lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <003001c53227$c0310ac0$0205a8c0@magneto>
Date: Sat Mar 26 17:18:30 2005
From: security at lan-slam.com (SecurityLSI)
Subject: [OT] CISSP Test


----- Original Message ----- 
From: SecurityLSI <Security@...-slam.com>
To: "Anders Langworthy" <hades@...lanthropy.org>;
<full-disclosure@...ts.grok.org.uk>
Sent: Saturday, March 26, 2005 12:16 PM
Subject: Re: [OT] [Full-disclosure] CISSP Test


>   When it comes to InfoSec, its not hard to imagine the government
madating
> a form of licensing for all security professionals that deal with
regulated
> privacy matters (i.e. HIPPA et al).  In fact, I think this would be a good
> thing as it would inevitably be extended to other realms of IT, although
it
> would probably occur in an informal fashion.
>
>   As more and more privacy regulation becomes the norm, I fully encourage
> the government to require some form of high-level certification that must
be
> an across-the-board mandate (i.e. licensing).  Its the only way to ensure
> competent professionals are the ones filling security positions.  That's
not
> to say there still won't be some duds, but at least you won't have the
flood
> of bootcampers, braindumps, and paper certs who are only out to make a
fast
> buck.  After all, the security of our citizens' privacy, as well as the
> integrity of our nation's critical infrastructures are at stake.
>
> --Joe
>
> ----- Original Message ----- 
> From: "Anders Langworthy" <hades@...lanthropy.org>
> To: <full-disclosure@...ts.grok.org.uk>
> Sent: Saturday, March 26, 2005 1:59 AM
> Subject: Re: [OT] [Full-disclosure] CISSP Test
>
>
> > SecurityLSI wrote:
> > > I wholeheartedly agree that there needs to be an industry benchmark,
> > > something that says you cannot operate in this field unless you have
> passed
> > > x. I'm thinking along the lines of something similar to the Bar exam
> that
> > > lawyers have to take, or perhaps a license like what doctors are
> required to
> > > obtain before being able to practice. I fear its going to take
something
> of
> > > that level to truly separate the chaff from the wheat. Anything less
and
> you
> > > only end up with braindumps and bootcampers throwing resume after
resume
> at
> > > you.
> > >
> >
> > There is an important distinction between something like the Bar, and
> > medical licensure.  The InfoSec equivalent of the legal Bar would be
> > impossible to implement, because unlike a courtroom, a network is not
> > under regulated control.  If you wish to practice law, you must do it in
> > a government-controlled courtroom*, and that government says that you
> > must pass the Bar before doing so.
> >
> > My network, on the other hand--like my body--belongs to me.  Nobody has
> > the right to tell me who I can and cannot hire to work on them.  In the
> > same way, I could pay somebody off the street to perform surgery on me
> > if I wished.  I wouldn't recommend it, and they wouldn't be a licensed
> > doctor, but nobody can stop me.
> >
> > So what difference does it make if we add another benchmark/"cert"?  We
> > already have plenty.  Even if it were possible, would we really want to
> > grant absolute power to something like the medical AMA?
> >
> > * Judge Judy doesn't count.
> >
> > --
> > Anders
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ