As someone who suffered through the original 6-hour pencil and ScanTron version of the exam, this evolution in the testing process is a welcome improvement for those tackling this certification for the first time.
As a CISSP, I am thrilled to see new online training and preparation processes. I believe this certification is an excellent step in the education and preparation of the IT Security professionals. Furthermore, I wholly endorse any organization with the desire of propagating and enforcing a respectable Code of Ethics in my chosen profession.
A good friend and colleague Michael Burgess, CISSP, sent me the following message this morning:
“I’ve been doing some research and thought you may benefit from (if you haven’t already ran across it). Some have begin adding an addition to a well known acronym and a core principle in information security. I think it is picking up steam and with good reason.
Accountability as in the process of tracing, or being able to trace activities to a responsible source….I think it is a good addition given experiences and how often accountability is needed, or would have been helpful.”
I think Mr. Burgess and the growing movement to expand the traditional triad are spot on. Accountability is an important principle in IT Security and is closely tied to the principles of data integrity, confidentiality and availability. It speaks to the responsibilities of data stewards and data owners and the need for security analysts to capture activities and report on anomalous behavior.
Kudos to Michael for bringing this idea forward and continuing the conversation to our profession stronger.