nClar Rosso, ISC2 CEO and Casey Marks, Chief Product Officer and VP, ISC2 tecently hosted the latest in our new Inside ISC2 webinar series, a quarterly series designed to give members a glimpse of the latestndevelopments from inside the association, as well as an opportunity to asknquestions. The March 23 session included milestones from the first quarter,nas well as a deep dive into ISC2’s process for developing exams andncertifications.
nn
nQ1 Recap
nn
nnRosso kicked off the discussion with a recap of the association’snresponse to the pandemic, and its transition to online learning.nRecognizing that 2021 still means travel restrictions for most people,n(ISC)² is increasing its free online courses and increasing its webinarnprogram by 40%, as well as introducing a hybrid, virtual and in-person, ISC2 Security Congress in October 2021. More than 27% of membersnenrolled in online, on-demand courses in the last two years since theynfirst became available, and almost 300,000 CPE credits were issued. Thenassociation also rolled out its first Spanish-translation course in 2020nand plans to introduce additional translated courses throughout 2021.n
nnTo drive member value, the association also established a GlobalnDiversity, Equity and Inclusion initiative, a new Member Communicationsnteam and is re-examining and enhancing how it engages with localnchapters and academic institutions.n
nn
nThe Five Stages of ISC2’s Exam Development Cycle
nn
nnMarks then offered a detailed look into why and how ISC2 routinelynupdates its credential exams so that they remain “current andnchallenging, but not tricky.” The rigorous, methodical process appliesnto all nine of the organization’s certification exams, takes 15 monthsnat minimum and consists of five main stages including job task analysis,nitem mapping, item writing, standard setting and publishing.n
nn“Our exams are not developed in an ivory tower, or only by ISC2 staff,” said Marks. “They are developed by you, the practitioners, tonreflect the dynamics and changing issues that you see every day out innthe field.”n
nnISC2 certifications are mature, ranging from five years old up to 30nyears old, and exams refresh every three years to reflect the mostnpertinent issues professionals face, unless there has been a shiftnsignificant enough to speed up the cycle.n
nnThe first phase of the cycle is a 6-to-9-month process called the JobnTask Analysis (JTA). The JTA is derived from input and feedback fromnISC2 members who understand the dynamic, real-world changes to thencybersecurity landscape.n
nn“Our exams are not designed to be ‘bleeding edge,’ but cutting edge. Wenwant to give every candidate an opportunity to respond to exam itemsneffectively and correctly,” added Marks.n
nnAfter JTA, the next phases in the cycle are Item Mapping (2 to 3 months)nand Item Writing (4 to 6 months) where ISC2 maps the actual currentnjob tasks performed by certified members to the content of eachncredentialing exam and the CPE credits required to maintainncertification. The association also ensures that the topics covered bynexams align with the Common Body of Knowledge (CBK) which isna comprehensive framework of all the relevant subjects a securitynprofessional should be familiar with, including skills, techniques andnbest practices. This is done through group workshops and surveys, wherenmembers are asked to weigh in on activities that security professionalsnshould be doing.n
nnA detailed content outline (DCO) is then shared with the general publicnincluding ISC2 education group and then the process progresses to thenstandard setting and publishing phases.n
nn“We are always holistically assessing our portfolio,” said Marks. “Wenlook at generalist and specific roles-based and specialized needs. Wenalways ask: Do we tackle this content currently? Would a securitynprofessional be expected to know these things? Then we take all thatninformation in, and do a gap analysis. Is this covered and how is itncovered? Can we offer it through PDI? It’s an ongoing process.”n
nnWhen asked about the status of the pilot online proctoring program for ISC2 certification exams, Rosso explained that the organization wantsnto “make all of our exams and certifications as accessible in thenmarketplace,” but that it’s extremely “important to retain thenintegrity, security and quality of our programs.” The organization willnreview the pilot test results of 1500 exams administered in February,nand see what they show to determine what the path forward is. Respondingnto a similar question about computerized adaptive testing, Marks notednthat ISC2 is building robust item banks and hopes to be able to offernmore in the future.
n nn
nGetting Involved
nn
nnWhen asked how members could get more involved in the process, Marksnstated, “Exams don’t happen without you. Our staff facilitates andnguides, but we do have opportunities for all of our credential holdersnto get involved in exam development workshops, item writing sessions,nspecial interest surveys as well as volunteering with events ornspeaking.” Rosso reminded members that volunteering fulfills CPE creditsnand is “a great way to give back.”n
nnInterested members can learn more about exam development on our websiten(member login required) atnnhttps://www.isc2.org/Member-Resources/Exam-Developmentnnor by emailing workshops@isc.org.n
n