Microsoft Partner Program Includes ISACA Certification in Restructure of Its Security Solutions Competency

Rolling Meadows, IL, USA (29 November 2005)—In the IT world, security is a subject that’s always on the move. The sophistication of new security threats is growing each year, and the ever-growing dependence on IT systems means that more personal, financial and other critical data must be secured. In response to these issues, Microsoft is building its business around security software to secure customers’ IT infrastructure.

Having a skilled and innovative security partner ecosystem is central to the company’s approach and, therefore, a large part of the effort has been significant changes to the Microsoft Partner Program, Security Solutions Competency, announced this week in partnership with long-established certification programs from Information Systems Audit and Control Association (ISACA) and International Information Systems Security Certification Consortium (ISC)2.

According to Thomas Dawkins, group product manager and the person responsible for Microsoft’s security partner strategy, the revised Security Solutions Competency is a direct response to many discussions Microsoft has had with industry partners, analysts, field sales staff and others, who made specific recommendations on ways to make the program more useful to partners who work with products, services or solutions based around security.

“Our partners want business opportunities, a relationship that supports the development and growth of their security business, and meaningful program requirements that help position them as trusted advisers to customers,” says Dawkins. “Most importantly, they want technical information, support and guidance to assist them in the field, where they need us the most.”

The result is the first Microsoft Partner Program competency to include both the rigorous and sought-after third-party validation from ISACA and (ISC)2, as well as the relevant Microsoft certifications as core elements. The restructured competency features two new specializations. One is focused on security management, for those partners who focus on more “technology agnostic” services, such as security policy, governance, compliance, risk assessment, risk management and auditing. The other is focused on infrastructure security — the technical side of the equation.

According to Dawkins and others involved with the new certifications, the company needed a new focus that draws a consistent approach to solving security issues for customers through the partner ecosystem. The new program recognizes the very rigorous certifications from ISACA and (ISC)2 — two of the most sought-after validation programs in the industry, with two standardized approaches to the issue.

Kent Anderson, Certified Information Security Manager (CISM) and managing director of Network Risk Management LLC, is a member of the CISM Certification Board of ISACA, a security standards and certification powerhouse with more than 47,000 members in 140 countries. Anderson says it is vital for information security managers to have expertise in business management issues, and have services professionals with certifications working with them. According to Anderson, the business world is beginning to understand the importance of this, and as a result, ISACA’s CISM and Certified Information Systems Auditor (CISA) designations have experienced unprecedented growth.

“One of the key challenges for companies and government entities around the globe is to have a professional information security staff work in partnership with executives and managers in all areas of the business,” says Anderson. “The experience of the people securing our networks and information systems is more important than ever, and being able to test and certify their skills and knowledge — both at a technical level and a strategic or policy level — is a big element in reducing IT-related risks and adding value to the business.”

According to Dow Williamson, Certified Information Systems Security Professional (CISSP) and director of corporate development for (ISC)2, new security technologies provide one piece of the puzzle, but the human element is the next great frontier in systems information security. His organization is the world’s foremost provider of information security training, education and certification and offers the CISSP and SSCP (Systems Security Certified Practitioner) credentials. After years in the business, he says, the industry and the people in it are still at the very tip of the iceberg.

According to Jeff Aliber of Unisys Corp., a global provider of enterprise security services and a Microsoft Gold Certified security partner, the involvement of the two major standards organizations will provide a measure of assurance for customers that can in turn benefit solutions providers and systems integrators.

“(ISC)2 and ISACA are worldwide organizations that are primarily focused on standards,” Aliber says. “The industry has rallied around these organizations to define the appropriate backgrounds and skills required for security certification. For customers, who generally work in heterogeneous security environments, these broader industry certifications will provide assurance that our consultants are not only skilled with their Microsoft-based technology, but all of the other facets of their security ecosystem as well.”

Another Microsoft Certified Gold partner, Fabio Spina of Italian solution provider Cluster Reply, says that Microsoft’s new approach based on standards will help ease the deployment process as well. “It’s important to our customers that Microsoft is investing in solutions, in awareness, in the approach to these kinds of problems, and doing so in a standardized way,” Spina says. “This creates one standard solution, one standard approach, which makes it much easier for us to provide effective solutions for our customers, and permits the industry to have one solid, formal approach to managing security issues.”

Under terms of the relationship, the Microsoft Partner Program will work with security professionals to validate their certifications through ISACA and (ISC)2. When partners register to become a Microsoft certified security partner, their certifications will be validated through the two organizations.

“We’ve changed our own requirements to include their certifications, and extended upon what they have built — standards and methodologies for solving industry security issues and providing guidance to help customers secure their IT infrastructure,” says Dawkins. “This provides a unique situation where we’re increasing the level of expertise needed in the marketplace. At the same time, it expands the availability and relevance of our program for our partners in the information security industry.”

Brad Gleason, global security practice manager for Getronics, a major worldwide provider of outsourced workspace management and IT security services, says that, while the program and Microsoft’s enhanced investment in the information security profession could lead to new opportunities, it also means bottom line security benefits for customers. For Getronics’ enterprise customers, this means enhancing service delivery for multi-year arrangements where Getronics has taken over management of the customer’s desktop, server and network environments.

“What our larger customers are asking for is to have security services woven in, integrated into a large outsourcing agreement, as opposed to being bolted on as a standalone service.” says Gleason. “To the extent we can weave our security services into our desktop environment to the point where it’s tightly integrated and seamless, we can deliver that at a predictable cost per seat on a recurring basis.

“We’re working closely with Microsoft on a number of fronts to integrate security throughout our portfolio offerings, so we can strengthen those offerings and improve the overall security position of our customers. But in the end, it’s being able to deploy competent professionals with a standardized best practices approach that really makes it happen.”

For more information, visit


With more than 47,000 members who live and work in more than 140 countries, the Information Systems Audit and Control Association® (ISACA®) ( is a recognized worldwide leader in IT governance, control, security and assurance. Founded in 1969, ISACA sponsors international conferences, publishes the Information Systems Control Journal®, develops international information systems auditing and control standards, and administers the globally respected Certified Information Systems Auditorâ„? (CISA®) designation, earned by more than 40,000 professionals since inception, and the Certified Information Security Manager® (CISM®) designation, a groundbreaking credential earned by 5,200 professionals.

Don't miss