 - Rebooting Your Career Development (Page 21) Certification Magazine - October 2007 - Rebooting Your Career Development (Page 22) Certification Magazine - October 2007 - Rebooting Your Career Development (Page 23) Certification Magazine - October 2007 - Inside Certification (Page 24) Certification Magazine - October 2007 - Inside Certification (Page 25) Certification Magazine - October 2007 - Forensics Investigators: Cybercrime Fighters (Page 26) Certification Magazine - October 2007 - Forensics Investigators: Cybercrime Fighters (Page 27) Certification Magazine - October 2007 - Forensics Investigators: Cybercrime Fighters (Page 28) Certification Magazine - October 2007 - Forensics Investigators: Cybercrime Fighters (Page 29) Certification Magazine - October 2007 - Interface (Page 30) Certification Magazine - October 2007 - Interface (Page 33) Certification Magazine - October 2007 - Building Your Skills Through Security Tools (Page 34) Certification Magazine - October 2007 - Building Your Skills Through Security Tools (Page 35) Certification Magazine - October 2007 - Building Your Skills Through Security Tools (Page 36) Certification Magazine - October 2007 - Building Your Skills Through Security Tools (Page 37) Certification Magazine - October 2007 - Building Your Skills Through Security Tools (Page 38) Certification Magazine - October 2007 - Building Your Skills Through Security Tools (Page 39) Certification Magazine - October 2007 - Building Your Skills Through Security Tools (Page 40) Certification Magazine - October 2007 - Ad Index (Page 41) Certification Magazine - October 2007 - Endtag (Page 42) Certification Magazine - October 2007 - Endtag (Page Cover3) Certification Magazine - October 2007 - Endtag (Page Cover4)
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.