CISSP stands for Certified Information Systems Security Professional. The certification is backed by the International Information System Security Certification Consortium (ISC) ². They celebrated its 30th anniversary in 2019. In order to obtain the CISSP credential, candidates have to display an appropriate level of knowledge of IT Security and in order to maintain it, they must commit to continuous professional development.
For most SMEs, gaining CISSP certification would be overkill. It requires a degree of specialisation that benefits an expert but is just not required within an in-house team. Looking instead to ensure that your external IT Support team is CISSP accredited would be more advantageous. These are the people who are in charge of your digital security and online systems.
Information security may be one of the most dynamic industry sectors there is. As we experience a period of rapid technological development, so the threats to system security just keep on changing in a way which would have been unimaginable to even our most imaginative ancestors.
For example, the idea of hackers stealing data through an online fish tank would once have been considered a wild science fiction fantasy. Now however, it’s a sobering point in (recent) IT history.
As (ISC)² is only too well aware of this, they continually run educational events (mostly online) to keep their certified professionals ahead of the curve. They also negotiate discounts to real-world events run by other industry bodies.
Over recent years, consumers have become more aware of data security (and how it impacts them) through the worst method possible: a long succession of scandals. These have demonstrated how even major companies can display a wide variety of security failings from basic carelessness to blatant abuse.
While it may seem very unfair to tar all companies with the same brush, it’s also completely understandable that customers increasingly work on the basis of “once bitten twice shy”. They start to look for evidence that a company can be trusted with their data rather than just assuming that companies can be trusted to be responsible.
Having someone who is CISSP certified on your external IT team makes a clear statement that you are serious about information security. This will reassure customers that they can trust you.
Companies of all sizes are now increasingly thinking in terms of “centres of excellence” rather than operational silos. While departments are expected to have specialist expertise, they are also expected to work in partnership with other departments. Done in a holistic manner and often having to liaise with external parties of various descriptions in order to reach common goals.
With information security, team rivalries (such as competing for higher sales or wider customer reach) are often put aside. They are seen as less important than the common threat of losing public confidence due to lack of security.
CISSPs have expertise in a wide range of relevant areas including the law, forensics and disaster recovery. If there is something they don’t know then they are well-placed to find out (and quickly) through the support they receive from (ISC)² and, in particular, their access to its resources.