Re: [OT] [Full-disclosure] CISSP Test
From: SecurityLSI (security_at_lan-slam.com)
To: "Anders Langworthy" <firstname.lastname@example.org>, <email@example.com> Date: Sat, 26 Mar 2005 12:17:55 -0500
----- Original Message -----
From: SecurityLSI <Security@lan-slam.com>
To: "Anders Langworthy" <firstname.lastname@example.org>;
Sent: Saturday, March 26, 2005 12:16 PM
Subject: Re: [OT] [Full-disclosure] CISSP Test
> When it comes to InfoSec, its not hard to imagine the government
> a form of licensing for all security professionals that deal with
> privacy matters (i.e. HIPPA et al). In fact, I think this would be a good
> thing as it would inevitably be extended to other realms of IT, although
> would probably occur in an informal fashion.
> As more and more privacy regulation becomes the norm, I fully encourage
> the government to require some form of high-level certification that must
> an across-the-board mandate (i.e. licensing). Its the only way to ensure
> competent professionals are the ones filling security positions. That's
> to say there still won't be some duds, but at least you won't have the
> of bootcampers, braindumps, and paper certs who are only out to make a
> buck. After all, the security of our citizens' privacy, as well as the
> integrity of our nation's critical infrastructures are at stake.
> ----- Original Message -----
> From: "Anders Langworthy" <email@example.com>
> To: <firstname.lastname@example.org>
> Sent: Saturday, March 26, 2005 1:59 AM
> Subject: Re: [OT] [Full-disclosure] CISSP Test
> > SecurityLSI wrote:
> > > I wholeheartedly agree that there needs to be an industry benchmark,
> > > something that says you cannot operate in this field unless you have
> > > x. I'm thinking along the lines of something similar to the Bar exam
> > > lawyers have to take, or perhaps a license like what doctors are
> required to
> > > obtain before being able to practice. I fear its going to take
> > > that level to truly separate the chaff from the wheat. Anything less
> > > only end up with braindumps and bootcampers throwing resume after
> > > you.
> > >
> > There is an important distinction between something like the Bar, and
> > medical licensure. The InfoSec equivalent of the legal Bar would be
> > impossible to implement, because unlike a courtroom, a network is not
> > under regulated control. If you wish to practice law, you must do it in
> > a government-controlled courtroom*, and that government says that you
> > must pass the Bar before doing so.
> > My network, on the other hand--like my body--belongs to me. Nobody has
> > the right to tell me who I can and cannot hire to work on them. In the
> > same way, I could pay somebody off the street to perform surgery on me
> > if I wished. I wouldn't recommend it, and they wouldn't be a licensed
> > doctor, but nobody can stop me.
> > So what difference does it make if we add another benchmark/"cert"? We
> > already have plenty. Even if it were possible, would we really want to
> > grant absolute power to something like the medical AMA?
> > * Judge Judy doesn't count.
> > --
> > Anders
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/