ISSPCS stands for the International Systems Security Professional Certification Scheme. ISSPCS is an Information Security certification, designed to distinguish the holder as being a knowledgeable and practical individual in the field of Information Security, possessing specific knowledge deemed as highly desirable by the ISSPCS Academic Board. The curriculum has been developed and the first ISSPCS Practitioners will be certified in December 2004.

ISSPCS has four levels of certification:

1. ISSPCS Practitioner - the entry level for all ISSPCS applicants.
2. ISSPCS Professional - only available after achieving Practitioner status.
3. ISSPCS Mentor - only available after achieving Professional status.
4. ISSCPS Fellow - the final level, only available after achieving Mentor status.

For more information on the various levels of ISSPCS Information Security certification, please see the Certification page.

The Objective

The ISSPCS developers and ISSEA have strived to develop and implement an international and professional IT and Systems Security Certification Scheme that has wide credibility, jurisdiction and is genuinely international. The certification is constantly updated throughout the year, as the Information Security environment can change on a daily basis.

Security History

Over the last decade, information and communication technologies have dramatically changed the way organisations conduct business and relate to their clients, across all industry sectors and at all levels of government. Availability, authenticity, integrity, confidentiality, non-repudiation are just some of the issues that the modern organisation must consider when delivering services. In order to deal with these issues, organisations are implementing a multitude of enterprise-wide security solutions encompassing people, technology and physical domains. But how do organisations know that the solution is right for them and how do they know that they are getting the right advice for their circumstances? One of the major challenges for the modern organisation is the ability to recognise talent, skills and experience when it comes to the development and implementation of a security regime capable of protecting the organisations assets. For the security professional, the problem is somewhat different. There are a multitude of costly vendor and situation specific courses and certifications available, but very few focus on the general principles of security and their essential foundations, nor provide a theoretical and practical base on which to build fundamental skills.

The ISSPCS Solution

To address this issue, the International Systems Security Engineering Association (ISSEA) has overseen the implementation of a global and open certification scheme for security professionals that addresses the shortfalls of traditional IT security certifications by founding the scheme on essential principles of security. Initial development of the scheme was jointly undertaken by the University of Queensland (UQ), Electronic Warfare Associates (EWA) and the Australian Computer Emergency Team (AusCERT), as well as seeking input from the world wide Security Community for critical curricular documentation. The ISSPCS development team is involved in the continual development of a certification programme that is credible, comprehensive, cost-effective, international in scope, and genuinely open. As an open scheme, it will not be necessary to attend any particular training course in order to seek certification. The various levels of certification may be achieved by the successful completion of certified examinations and/or interviews, overseen internationally by ISSEA. As it is important to ensure that training will be available for those who wish to access it, ISSEA is very pleased that EWA, UQ and AusCERT have also committed significant resources to the development of a training programme, which will prepare candidates for certification, in addition to the freely available ISSPCS Study Guides on this site.

The Nine Strategic Principles of ISSPCS

The following are the Nine Strategic Principles for the Certification Scheme:

An Independent Scheme -	no commercial bias to any vendor or group of vendors. The independence of the scheme is enhanced by its foundations being based on practiced fundamental security principles and robust theories rather that vendor, product or situation specific syllabi.
An Open Scheme -	open to all IT and Systems security professionals.
An International Scheme -	specific, custom modules will be available in various countries and regions. It will also be developed in accordance with international standards. Country-specific modules will be developed as demand dictates.
An Inclusive Scheme -	which could incorporate feedback from a user community.
A Cost Effective Scheme -	which would not be prohibitively expensive for IT security professionals to undertake.
An Updated Scheme -	which is reviewed for changes in technology, best practice and community standards on a regular basis.
A Continuous Scheme -	which requires regular evidence of continuing development.
A Professional Scheme -	which does not simply rely on the regurgitation of a body of knowledge, but is instead founded on demonstrating an ability to apply process and methodology, as well as an understanding of security knowledge and techniques.
An Holistic Scheme -	while this scheme is intended to be heavily IT focused, it is not exclusive to IT, since IT security must reflect the systems approach including physical, personnel and technological.