There are recent reports of widespread cheating on certification exams in China, South Korea, and a few other countries. As a CISSP-ISSEP and CAP, nothing is more important to me professionally or personally than my (ISC)² credentials. I am proud of the credentials that I worked very hard to achieve. And, I stand with more than 100,000 others worldwide who are certified by (ISC)² and recognize that certification is a privilege that must be legitimately earned and maintained.
During (ISC)²’s 25 year history, candidates and members from around the world have looked to (ISC)² to deliver the highest caliber exams and certifications. Because of the professional significance embedded in the achievement of (ISC)² credentials, it is imperative to safeguard the validity, defend the security, and protect the value and integrity of (ISC)² exams.
(ISC)² constantly works to ensure that the integrity of our exams and the professional legitimacy associated with achieving our credentials are not impaired, devalued, or jeopardized. (ISC)² takes steps to eliminate any activities that hinder ethical pursuit of the (ISC)² credentials, including activities that constitute fraud, collusion or unfair advantages. All candidates must pass (ISC)² exams and demonstrate independence in doing so.
In today’s competitive job market, people often take desperate actions to pass a certification exam to get that job or advance in the field. These actions include paying for what they think are test questions and answers; spending money on “pass for sure guarantees;” or purchasing “brain dumps.” I’ve even heard of candidates being kept in a room until they had memorized “guaranteed” answers just prior to taking the actual exam. Regrettably, this kind of scenario is BIG business for the pseudo trainers and con artists who have taken on fake professional personas for lucrative financial gains.
It could be said that the advances in technology contribute to the business of cheating. Con artists and pseudo trainers use the internet to take advantage. I’ve seen some examples online where “supposed” exam questions and answers can be bought and downloaded in a matter of seconds! One might ask, how do the con artists get the exam questions and answers? In all likelihood, they do not have current exam content, and in actuality use deception to exploit thousands of candidates. Some have tried the latest miniaturized technologies to harvest questions from exams. Some intentionally fail and retake the exam in an attempt to harvest questions. Be wary of “guaranteed pass-for-sure” or paying someone $99.95 to take the test for you.
You may be wondering how we ensure that our certs don't suffer from such problems? The (ISC)² exam process does not just begin when candidates sit for exams. Meticulous, stringent item and exam development are part of the process prior to the presentation of exams. (ISC)² conducts psychometric and forensic analyses to validate ethical testing practices and exam results. Sophisticated scientific techniques are routinely applied through computer-based testing with controls inapplicable to paper-based exams, in highly secured testing centers with in-depth monitoring of all test subjects. Thus, if irregularities or improprieties are discovered, (ISC)² takes steps for resolution including suspension of testing activities, voiding results or decertification, if warranted. To further safeguard the professionalism of the information security industry and the integrity and longevity of our credentials, we require all members and candidates to subscribe to the (ISC)² Code of Ethics.
We are committed to protecting the integrity of our exams and ensuring they continue to add value to our members and society, while ensuring that candidates have opportunities to pursue (ISC)² credentials fairly, honestly and ethically. There are many ways to prepare for (ISC)² exams that will not trigger a negative forensic trail, such as chapter study groups, self-study, practice exams with simulated questions, or legitimate review seminars. (ISC)² prepares exhaustive education materials and review seminars designed to impart a mastery of the common body of knowledge covering the principles and best practices for IT security. Just beware of training providers that claim to have the questions and answers or otherwise guarantee their teaching will insure your passing. “Teaching to the test” is an unacceptable practice.
(ISC)² credentials are globally recognized standards of achievement that confirm knowledge, validate competence and experience gained in the field of information security, and add great value to the individual and society as a whole. We take our exams and certifications seriously, and as such will not tolerate activities that have the potential to diminish the value or relevance of (ISC)² credentials for our members or the industry. As an (ISC)² credential holder, I for one am proud that my achievements are held to such high standards. -- Hord Tipton, CISSP-ISSEP, CAP, (ISC)² Executive Director