RE: [fw-wiz] Seeking input: Research Proposal: "Is a third position possible?"

From: Bill Royds (broyds_at_rogers.com)
Date: 04/06/04

  • Next message: Daniel Chemko: "RE: [fw-wiz] firewall for MS RPC"
    To: <ltaylor@relevanttechnologies.com>
    Date: Mon, 5 Apr 2004 18:38:53 -0400
    
    

    Laura, I forwarded your message to the CISSPforum mailing list and received
    several comments including this useful one:
    -----Original Message-----
    From: Bill Putman [mailto:w_putman@pacbell.net]
    Sent: April 5, 2004 12:11 PM
    To: cisspforum@yahoogroups.com
    Subject: [cisspforum] Re: FW: [fw-wiz] Seeking input: Research Proposal: "Is
    a third position possibl

    There is a "Certification Verification" page on the public side of the
    ISC Web site. It is not easy to find. One must click on the
    "Post-Certification" link on a page other than the home page. A menu
    of links is then presented with one labeled "Certification
    Verification - Verify an individual's (ISC)2 credentials." The link
    is as follows:

    https://www.isc2.org/cgi/cert_verification.cgi

    Querying on the last name or portion thereof, the full name and some
    location info is displayed of the "certified individual." Presumably
    the queried database is complete and the cert is in good standing.
    Hopefully, the navigation to this page will be more apparent in the
    redesigned Web site, and ISC personnel will direct phone inquiries to it.

    Bill Putman

    --- In cisspforum@yahoogroups.com, "Brigitte Grieger"
    <Brigitte.Grieger@g...> wrote:
    > > Keep in mind the person said they CALLED the ISC2 offices and were
    turned
    > > down... this makes sense if you think about it. If the person
    followed
    > the
    > > instructions and WRITTEN to ISC2 on corporate letterhead, then
    there would
    > > have likely been a verification.
    > >
    > [...]
    > > >
    > > >I was thinking of hiring a person with a CISSP and called up ISC2 to
    > > verify
    > > >if they really were a CISSP. ISC2 told me that they never verify if
    > > anyone
    > > >is a CISSP as it is an invasion of the person's privacy.
    >
    > Seems that this case was handled very badly by the ISC2 person
    answering the
    > call. (S)he should have told the caller what to do in order to get a
    > verification.
    >
    > However, if that was the reason the CISSP was not hired (s)he might be
    > better off that way.
    >
    > Regards,
    > Brigitte
    >
    > --

    -----Original Message-----
    From: firewall-wizards-admin@honor.icsalabs.com
    [mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Laura Taylor
    Sent: April 2, 2004 10:31 AM
    To: 'Crispin Cowan'; 'Holt, Philip'
    Cc: firewall-wizards@honor.icsalabs.com
    Subject: RE: [fw-wiz] Seeking input: Research Proposal: "Is a third position
    possible?"

    Something curious to know about CISSP is this....

    I was thinking of hiring a person with a CISSP and called up ISC2 to verify
    if they really were a CISSP. ISC2 told me that they never verify if anyone
    is a CISSP as it is an invasion of the person's privacy. I then asked them
    how could I know for sure if this person really was a CISSP and told them
    that the person was not listed in the CISSP database on the ISC2 web site.
    They then told me that not all CISSPs are listed in the database because
    some don't want to be listed. They told me that the only way to verifiy if a
    person is a CISSP is to ask them for their certificate. I then asked them if
    all certificates look exactly alike and can they tell me how to know if a
    certificate it authenticate. I was told that all certificates do not look
    exactly alike and that they have changed their look over the years so there
    is no way to know if a particular certificate is real or not.

    After much discussion, it became clear that they were not willing to verify
    if anyone is a CISSP, and that there was no way for anyone to really verify
    this information unless the person chooses to be listed in the database on
    the ISC2 web site. I told them that in my opinion their process for
    certification was not consistent with the concept of "trust, but verify" and
    I ended up not hiring the person I had originally interviewed.

    If a certification cannot be verified, to me it is worthless. I'd rather
    hire an MCSE because Microsoft is willing to verify all their
    certifications.

    The philosophies and ethics of 2600 could possibly be questionable, but I
    dare say that ISC2 is not at all the organization that I once thought it to
    be.

    Laura

    ------------------------------------------------
    Laura Taylor
    Relevant Technologies, Inc.
    www.relevanttechnologies.com

    -----Original Message-----
    From: firewall-wizards-admin@honor.icsalabs.com
    [mailto:firewall-wizards-admin@honor.icsalabs.com]On Behalf Of Crispin
    Cowan
    Sent: Tuesday, March 23, 2004 12:28 AM
    To: Holt, Philip
    Cc: firewall-wizards@honor.icsalabs.com
    Subject: Re: [fw-wiz] Seeking input: Research Proposal: "Is a third
    position possible?"

    Holt, Philip wrote:

    > that reveals your thoughts concerning, "Is a third position possible?"
    > We are all aware of CISSP's Canons.
    > We are also all aware of the positions put forth and the beliefs
    > held fast to of the 2600 Group, Hacktivismo, John Perry Barlow's
    > "Declaration of Cyberspace" and a host of other similar positions and
    > beliefs that are in fact counter-positions to those revealed in
    > CISSP's Canon.
    >
    No, I'm not aware of the CISSP canon. To me, the philosophies of CISSP
    are about as mystic and secretive as Scientology, and as such about as
    useful :)

    The 2600 crowd have a lot of well-known philosophies. One of the
    particularly well-known canon of the 2600 crowd is that they never
    actually agree on anything :) And I dare say that some 2600 people have
    CISSPs.

    So no, I have no idea what your question is. You suggest that there are
    two diametrically opposed views here, but since you specify both by
    obscure reference and never actually define them, it's really hard to
    tell what the hell you are talking about. Please specify what you think
    the opposing views are, and then we can discuss them.

    Crispin

    --
    Crispin Cowan, Ph.D.
    Security Consulting  http://crispincowan.com
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Daniel Chemko: "RE: [fw-wiz] firewall for MS RPC"

    Relevant Pages

    • RE: OSCP
      ... The same is true for the CISSP. ... certification will be any more than paper professionals, ... Of course it is just paper, no different from OSCP. ... Security Trends Report from Cenzic ...
      (Pen-Test)
    • RE: CISSP Question
      ... or design, or consulting, what is the value of the CISSP? ... certification are aiming for. ... Eligibility doesn't require you to be practising or with experience in all ... professionals on the staff has a number of potential benefits to the ...
      (Security-Basics)
    • Re: MCSE: Security requirements
      ... Thank you for your e-mail regarding CISSP Certification. ... NewsFlash is the easiest way to stay current on Microsoft certification ... I don't care what Kanika says, the cert planner is what is used. ...
      (microsoft.public.cert.exam.mcse)
    • Re: MCSE: Security requirements
      ... To stay up to date with the latest training and certification news, you may wish to subscribe to the MCP NewsFlash. ... Subscribing to the MCP NewsFlash is the easiest way to stay current on Microsoft certification news. ... I don't care what Kanika says, the cert planner is what is used. ... The cert planner clearly shows CISSP as a valid elective. ...
      (microsoft.public.cert.exam.mcse)
    • RE: Re: CISSP
      ... certification which is derived of multiple certs. ... CISSP is the simplest choice of them all. ... It's a requirement for most companies seeking security ...
      (Pen-Test)