View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
November 30, 2005

Microsoft to require security partners to be certified

Conceding its previous efforts to differentiate security partners were 'broken," Microsoft is beefing up its Security Solutions Competency third-party program by requiring them to be formally certified.

By CBR Staff Writer

The new requirements, announced this week, call for Microsoft security partners to pass certification tests from International Information Systems Security Certification Consortium (ISC)2 and Information Systems Audit and Control Association (ISACA).

According to Thomas Dawkins, a Microsoft group product manager responsible for security partner strategy, this is one of the first times that Microsoft has required external industry certifications for its partners. He says that the goal is to help Microsoft’s partners more effectively position themselves. Left unsaid is that Microsoft is striving to re-emphasize that the company is getting serious about security.

The certifications include ISACA’s CISM (Certification for IT Security Management), a certification established three years ago that covers people, processes, policy, and overall governance. It requires the passing of a test, plus at least five years experience in IT security governance, risk management, info security program management, info security management (the day to day stuff), and incident response management.

Kent Anderson, managing director of Network Risk Management LLC, and member of ISACA’s CISM Certification Board, characterizes CISM as the people side of security. Businesses have realized that security is more than a technical problem, he said.

The other piece, represented by the 16-year old CISSP (Certified Information Systems Security Professional), will be optional for Microsoft partners. CISSP involves a test of 250 multiple choice questions covering topics such as access control systems, cryptography, and security management practices.

Microsoft’s requirements are in two categories: basic, which comprises the ISACA, (ICP)2, and Microsoft Certified Professional (MCP) certifications; and advanced, which adds requirements; and advanced, which adds certification as Microsoft Certified systems Engineer (MSCE).

The requirements will be enforced when each partnership comes up for annual renewal. Dawkins estimates that roughly 80% of those already in the security partner program have passed the various certifications.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.