One way is through the petition process, found in the bylaws [link], specifically section "VI. Meetings of Members",  subsection "8. Right of Petition:", but this is often perceived as adversarial.  The one advantage being that it guarantees action/attention.

 

Hoping @tldutton finds an affable path (e.g. a "suggestion box").

 

 

I can only speak for the past. 

 

Ideas would come to someone in Management or an individual Board member (remember getting in front of the entire Board as a member is almost impossible but you can catch them at Conferences et al) from a variety of sources (members, other organisations, members of management, individual board members, etc.).  These ideas were typically talked about amongst management and sometimes even vetted with individual board members.  If the idea was deemed worthy, then a case was brought before the Board who would review the case and either approve or deny  the certification. 

 

This may have changed over the years but the Board is supposed to be Strategic in nature.  That being said part of the strategy might be diversifying the protfolio.

 

d

 

To clarify some of the above, the day-to-day review and management of our certification portfolio is the responsibility of the organization (Management). Any recommendations they have are sent to the Board for review and discussion as part of the Board's oversight and governance role. The Board can then approve the changes or not (or send them back for further work).

 

To address the point about communication, in addition to the webinar mentioned by another poster we communicated this news to the membership across all of our channels. We sent direct emails to ISSAP, ISSEP and ISSMP cert holders, and posted articles in our November Member News & Resources newsletter, as well as on social channels. This change was also addressed in Town Hall at Security Congress, which was accessible to all of our members both in person and online. 

 

If you would like to ensure you are receiving the most up-to-date messaging, we encourage you to review your communication preferences, https://my.isc2.org/s/Dashboard/Preferences. If you have board related questions you can email legal@isc2.org.

 

I hope this is helpful. 

---

@awoolnough wrote:

To clarify some of the above, the day-to-day review and management of our certification portfolio is the responsibility of the organization (Management). Any recommendations they have are sent to the Board for review and discussion as part of the Board's oversight and governance role.

---

Perhaps you meant to write "organization (the members);" we are a corporation - a group of shareholders (i.e., members) functioning as an individual entity. The members are the organization.

 

The larger conundrum is that anything impacting certification ostensibly impacts the definition of "member" within our bylaws. Our bylaws do not appear to grant the board the authority to create additional classes of membership (that would take a member-approved amendment). In the context of the expanding suite of credentials, I'm wondering that if we aren't creating classes of membership, then what would such a thing look like? We don't all have the same credential (CISSP) any more. We pay different AMFs. Have to complete different CPEs. And at this stage, we don't all have to be security professionals any more (despite what our Articles of Incorporation) say.

 

I appreciate that from management's view there is a process in place, but the process goes much further, not just to the board, but ultimately to the membership. If someone disagrees with that, fine, but I've never heard dialog.

---

@awoolnough wrote:

 

I hope this is helpful. 

---

What would be VERY helpful, and encouraging, is for ISC2 to commssion new Official ISC2 Guide to the 'concentration' CBK books.

 

e.g. The ISSAP CBK 2nd edition is over 10 years old now.

The exam outline for ISSAP has been revised multiple times in that decade, with the most recent in 2020, and so one would assume it is soon due for another revision next year or so.

 

Recently the author of the last edition was critical, in a fair and objective manner, of the missed opportunity by ISC2 in relation to the Concentrations.

 

It seriously cannot be expected CISSPs purchase ISC2 training courses in order to study for the concentrations, and especially as feedback in recent times has not been kind to this material on offer.

 

@Narsil At the ISC2 Secure APAC conference Clar Rosso addressed the audience. Often you can find out more about people’s plans by what they say Vs what they don’t say.

So CC was provided much time with candidates, associates and member at 500k however she didn’t seem to mention any other certifications, let alone the former CISSP concentrations. She was followed up by a lady from the Cyberpeace institute who was very keen on non-traditional paths into cybersecurity - and nothing else on certifications in the morning sessions. I had to carry out calls on the PM sessions so if it was mentioned there I don’t know.

What is clear is that with pilots signed with CSC for CC to be adopted it’s latest focus there and not so much in other areas.

I’ve got mixed feelings as I think CompTOA’s Security+ is still the dominant predator in the entry level cyber security certification market(it’s the one the jobs ask for) boosting the membership to 500k members, associates and candidates seemingly surpasses ISACA at 170k member and starts to get close to CompTIA with 2.5 million certified personnel. That’s an order of magnitude higher than IAPP with a mere 50k members, so it’s exiting times.

Anyway it’s hard to see what the current state of the former concentrations are as member counts redirects and no longer lists member counts by certifications after the data by country went away.

https://www.isc2.org/About/Member-Counts

There is an archived version at:

https://web.archive.org/web/20230316191559/https://www.isc2.org/About/Member-Counts#

However we see for the former concentration with just over 2K ISSAP(and SABSA, TOGAF, DODAF snapping at its heels, and behind perhaps of more practical use especially in EA circles) and just over 1K for ISSEP and ISSMP respectively as of 2022 I think that holder will be aging out faster than they certify(especially with no updated CBK) so I’m afraid the writing may be on the wall. As a holder of three certifications with ISC2 at the sunset of my career I can reflect that CISSP has been useful, more for the connection with people at conferences than career(I started working for me current employer before certifying, and unlike uS based folks I don’t have it as a checkbox need, so it’s always been nice to have). But for the concentrations that always made it look interesting I can’t see ISC2 concluding the juice of reviving the material is currently worth the squeeze.

Cyberpeace is below for reference:

https://cyberpeaceinstitute.org/

Reach out to me directly in reference to the alternate paths to the ISSAP, ISSEP, and ISSMP. I was the business owner for that particular project and am intimately aware with ALL the facts, not the conjecture that seems to be floating around.

---

@tldutton wrote:
Reach out to me directly in reference to the alternate paths to the ISSAP, ISSEP, and ISSMP. I was the business owner for that particular project and am intimately aware with ALL the facts, not the conjecture that seems to be floating around.

---

Hi @tldutton,

 

Perhaps then you're best placed to address the status of when ISC2 plans to commission new Official ISC2 Guide to the 'concentration' CBK books?

 

As mentioned in an earlier post, the ISSAP CBK 2nd edition is over 10 years old now, ISSMP CBK over 8 years old, and the ISSEP CBK guide was released a whopping 18 years ago!

 

One would've thought with this de-coupling of the concentrations from the CISSP as an alternate, this would have deemed a mandatory refreshing of "Guide to CBK" content to encourage adoption and pursuit?