1/8/2002 -- The board of directors of the International Information Systems Security Certification Consortium (ISC)2 announced last week that they will be rasing the experience requirements for the organization's flagship Certified Information Systems Security Professional (CISSP) title.

Begininng in 2003, candidate will be required to have four years of industry experience, or three years with a college degree. Currently, the minimum requirement is three years.

According to ISC2, the change will not affect any current holders of the CISSP credential or those planning to take the CISSP examination during 2002: "The vast majority of CISSP candidates will be unaffected by these new requirements since most possess a college degree," James E. Duffy, managing director of (ISC)2, said in a printed statement. However, "it is the board's belief that these new requirements better reflect the need for a broad-based education or similar life experience to excel in the information security profession."

Duffy further explained that the "equivalent life experience" provision is intended for mature professionals who did not obtain a college degree but are in positions where a college degree would normally be required. Equivalent life experience will be assessed on a case-by-case basis by the (ISC)2 Professional Practices Committee.

The CISSP is a high-level, vendor-neutral security certification that covers 10 areas of specialty. Candidates must not only meet the experience requirements but also agree to abide by the ISC2's code of ethics before being allowed to sit for the 200-question, six-hour CISSP exam.

For more information on the CISSP, visit www.isc2.org.