News

Security Competency Gets Revamped

Microsoft revises Partner Competency, splitting it into two tracks for technical implementers and security management partners.

As a response to partners seeking help from Microsoft in its never-ending battle to keep customers secure, Microsoft Corp. says it has restructured the Security Solutions competency into two specializations with revised requirements.

In the process, Microsoft also sought an assist from outside its walls, partnering with two key security groups, the Information Systems Audit and Control Association (ISACA) and the International Information Systems Security Certification Consortium ((ISC)2).

Microsoft says it has taken a "technology agnostic" approach within its Security Solutions competency, splitting it into two specializations that address technical issues and the other that looks at security policy and risk management, governance, and auditing.

"Whether you’re working with Microsoft technology or providing security products, services or solutions — across the enterprise we want them to have a home in this program," said Thomas Dawkins, a group product manager involved in developing the security partner strategy, through a statement.

The technical track, Infrastructure Security, focuses on a partner's ability to implement and administer security measures to its customers. As part of the specialization's fulfillment, partners must have two employees on their staff who've earned IT security certifications. Microsoft this time around has tweaked the requirements: Rather than requiring staffers to both possess an MCSE: Security certification, Microsoft has added third-party certifications onto the requirements list.

Two of those certifications come from the (ISC)2, a vendor-supported security industry group that includes Microsoft among its board: Certified Information Systems Security Professional (CISSP) and Systems Security Certified Practitioner (SSCP).

Two others come from ISACA, an independent group who focuses on standards, IT governance, risk management and auditing: Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM).

Employees who use those certifications toward fulfillment must also have passed Microsoft's exam 70-299: Implementing and Administering Security in a Microsoft Windows Server 2003 Network.

The other track targets a different kind of partner, one that Microsoft says is focused on providing security management services to its customers. The Security Management specialization, therefore is less technical and, in fact, doesn't require an MCSE: Security. Instead, the specialization requires two employees who've earned a CISSP, CISA, or CISM and have passed Microsoft exam 70-298: Designing Security for a Windows Server 2003 Network.

Both tracks also require three documented, security solutions-oriented customer references.

For details on the changes, go to https://partner.microsoft.com/global/competency/securitysolutions/40017158. To find out more about ISACA, go to http://www.isaca.org/. More on (ISC)2 can be found at https://www.isc2.org/.

About the Author

Michael Domingo has held several positions at 1105 Media, and is currently the editor in chief of Visual Studio Magazine.

Featured

  • The 2021 Microsoft Product Roadmap

    From Windows 10X to the next generation of Microsoft's application server products, here are the product milestones coming down the pipeline in 2021.

  • After High-Profile Attacks, Biden Calls for Better Software Security

    Recent high-profile security attacks have prompted the Biden administration to issue an executive order aiming to tighten software security practices across the board.

  • With Hybrid Networks on Rise, Microsoft Touts Zero Trust Security

    Hybrid networks, which combine use of cloud services with on-premises software, require a "zero trust" security approach, Microsoft said this week.

  • Feds Advise Orgs on How To Block Ransomware Amid Colonial Pipeline Attack

    A recent ransomware attack on a U.S. fuel pipeline company has put a spotlight on how "critical infrastructure" organizations can prevent similar attacks.