News

Security Competency Gets Revamped

Microsoft revises Partner Competency, splitting it into two tracks for technical implementers and security management partners.

• By Michael Domingo
• November 29, 2005

As a response to partners seeking help from Microsoft in its never-ending battle to keep customers secure, Microsoft Corp. says it has restructured the Security Solutions competency into two specializations with revised requirements.

In the process, Microsoft also sought an assist from outside its walls, partnering with two key security groups, the Information Systems Audit and Control Association (ISACA) and the International Information Systems Security Certification Consortium ((ISC)2).

Microsoft says it has taken a "technology agnostic" approach within its Security Solutions competency, splitting it into two specializations that address technical issues and the other that looks at security policy and risk management, governance, and auditing.

"Whether you’re working with Microsoft technology or providing security products, services or solutions — across the enterprise we want them to have a home in this program," said Thomas Dawkins, a group product manager involved in developing the security partner strategy, through a statement.

The technical track, Infrastructure Security, focuses on a partner's ability to implement and administer security measures to its customers. As part of the specialization's fulfillment, partners must have two employees on their staff who've earned IT security certifications. Microsoft this time around has tweaked the requirements: Rather than requiring staffers to both possess an MCSE: Security certification, Microsoft has added third-party certifications onto the requirements list.

Two of those certifications come from the (ISC)2, a vendor-supported security industry group that includes Microsoft among its board: Certified Information Systems Security Professional (CISSP) and Systems Security Certified Practitioner (SSCP).

Two others come from ISACA, an independent group who focuses on standards, IT governance, risk management and auditing: Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM).

Employees who use those certifications toward fulfillment must also have passed Microsoft's exam 70-299: Implementing and Administering Security in a Microsoft Windows Server 2003 Network.

The other track targets a different kind of partner, one that Microsoft says is focused on providing security management services to its customers. The Security Management specialization, therefore is less technical and, in fact, doesn't require an MCSE: Security. Instead, the specialization requires two employees who've earned a CISSP, CISA, or CISM and have passed Microsoft exam 70-298: Designing Security for a Windows Server 2003 Network.

Both tracks also require three documented, security solutions-oriented customer references.

For details on the changes, go to https://partner.microsoft.com/global/competency/securitysolutions/40017158. To find out more about ISACA, go to http://www.isaca.org/. More on (ISC)2 can be found at https://www.isc2.org/.