WEDNESDAY 21 MAY 2003

Dear ISSPCS Subscriber,

Welcome to the first ISSPCS news mail-out.  We will keep you updated with
news from the International Systems Security Professional Certification
Scheme (ISSPCS).

In this issue...

ISSPCS Presented at AusCERT 2003
ISSPCS Feedback


If you are not already a subscriber to the ISSPCS news service you may
subscribe by sending the text "subscribe news" in the body of an email to
Majordomo@isspcs.org

For details of our privacy statement please visit
http://www.isspcs.org/legal/privacy.php

If you would like to unsubscribe please send the text "unsubscribe news" in
the body of an email to Majordomo@isspcs.org

---

ISSPCS Presented at AusCERT 2003

A large number of the ISSPCS development team attended the AusCERT2003
conference from last week.  AusCERT2003 is an IT Security conference, held
annually on the Gold Coast, Australia.   The ISSPCS programme was unveiled
to attendees by means of a presentation, followed by an informal Questions
and Answers session.  The session was conducted by Mr Mark McPherson
(AusCERT), Mr Nick Tate (University of Queensland) and Mr Alastair Sharman
(EWA).

A large amount of interest was shown in the certification scheme during the
conference, with the Questions and Answers session being beneficial to both
attendees and the programme developers.  Below are a number of the issues
raised:

Q1: The scheme appears to be based on sound principles, but can only be as
good as its acceptance by the international security community.  How will
the project team ensure that it is accepted?

A1: Community acceptance of ISSPCS is of great importance to the developers
and more importantly to the ISSPCS candidates.  The ISSPCS development
partners believe ISSPCS will be embraced by the IT Security community
because of its greater relevance to today's security needs, its openness and
commitment to constant revision, as well as its focus on both international
and regional issues.

The ISSPCS development team are actively seeking input from the IT Security
community to contribute to the programme's value as a community resource.
Feedback from the community shows a desire for a certification scheme that
is credible, comprehensive, cost-effective, international in scope, and
genuinely open and a scheme that discusses security issues using systematic
and lifecycle approaches.  ISSPCS will fill that need.

Q2: I have already invested heavily in other security certifications.  Will
my investment be wasted if ISSPCS becomes a leader in security
certifications?

A2: No, your investment will not be wasted.  Whilst the ISSPCS Academic
Board are yet to convene and discuss the matter, the intention is for the
ISSPCS assessment board to give credit for any recent, relevant
accreditation received by the candidate.  A matrix of pre-approved credit
will be drawn up and made available to candidates.

Q3: When will I be able to sit for an ISSPCS exam?

A3: We expect the programme to be operational after mid-2003.  Watch the
ISSPCS website at http://www.isspcs.org/ for an announcement.

Q4: How will you make the programme regional?

A4: Strategic Principle Three for ISSPCS states " An International Scheme -
which would allow specific modules to be available in various countries and
regions. It will also be developed in accordance with international
standards. Country-specific modules will be developed as demand dictates."

In order to comply with this principle it is necessary to make the
Theoretical and Practical Knowledge Base (TPKB) sensitive to the Cultural
and Jurisdictional imperatives of different Nations.

The TPKB has been designed in a modular manner.  A set of modules are
focused on Security Compliance and these have been designed to include and
integrate all national Legal, Regulatory and Cultural aspects that are
specific to the Nation in which the TPKB is being used.  This set of modules
will also include all international aspects related to Treaties,
Legislation, Regulation and Standards.  These modules will be modified to
reflect the Nation in which it is being used.  Further, it is intended that
a representative body, within the specific nation carry out the modification
of the national Legal, Regulatory and Cultural aspects, thus ensuring
national representation and buy-in.

ISSPCS will negotiate with national representative bodies to have national
versions of compliance modules developed, as demand and time permits.
National input will be sought as to the appropriate national representative
body to approach.

---

ISSPCS Feedback

The ISSPCS development team appreciates feedback, especially from early
adopters such as yourself.  If you would like to make a comment or ask a
question, please feel free to contact one of the team members listed on
http://www.isspcs.org/contact.php

---

Thankyou for being part of the ISSPCS development.

http://www.isspcs.org/