Toward User Evaluation of IT Security Certification Schemes: A Preliminary Framework

  • Nicholas Tate
  • Sharman Lichtenstein
  • Matthew J. Warren
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 232)


This paper reports a preliminary framework that supports stakeholder evaluation, comparison and selection of IT Security Certification schemes. The framework may assist users in the selection of the most appropriate scheme to meet their particular needs.


Information Security Certification Scheme Information Security Management Preliminary Framework Security Professional 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    M. Hentea, and H.S. Dhillon, Towards Changes in Information Security Education, Journal of Information Technology Education 5, 221–223 (2006).Google Scholar
  2. 2.
    E. Tittel and K. Lindros, Analysis: The Vendor-neutral Security Certification Landscape,, 26 September (2006).Google Scholar
  3. 3.
    APECTEL, IT Skills Report, Asia-Pacific Economic Cooperation Telecommunications & Information Working Group e-Security Task Group, (March 2004); Document number:telwg29/ESTG/05.
  4. 4.
    E. Tittel, Building a Career in Information Security, Certification Magazine April (2004).Google Scholar
  5. 5.
    M. Bean, The Quest for the IT Security Professional, Certification Magazine November (2004).Google Scholar
  6. 6.
    E. Tittel, Security Certification: A Marketplace Overview, Certification Magazine February (2003).Google Scholar
  7. 7.
    M.E. Whitman, and H.J. Mattord, A Draft Model Curriculum for Programs of Study in Information Security and Assurance, Kennesaw State University, Georgia, 1–83 (2003).Google Scholar
  8. 8.
    M. Bishop and D. Frincke, Academic Degrees and Professional Certification, IEEE Security & Privacy Magazine November, 2(6), 56–58 (2004).CrossRefGoogle Scholar
  9. 9.
    K.L. Bledsoe and J.A. Graham, The Use of Multiple Evaluation Approaches in Program Evaluation, American Journal of Evaluation 26(3), 302–319 (2005).CrossRefGoogle Scholar
  10. 10.
    T. Claburn, Security Pros get their Due, Information Week, 16 January, (2006).Google Scholar
  11. 11.
    B. Endicott-Popovsky, Ethics and Teaching Information Assurance, IEEE Security & Privacy Magazine, July/August, 65–67 (2003).Google Scholar
  12. 12.
    T. Facklam, Certification of Persons — ISO/IEC DIS 17024, ISO Bulletin October, 31–34(2002).Google Scholar
  13. 13.
    D. Frincke, Who Watches the Security Educators? IEEE Security & Privacy Magazine, May/June, 56–58 (2003).Google Scholar
  14. 14.
    P.Y. Logan and A. Clarkson, Teaching Students to Hack: Curriculum Issues in Information Security, ACM SIGCSE Bulletin, Proceedings of the 36th SIGCSE Technical Symposium on Computer Science Education SIGCSE’ 05 37(1), 157–161 (2005).CrossRefGoogle Scholar
  15. 15.
    E. Schultz, Infosec Certification: Which way do we turn from here? Computers & Security 24(8), 587–588 (2005).CrossRefGoogle Scholar
  16. 16.
    ISO/IEC 17024, Conformity Assessment—General Requirements for Bodies Operating Certification of Persons, 1–10 (2003).Google Scholar

Copyright information

© International Federation for Information Processing 2007

Authors and Affiliations

  • Nicholas Tate
    • 1
  • Sharman Lichtenstein
    • 2
  • Matthew J. Warren
    • 2
  1. 1.Faculty of Science and TechnologyDeakin UniversityBurwoodAustralia
  2. 2.School of Information SystemsDeakin UniversityBurwoodAustralia

Personalised recommendations