Security Blog

Your source for information security news and views.

Subscribe to feed Viewing entries tagged CISSP

CISSP Online Exam Format: Pro & Con

Posted by Brian Edmiston
Brian Edmiston
Brian Edmiston has not set their biography yet
User is currently offline
on Wednesday, 20 June 2012
in Uncategorized

A lot of attention has been given to the new computer-based testing (CBT) exam format for CISSP® certification. This may be merited. There is an ongoing debate about the integrity of the exam itself when delivered in such an environment and the possible repercussions to the quality of the credential itself.

The concern over whether or not this delivery method could make it difficult to control fraud is of primarily importance. Is it possible that someone other than the actual candidate take the exam? What methods are being used to prevent this?

Also, can the questions be compromised so the students can prepare for the exam without mastering all of the core subject matter?

Questions such as these abound when moving to an electronic exam format, but the suppliers of online testing systems indicate that they have thought of ways to bring safeguards to the table. In fact, PearsonVUE pioneered using biometric identification for test taker authentication over ten years ago, and in recent years deployed Fujitsu’s PalmSecure biometric identification technology to over 500 PearsonVUE test facilities worldwide. More recently they introduced one-to-many (1:N) matching to provide an enhanced layer of fraud prevention, utilizing the SensoBrain distributed biometric acceleration technology which compares each test taker’s biometrics to those of everyone else in a client’s testing program, ensuring that any potential fraudulent testing based on impersonation can be proactively eliminated before it occurs.

While the move to a CBT format will obviously be a huge cost saving measure for most test-takers, who historically have had to travel some distance to take these exams, there are increasing concerns about brain dumping, causing potential brand erosion of the “elite” certification. While some argue that (ISC)2 has done an excellent job against brain dumps to-date, by retiring their questions quickly, others believe that taking the exam from a paper to an online format will degrade its value and relegate it to the level of other lower level security certs.

What are your thoughts on the pros/cons of the change in delivery for the CISSP exam?

Download our most recent IT Security Briefing  (An IP3 White Paper):  A Face-Lift for CISSP Exams - June 2012 - [Download PDF]

Hits: 125 3 Comments