A recent Cybersecurity Today TV broadcast featuring the ANSI National Accreditation Board (ANAB)’s Dr. Vijay Krishna showcases the role of accreditation and details why it is a critical factor when selecting certifications. Host Jim Wiggins and Dr. Krishna spoke about the National Initiative for Cyber Security Education (NICE), and the best way to evaluate competence when it comes to cyber security professionals.
Dr. Krishna, a recognized expert in the field of personal certification accreditation, leads credentialing accreditation programs at ANAB, including the ISO 17024 program for personal certification bodies, the ANSI/ASTM E2659-18 program for training certificates, and the Conference for Food Protection Program (CFP) for food safety professional certification bodies.
He noted the differences between certifications and accreditation, explaining how ANAB assesses the competence of certification bodies.
“When you go get a degree and diploma, you look for an accredited university,” he said. “Similarly, when you go to a medical facility and you go to a lab, you want to make sure that that lab itself is meeting certain requirements. When you’re looking at a certification program, you want to make sure that the certification body itself is competent.” ANAB offers individual third-party assessment to see if an organization is in compliance with international standard ISO 17024, which assesses the competence of the certification body.
When it comes to cyber security education, Dr. Krishna explained that degrees, diplomas, certificates, and training are ways to build competence, but certifications have another value. With a certification, “it’s not really about acquiring competence, it’s about validating, or confirming that you have the competence to practice,” he said.
He also explained how NIST’s NICE provides a foundation for cyber security certifications, cyber security education, and training in the U.S., and for employers and public-private partnerships, noting that it is a useful foundation to build upon the credentialing system in the U.S. for cyber security. NICE works to advance an integrated ecosystem of cybersecurity education, training, and workforce development.
Reflecting on recent cyber trends applicable to all, Dr. Krishna noted: “Cyber is no longer the domain of certain individuals in an organization. Every citizen has to have some kind of cyber literacy….We are seeing more and more entry level certifications, entry level training, assessment-based certificates coming.”
“You need to have a mindset that this is a new reality where we have to be alert all the time, and we have to have the right tools,” he added. “Those tools are not just terms of software, but also human capabilities, and the competence to be able to effectively deter and address cyber threats.”