Consortium forms government IT security board

Find opportunities — and win them.

Thirteen senior government information security professionals have agreed to serve on an advisory board to help define certification needs for IT security professionals.

(Updated 4:52 p.m. May 20, 2003)

Thirteen senior government information security professionals have agreed to serve on an advisory board to help define certification needs for IT security professionals.

The board was created by the International Information Systems Security Certification Consortium (ISC2), which provides training and testing for the Certified Information Systems Security Professional certification. The board will advise ISC2 on certification and training needs specific to government.

The board will be co-chaired by Bruce A. Brody, associate deputy assistant secretary for cyber and information security at the Veterans Affairs Department, and ISC2 director of government affairs Lynn McNulty.

"It's all about professionalization," Brody said. The CISSP certification is widely known in industry, "but not that widely known in government. ISC2 is looking for a way to take what has been accomplished in industry and adapt it for the government. To do that, they need to know government's unique needs."

CISSP covers a general body of knowledge about IT security. "We operate in a completely different environment, with legislation, regulatory and oversight requirements," Brody said of government IT professionals. ISC2 is looking for advice on how to adapt its certifications to government needs, or to create new government- or agency-specific certifications.

"For the last couple of years, there has been a lot of talk about how the government needs to lead by example in cybersecurity," said McNulty, former associate director for computer security at the National Institute of Standards and Technology. "We think increasing the professionalism of the government IT security work force is key to leading by example. As a former fed I'm very sympathetic to what the government is trying to do."

McNulty said the government committee is the first of what is expected to be a series of advisory boards focusing on separate sectors. The government sector came first because of the call to lead by example and because its needs "are a little more complex" due to the amount of classified and sensitive information government systems hold.

The board's first meeting will be June 4 in Washington and it is expected to meet at least three times a year. McNulty said there is no timetable for producing the first recommendations.

All board members are CISSP-certified. They are:

  • Barbara Cuffie, principal security officer, Office of Systems, Social Security Administration

  • Nancy DeFrancesco, IT security manager, Commerce Department

  • Arthur R. Friedman, National Security Agency liaison to the Defense Information Systems Agency

  • Joan Hash, manager of the NIST Computer Security Division's Security, Management and Guidance Group

  • Kim A. Johnson, senior policy analyst, Office of Management and Budget

  • Louis Magnotti, information systems security director, House of Representatives

  • Roger Mahach, security manager, Interior Department

  • Jerry G. Ormaner, operational security program manager for the Justice Department's telecommunications services staff

  • M.M. Pickens, senior policy analyst, DISA Office of the Chief Information Assurance Executive

  • John R. Rossi, computer scientist for information security and training, Federal Aviation Administration

  • C. Michael Smith, deputy chief of NSA's Operation Network Evaluation Division

  • G.E. Woodford III, director of computer and telecommunications security in the Homeland Security Department's Bureau of Immigration and Customs Enforcement.