Re: [OT] [Full-disclosure] CISSP Test

• Previous message: KF (Lists): "Re: [Full-disclosure] $25K Prize for the first OS X virus."
• Maybe in reply to: Anders Langworthy: "Re: [OT] [Full-disclosure] CISSP Test"
• Next in thread: R Mondesir: "Re: RES: [Full-disclosure] CISSP Test"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Anders Langworthy" <hades@psilanthropy.org>, <full-disclosure@lists.grok.org.uk>
Date: Sat, 26 Mar 2005 12:17:55 -0500

----- Original Message -----
From: SecurityLSI <Security@lan-slam.com>
To: "Anders Langworthy" <hades@psilanthropy.org>;
<full-disclosure@lists.grok.org.uk>
Sent: Saturday, March 26, 2005 12:16 PM
Subject: Re: [OT] [Full-disclosure] CISSP Test

> When it comes to InfoSec, its not hard to imagine the government
madating
> a form of licensing for all security professionals that deal with
regulated
> privacy matters (i.e. HIPPA et al). In fact, I think this would be a good
> thing as it would inevitably be extended to other realms of IT, although
it
> would probably occur in an informal fashion.
>
> As more and more privacy regulation becomes the norm, I fully encourage
> the government to require some form of high-level certification that must
be
> an across-the-board mandate (i.e. licensing). Its the only way to ensure
> competent professionals are the ones filling security positions. That's
not
> to say there still won't be some duds, but at least you won't have the
flood
> of bootcampers, braindumps, and paper certs who are only out to make a
fast
> buck. After all, the security of our citizens' privacy, as well as the
> integrity of our nation's critical infrastructures are at stake.
>
> --Joe
>
> ----- Original Message -----
> From: "Anders Langworthy" <hades@psilanthropy.org>
> To: <full-disclosure@lists.grok.org.uk>
> Sent: Saturday, March 26, 2005 1:59 AM
> Subject: Re: [OT] [Full-disclosure] CISSP Test
>
>
> > SecurityLSI wrote:
> > > I wholeheartedly agree that there needs to be an industry benchmark,
> > > something that says you cannot operate in this field unless you have
> passed
> > > x. I'm thinking along the lines of something similar to the Bar exam
> that
> > > lawyers have to take, or perhaps a license like what doctors are
> required to
> > > obtain before being able to practice. I fear its going to take
something
> of
> > > that level to truly separate the chaff from the wheat. Anything less
and
> you
> > > only end up with braindumps and bootcampers throwing resume after
resume
> at
> > > you.
> > >
> >
> > There is an important distinction between something like the Bar, and
> > medical licensure. The InfoSec equivalent of the legal Bar would be
> > impossible to implement, because unlike a courtroom, a network is not
> > under regulated control. If you wish to practice law, you must do it in
> > a government-controlled courtroom*, and that government says that you
> > must pass the Bar before doing so.
> >
> > My network, on the other hand--like my body--belongs to me. Nobody has
> > the right to tell me who I can and cannot hire to work on them. In the
> > same way, I could pay somebody off the street to perform surgery on me
> > if I wished. I wouldn't recommend it, and they wouldn't be a licensed
> > doctor, but nobody can stop me.
> >
> > So what difference does it make if we add another benchmark/"cert"? We
> > already have plenty. Even if it were possible, would we really want to
> > grant absolute power to something like the medical AMA?
> >
> > * Judge Judy doesn't count.
> >
> > --
> > Anders
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

• Previous message: KF (Lists): "Re: [Full-disclosure] $25K Prize for the first OS X virus."
• Maybe in reply to: Anders Langworthy: "Re: [OT] [Full-disclosure] CISSP Test"
• Next in thread: R Mondesir: "Re: RES: [Full-disclosure] CISSP Test"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]