Information Assurance Curriculum and Certification: State of the Practice

The purpose of this document is to describe the state of the practice in information assurance and security curriculum and certification. The scope is not exhaustive, but rather illustrative of the types of activity occurring today within various organizations, including government, universities and research centers, professional societies, and the business community. Although individual courses are available, there apparently is no systematic agreement on the knowledge, skills, and abilities required to formulate a curriculum for information security professionals that enjoys broad-based support across organizations. As a result of Presidential Decision Directive 63 and the charge to protect the nation's critical infrastructures, the pressure is increasing to provide some minimum level of competence for system and network administrators working in the field of information assurance. Presently, several professional organizations offer certified professional designations. What is needed is a comprehensive framework for curriculum and certification in information assurance and security. Currently the thrust for training focuses primarily on the technologies of information infrastructures. However, long-term solutions for the protection of critical information assets will require a more comprehensive approach in which senior executives and managers, as well as technical staff, develop strong and diverse skills that allow them to advance an organization's mission in a dynamic and increasingly hostile networked environment.