(ISC)2 announced (here) a new pilot to allow certification candidates to take exams in the comfort of their own home. We have come a long way from paper and pencil exams only offered every three months!
Here's the schedule:
February 15, 2021 – February 21, 2021
February 22, 2021 – February 28, 2021
Get certified! Protect us from evil! Increase your pay!
I wonder what the pay off is for those volunteering their time during this pilot program. If they pass an exam, do they achieve certification of the respective credential?
Just found the answer to my own question. Yes, you can use a passing result of this pilot test for application for full certification of the corresponding credential. See FAQs.
Based on some of the invites I am getting from some CISSP "trainers" I am concerned that the on-line testing will allow for more fraudulent CISSP exams being taken. I have had 2 different offers that they said they would allocate an online trainer to write my exam through the online testing.
(ISC)2 how are y'all protecting the value of our certifications and ensuring that the respect of CISSP is not being diluted by fraud.
I can provide details on the individuals that contacted me if needed.
This type of fraud is rampant in our space. Been contacted by any number of overseas "training organizations" that will happily get you any "cert you want in 4-5 weeks". LinkedIn has been my most promising source of suspects for the past six months but any social media can be targeted.
Yes, there was something to be said for the "old pencil and paper" method. A system we could once believed in.
I agree that the old paper and pencil way probably helped, at least in a lot of countries, and I think most of the testing centers run a fairly secure testing scenario in most of those same countries. But there seem to be countries that just don't care.
To me this goes against all the ethics of our profession and I feel like if you are willing to cheat to pass the certification exam, what other areas are you willing to compromise in. And when it comes to security, the first compromise is the first step in the wrong direction. I have felt for a while that Grey Hat hackers aren't real, it is just a lighter shade of black that will probably continue to darken over time, because if you compromise your values and ethics once, it gets easier and easier to justify it.
How would they ensure that there is:
1) No cheating? Someone behind the monitor with cue cards, books, etc. to assist the exam taker?
2) The recording and sharing of actual test questions?
3) Other test takers from watching the exam and taking notes?
Seems a little sketchy to me.
I am not concerned about the value of the certifications being diluted as a result of being able to test remotely. I have sat several certifications from home and find online proctoring to be very effective in deterring and detecting cheating. I am assuming (ISC)2 is partnering with Pearson VUE to offer online testing and if you research their process you will find it to be very effective. Now, can this process eliminate cheating? Absolutely not, but it is the same thing with risk; can you eliminate risk? No. The CISSP certification is so difficult that I wouldn't even be worried about someone cheating on it. If you have decided that you are going to cheat on this exam I think it points to your lack of preparation as well as lack of commitment. With that being said, I am confident in saying that even if this fictitious person took the exam open book they still would not pass it.
...Someone behind the monitor with cue cards, books, etc. to assist the exam taker?...
Some schools address this by having a web-cam proctor and requiring that the student first survey the room to show that the monitor is against a wall and that there is not a "research computer" adjacent. I have also heard of requiring students to run a program that detects sharing apps (e.g. Zoom), multiple keyboards, etc.
But yes, I completely agree that depending on the secure configuration of an uncontrolled environment seems sketchy.
... The recording and sharing of actual test questions? ....
This is the part I would expect to keep (ISC)² up at night. Hidden webcams of the type illegally used in "bathroom scenarios" seem ripe for the task, and would likely be "encouraged" by brain dump web sites wanting the tapes.