ISC2 has introduced an additional path to earning
the ISSAP, ISSEP and ISSMP certifications. This new path removes the CISSP as a requirement, while recognizing seven years of relevant experience as a qualifying factor in earning the ISSAP, ISSEP or ISSMP.
There are now two ways to earn and maintain these specialized, role-based certifications. Learn more at ISC2 Insights: https://www.isc2.org/Insights/2023/10/Additional-Non-CISSP-Path-to-ISSAP-ISSEP-and-ISSMP-Certificati...
.
One way is through the petition process, found in the bylaws [link], specifically section "VI. Meetings of Members", subsection "8. Right of Petition:", but this is often perceived as adversarial. The one advantage being that it guarantees action/attention.
Hoping @tldutton finds an affable path (e.g. a "suggestion box").
I can only speak for the past.
Ideas would come to someone in Management or an individual Board member (remember getting in front of the entire Board as a member is almost impossible but you can catch them at Conferences et al) from a variety of sources (members, other organisations, members of management, individual board members, etc.). These ideas were typically talked about amongst management and sometimes even vetted with individual board members. If the idea was deemed worthy, then a case was brought before the Board who would review the case and either approve or deny the certification.
This may have changed over the years but the Board is supposed to be Strategic in nature. That being said part of the strategy might be diversifying the protfolio.
d
To clarify some of the above, the day-to-day review and management of our certification portfolio is the responsibility of the organization (Management). Any recommendations they have are sent to the Board for review and discussion as part of the Board's oversight and governance role. The Board can then approve the changes or not (or send them back for further work).
To address the point about communication, in addition to the webinar mentioned by another poster we communicated this news to the membership across all of our channels. We sent direct emails to ISSAP, ISSEP and ISSMP cert holders, and posted articles in our November Member News & Resources newsletter, as well as on social channels. This change was also addressed in Town Hall at Security Congress, which was accessible to all of our members both in person and online.
If you would like to ensure you are receiving the most up-to-date messaging, we encourage you to review your communication preferences, https://my.isc2.org/s/Dashboard/Preferences. If you have board related questions you can email legal@isc2.org.
I hope this is helpful.
@awoolnough wrote:To clarify some of the above, the day-to-day review and management of our certification portfolio is the responsibility of the organization (Management). Any recommendations they have are sent to the Board for review and discussion as part of the Board's oversight and governance role.
Perhaps you meant to write "organization (the members);" we are a corporation - a group of shareholders (i.e., members) functioning as an individual entity. The members are the organization.
The larger conundrum is that anything impacting certification ostensibly impacts the definition of "member" within our bylaws. Our bylaws do not appear to grant the board the authority to create additional classes of membership (that would take a member-approved amendment). In the context of the expanding suite of credentials, I'm wondering that if we aren't creating classes of membership, then what would such a thing look like? We don't all have the same credential (CISSP) any more. We pay different AMFs. Have to complete different CPEs. And at this stage, we don't all have to be security professionals any more (despite what our Articles of Incorporation) say.
I appreciate that from management's view there is a process in place, but the process goes much further, not just to the board, but ultimately to the membership. If someone disagrees with that, fine, but I've never heard dialog.
@awoolnough wrote:
I hope this is helpful.
What would be VERY helpful, and encouraging, is for ISC2 to commssion new Official ISC2 Guide to the 'concentration' CBK books.
e.g. The ISSAP CBK 2nd edition is over 10 years old now.
The exam outline for ISSAP has been revised multiple times in that decade, with the most recent in 2020, and so one would assume it is soon due for another revision next year or so.
Recently the author of the last edition was critical, in a fair and objective manner, of the missed opportunity by ISC2 in relation to the Concentrations.
It seriously cannot be expected CISSPs purchase ISC2 training courses in order to study for the concentrations, and especially as feedback in recent times has not been kind to this material on offer.
@tldutton wrote:
Reach out to me directly in reference to the alternate paths to the ISSAP, ISSEP, and ISSMP. I was the business owner for that particular project and am intimately aware with ALL the facts, not the conjecture that seems to be floating around.
Hi @tldutton,
Perhaps then you're best placed to address the status of when ISC2 plans to commission new Official ISC2 Guide to the 'concentration' CBK books?
As mentioned in an earlier post, the ISSAP CBK 2nd edition is over 10 years old now, ISSMP CBK over 8 years old, and the ISSEP CBK guide was released a whopping 18 years ago!
One would've thought with this de-coupling of the concentrations from the CISSP as an alternate, this would have deemed a mandatory refreshing of "Guide to CBK" content to encourage adoption and pursuit?