lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <21681.1210878601@turing-police.cc.vt.edu>
Date: Thu, 15 May 2008 15:10:01 -0400
From: Valdis.Kletnieks@...edu
To: Morning Wood <se_cur_ity@...mail.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Geeks

On Thu, 15 May 2008 09:11:37 PDT, Morning Wood said:
> >> Anybody who thinks a CISSP is a "license to hack" is dreadfully ignorant
> >> of what little overlap there is between hacking skills and the material
> >> covered in the CISSP.
> 
> CISSP's cant hack

Right, because the CISSP isn't about hacking. It's about risk management.
It's about balancing the cost of adding more security to a system against
the costs of an intrusion.  It's about the costs of testing a disaster
recovery plan, and the costs of not having a plan.  It's about what sort
of backup schedule you should have, and what the retention period on the
backups should be, and why.  It's about knowing how deep a background check
you should make on prospective employees.  It's about how much security
awareness training the users need.

Hacking is a *very small* part of the security world.

Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ