The Role of Professional Certification in Securing Information Systems

October 14, 2009
A proposal on cybersecurity certification will offer few benefits, introduce burdensome costs to the government and the private sector, and not address the root cause of most cybersecurity vulnerabilities.

Cybersecurity is finally getting increased attention in Washington; however, one problematic idea that appears to have gained some traction is the development of a national certification program for cybersecurity professionals. While ostensibly targeted at the public sector and to protect critical infrastructure, it will have broad implications for the private sector. Such a proposal, while sounding helpful, will offer few benefits, introduce burdensome costs to the government and the private sector, and not address the root cause of most cybersecurity vulnerabilities.