| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <003001c53227$c0310ac0$0205a8c0@magneto> Date: Sat Mar 26 17:18:30 2005 From: security at lan-slam.com (SecurityLSI) Subject: [OT] CISSP Test ----- Original Message ----- From: SecurityLSI <Security@...-slam.com> To: "Anders Langworthy" <hades@...lanthropy.org>; <full-disclosure@...ts.grok.org.uk> Sent: Saturday, March 26, 2005 12:16 PM Subject: Re: [OT] [Full-disclosure] CISSP Test > When it comes to InfoSec, its not hard to imagine the government madating > a form of licensing for all security professionals that deal with regulated > privacy matters (i.e. HIPPA et al). In fact, I think this would be a good > thing as it would inevitably be extended to other realms of IT, although it > would probably occur in an informal fashion. > > As more and more privacy regulation becomes the norm, I fully encourage > the government to require some form of high-level certification that must be > an across-the-board mandate (i.e. licensing). Its the only way to ensure > competent professionals are the ones filling security positions. That's not > to say there still won't be some duds, but at least you won't have the flood > of bootcampers, braindumps, and paper certs who are only out to make a fast > buck. After all, the security of our citizens' privacy, as well as the > integrity of our nation's critical infrastructures are at stake. > > --Joe > > ----- Original Message ----- > From: "Anders Langworthy" <hades@...lanthropy.org> > To: <full-disclosure@...ts.grok.org.uk> > Sent: Saturday, March 26, 2005 1:59 AM > Subject: Re: [OT] [Full-disclosure] CISSP Test > > > > SecurityLSI wrote: > > > I wholeheartedly agree that there needs to be an industry benchmark, > > > something that says you cannot operate in this field unless you have > passed > > > x. I'm thinking along the lines of something similar to the Bar exam > that > > > lawyers have to take, or perhaps a license like what doctors are > required to > > > obtain before being able to practice. I fear its going to take something > of > > > that level to truly separate the chaff from the wheat. Anything less and > you > > > only end up with braindumps and bootcampers throwing resume after resume > at > > > you. > > > > > > > There is an important distinction between something like the Bar, and > > medical licensure. The InfoSec equivalent of the legal Bar would be > > impossible to implement, because unlike a courtroom, a network is not > > under regulated control. If you wish to practice law, you must do it in > > a government-controlled courtroom*, and that government says that you > > must pass the Bar before doing so. > > > > My network, on the other hand--like my body--belongs to me. Nobody has > > the right to tell me who I can and cannot hire to work on them. In the > > same way, I could pay somebody off the street to perform surgery on me > > if I wished. I wouldn't recommend it, and they wouldn't be a licensed > > doctor, but nobody can stop me. > > > > So what difference does it make if we add another benchmark/"cert"? We > > already have plenty. Even if it were possible, would we really want to > > grant absolute power to something like the medical AMA? > > > > * Judge Judy doesn't count. > > > > -- > > Anders > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ >
Powered by blists - more mailing lists