| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun Aug 21 11:26:57 2005 From: ivanhec at gmail.com (Ivan .) Subject: Re: MS not telling enough - ethics >: Well done, anyone else who knows of people committing fraud against isc2 >: should report them. Unfortunately I don't think its feasible for isc2 to >: check everybody. >Oh, how coincidental.. What do you suggest? that they check everyone who passes the exam? >Ethics Complaint Procedures [0] so whats your complaint? people passing the exam, gaining the cert without the relevant experience? or now the ethics complaint handling procedure? > You are so proud of our certification, you won't even list yourself in > the (ISC)2 directory so that we can verify you even hold the > certification! [2] yep, you must be on crack? https://www.isc2.org/cgi-bin/cert_verification.cgi?displaycategory=1300 CERTIFICATION VERIFICATION SEARCH RESULTS Ordered by Last Name Back to Certificate Verification page. Name: Ivan Coric Brisbane Certification(s): CISSP > Best for who?! Oh yes, for you since you hold it. And best for those > issuing it, since they profit directly from the certification and the > yearly 'renewal' fee. The fact is, (ISC)2 and the CISSP certification is a > marketing ploy and money maker. It is *not* in their best interest to > allow the credibility of their certification to be tarnished for any > reason, even when criminals are 'earning' it. yeah it's good for me, and yes because I hold it. Your a smart fellow, have a lolly. Hopefully someone from ISC2 can reply to the list and address your concerns. cheers Ivan On 8/19/05, security curmudgeon <jericho@...rition.org> wrote: > > : Well done, anyone else who knows of people committing fraud against isc2 > : should report them. Unfortunately I don't think its feasible for isc2 to > : check everybody. > > Oh, how coincidental.. > > : They do random credential checking and I should I know, since I was > : audited after I passed the exam. > > Ethics Complaint Procedures [0] > > The board and its agents undertake to keep the identity of the complainant > and respondent in any complaint confidential from the general public. > > [..] > > The board will consider only complaints that specify the canon of our code > that has been violated. > > [..] > > Complaints will be accepted only from those who claim to be injured by the > alleged behavior. While any member of the public may complain about a > breach of Canon I, only principals may complain about violations of Canons > II and III, and only other professionals may complain about violations of > Canon IV. > > [..] > > All complaints must be in writing. The board is not an investigative body > and does not have investigative resources. Only information submitted in > writing will be considered. > > [..] > > Complaints and supporting evidence must be in the form of sworn > affidavits. The board will not consider other allegations. > > [..] > > Where there is disagreement between the parties over the facts alleged, > the ethics committee, at its sole discretion, may invite additional > corroboration, exculpation, rebuttals and sur-rebuttals in an attempt to > resolve such dispute. The committee is not under any obligation to make a > finding where the facts remain in dispute between the parties. Where the > committee is not able to reach a conclusion on the facts, the benefit of > all doubt goes to the respondent. > > [..] > > Discipline of certificate holders is at the sole discretion of the board. > Decisions of the board are final. > > -- > > Ok, let me translate this for you: > > Keep it private, for your own good, we swear! This way the complaint is > kept out of public scrutiny. You have to clearly define what canon was > violated, even though they are general and vague. You must personally be > injured to complain, even though breaking any of the four canons may not > directly harm one individual! You must submit said complaint in writing, > and the board does not have time to investigate your complaint at all. > Such complaints must be in the form of sworn affidavits [1], signed by a > notary as witness to your signature etc. If there is any dispute of > facts, which is entirely up the to the (ISC)2 board, it is entirely > their discretion whether to act on or continue the process. The board > may arbitrarily decide not to pursue or consider additional evidence, > will make no effort to research the matter themselves, and drop the > matter without further consideration. Even if the board finds someone > guilty of breaking one of the canons, the board will decide what > punishment, if any, is appropriate, including 'none'. > > How many hoops does one have to jump through to file a complaint that will > actually be considered?! Should I slice my wrists and bleed all over the > signed and notarized document in case they need a blood sample or DNA? > Does the complaint need to be shouted out from town square right after > slaughtering a chicken while juggling hedgehogs? I mean really, how many > ways can they make this process counter-productive and full of backdoors > so the 'board' can simply ignore your complaint? > > : Ivan Coric, CISSP > > You are so proud of our certificiation, you won't even list yourself in > the (ISC)2 directory so that we can verify you even hold the > certification! [2] > > : The CISSP cert is the best security cert around, without a doubt. > > Best for who?! Oh yes, for you since you hold it. And best for those > issuing it, since they profit directly from the ceritification and the > yearly 'renewal' fee. The fact is, (ISC)2 and the CISSP certification is a > marketing ploy and money maker. It is *not* in their best interest to > allow the credibility of their certification to be tarnished for any > reason, even when criminals are 'earning' it. > > > security curmudgeon > > [0] https://www.isc2.org/cgi-bin/content.cgi?page=176 > [1] http://en.wikipedia.org/wiki/Affidavit > [2] https://www.isc2.org/cgi-bin/directory.cgi?displaycategory=503 >
Powered by blists - more mailing lists