RE: CISSP Question



Simmons,
You are mixing the word in its various taxonomies. The descriptive (the
adjective) is not the same as the noun.

You may seem to feel to differ, but at no time has my definition moved
from the original - it has been increased in precision.

"Your definition of Advocacy is tied to lawyers" - at no point. The
diagram was an extract from Abbot 1988. It was not mine. I can not send
a link as this is a scan from a book.

Again, this is not my definition. It is one that is defined through
others and the citations I supplied detail this. You are assuming that a
quick dictionary search and a cursory understanding are sufficent.

From your response, I have to assume that you have not seen many
contracts or been involved in the creation of contracts.

I stated that enlisted people are not members of a profession as a
result of being enlisted. This is not to say that they are not
professional. Military personal for the most part act very
prodfessionally, but acting professionally does not mean that you are a
member of a profession. The words are not the same in all contexts.

Regards,
Craig



Craig Wright
Manager of Information Systems

Direct +61 2 9286 5497
Craig.Wright@xxxxxxxxxx
+61 417 683 914

BDO Kendalls (NSW)
Level 19, 2 Market Street Sydney NSW 2000
GPO BOX 2551 Sydney NSW 2001
Fax +61 2 9993 9497
www.bdo.com.au

Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists.

The information in this email and any attachments is confidential. If you are not the named addressee you must not read, print, copy, distribute, or use in any way this transmission or any information it contains. If you have received this message in error, please notify the sender by return email, destroy all copies and delete it from your system.

Any views expressed in this message are those of the individual sender and not necessarily endorsed by BDO Kendalls. You may not rely on this message as advice unless subsequently confirmed by fax or letter signed by a Partner or Director of BDO Kendalls. It is your responsibility to scan this communication and any files attached for computer viruses and other defects. BDO Kendalls does not accept liability for any loss or damage however caused which may result from this communication or any files attached. A full version of the BDO Kendalls disclaimer, and our Privacy statement, can be found on the BDO Kendalls website at http://www.bdo.com.au or by emailing administrator@xxxxxxxxxxx

BDO Kendalls is a national association of separate partnerships and entities.

-----Original Message-----

From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Simmons, James
Sent: Friday, 4 May 2007 4:03 AM
To: Craig Wright
Cc: security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: CISSP Question

Craig,
The problem with this argument is that the definition of professional is
relative. And you are pre-occupied with defining it in a legal context.
Though I am sure at some point it will have to be examined under legal
context, the main problem is that ISC2 has not defined what they mean as
professional (or at least in any public documents I can remember
finding). That is why lawyers always spend the first few pages of
contracts defining
terms used.

Here is the Princeton definition of a profession.
# the body of people in a learned occupation; "the news spread rapidly
through the medical community"
# an occupation requiring special education (especially in the liberal
arts or sciences)
# an open avowal (true or false) of some belief or opinion; "a
profession of disagreement"
# affirmation of acceptance of some religion or faith; "a profession of
Christianity"
http://wordnet.princeton.edu/perl/webwn
Or http://www.google.com/search?hl=en&q=define%3Aprofession&btnG=Search

This discussion will continue on because you will continue to bring up
other references that make another definition of the wording of
professional. (First, it was someone who abided by your definition of
professional responsibility, then it was someone who was part of an
organization, and then it is someone who advocates, etc. ) I keep
refuting your claims, and then you bring up more references that change
the definition that you are using.
What needs to be done is a decision on your definition of profession and
then
present it for rebuttal. This whole "trying to hit a moving target" is
not going end at all.

Now on to your e-mail, advocacy is a position of representation.
http://www.google.com/search?client=firefox-a&rls=org.mozilla%3Aen-US%3A
official&channel=s&hl=en&q=define%3Aadvocacy&btnG=Google+Search
And here is a quote: "The act of speaking or of disseminating
information intended to influence individual behavior or opinion,
corporate conduct or public policy and law."

But, for arguments sake, lets take your definition:
"It is the role and effect as a mouthpiece and involves the act of
arguing on behalf of a particular issue. A Security consultant does
this. A Security guard does not."

So by your definition, how is a doctor an advocate? How is the security
consultant? He is consulting a client. Not speaking for them. In any
case, your definition of professional is obviously not what ISC2
requires to take their exam. There are plenty of CISSP
"professional" who do not fit your definition of professional.

Your definition of Advocacy is tied to lawyers.

I really liked your diagram though, and you should really give a link
to it
instead. But your diagram is flawed for your argument in that the main
contributing factor to the definition of a professional is the "Academic
Knowledge" portion
that everything runs through. And I would easily argue that not all
actual IT professionals have had said Academic Knowledge. Which just
points out the flaw in these old definitions of professionals that you
are using?
(Case in point, Bill Gates, the riches man in the world, never completed
his Academic Knowledge. So he is not a professional by your standards?)

Of course by your definition again, Police would not be considered
professionals? They are performing the same security services that a
security guard is, they just perform to a higher degree, and have been
decreed by the government to perform their job in such a way (government
regulation).

And finally I would have to touch on your statement that enlisted
individuals are not considered professionals. Granted it is a really
grey area, but since you are going to claim a general group I will
disprove it with a single subset. NCO, Chiefs/Sergeants, and Warrant
Officers. The higher echelons of the enlisted military community. They
run there shops / battalions, group. They are the managers, they are the
life blood of any military. I would have to make the argument that as
soon as you achieve the rank of NCO then you should be considered a
professional. You had to demonstrate your skill / knowledge, you are
then expected to become a leader of men. (They are called First Line
Leaders after all.) And being a previous NCO, I would have to claim from
experience, but I am not expecting anyone to take my word for it. You
don't know me or when I am lying.. Instead, draw your on conclusions or
go do your own research.

Regards,
Simmons

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Craig Wright
Sent: Wednesday, May 02, 2007 8:34 PM
To: Anonymous
Cc: security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: CISSP Question

Simmons,
A customary assessment deployed to appraise if an employment is, in
fact, a "profession" is the "advocacy test".

Basically: If a paid job necessitates that one recurrently performs as
an advocate for a different person, group, or organisation who require
the precise information necessary for such advocacy, then that
employment fulfils the analysis and is reasoned a "profession".

From this, the significance of explicit "codes of ethics" and (commonly)
licensure ensues.

Traditionally there were only a limited number of professions, Medicine,
the Clergy, and Academe. This has expanded over the years.

Members of the Secret Service are considered Intelligence Professionals.
They in the nature of their work provide advocacy. The role of a
security guard is not one which entails the provisioning of advocacy. A
military officer is considered a professional, an enlisted person or NCO
is not.

As for Government, civil servants may or may not be professionals based
on what they do. Diplomatic staff, accountants, lawyers etc are all
professionals. A clerk is not.

The use is oft misconstrued. The terminology "a professional athlete"
for instance refers to a sports person who preforms for money. This is
often confused to construe that the person is a professional. The terms
are not the same and the taxonomy differs. Just as one works for money,
one is not is necessity a professional. The athlete who acts as a
"professional" coach following their sporting career has become a
professional.

As for Security guards, though they have organisations such as Security
Police and Fireman's Professional Association, this is a Union and not a
professional body. They are not the same. A former security guard who
has moved into a management and consulting role and who designs (for
instance) security solutions and procedures would be entering into the
sphere of being a professional, though they are no longer a security
guard at this point.

As for carpenters, cooks and auto mechanics, they act in a trade.
However a trained and qualified chef (unlike a cook) is classified as a
professional.

None of this says anything as to the skill or ability of the person or
the level of training in the job. Many trades have high levels of
training, but still fail to qualify as a profession. Basically, any job
which is a trade can not by definition be considered a profession - the
terms are mutually exclusive.

Regards,
Craig

Craig Wright
Manager of Information Systems

Direct +61 2 9286 5497
Craig.Wright@xxxxxxxxxx
+61 417 683 914

BDO Kendalls (NSW)
Level 19, 2 Market Street Sydney NSW 2000 GPO BOX 2551 Sydney NSW 2001
Fax +61 2 9993 9497 www.bdo.com.au

Liability limited by a scheme approved under Professional Standards
Legislation in respect of matters arising within those States and
Territories of Australia where such legislation exists.

The information in this email and any attachments is confidential. If
you are not the named addressee you must not read, print, copy,
distribute, or use in any way this transmission or any information it
contains. If you have received this message in error, please notify the
sender by return email, destroy all copies and delete it from your
system.

Any views expressed in this message are those of the individual sender
and not necessarily endorsed by BDO Kendalls. You may not rely on this
message as advice unless subsequently confirmed by fax or letter signed
by a Partner or Director of BDO Kendalls. It is your responsibility to
scan this communication and any files attached for computer viruses and
other defects. BDO Kendalls does not accept liability for any loss or
damage however caused which may result from this communication or any
files attached. A full version of the BDO Kendalls disclaimer, and our
Privacy statement, can be found on the BDO Kendalls website at
http://www.bdo.com.au or by emailing administrator@xxxxxxxxxxx

BDO Kendalls is a national association of separate partnerships and
entities.



Relevant Pages

  • Re: My Frustrations
    ... If the people offering the services don't know what they are doing then what they are really selling you is a false sense of security. ... I would think that there would be a level of pride or whatever that would prevent that to a degree, however, I have always lived by the idea that there is nothing wrong with asking questions, nor are there any stupid questions. ... It is, afaik, in *every* profession. ... Security Trends Report from Cenzic ...
    (Pen-Test)
  • RE: CISSP Question
    ... Subject: CISSP Question ... In cases where one does not have the required experience, ISC2 has instituted an Associate qualification. ... So if for instance the opposing council subpoenas your CISSP records and it stated 5 years professional security experience and you had been a security guard - they will use this. ... Thus it was mentioned that the legal terminology of a profession does not matter, maybe if you never go into a court. ...
    (Security-Basics)
  • RE: CISSP Question
    ... Here is the Princeton definition of a profession. ... advocacy is a position of representation. ... A Security guard does not." ... and not necessarily endorsed by BDO Kendalls. ...
    (Security-Basics)
  • RE: [fw-wiz] Re: Ethics, morality and the industry
    ... disenchanted about the professionalism in our profession. ... role of IT security in our environments. ... makers attending conferences featuring colourful speakers that are able ... clown flogging his criminal past is accurate in this context. ...
    (Firewall-Wizards)
  • RE: CISSP Question
    ... member of a profession. ... and not necessarily endorsed by BDO Kendalls. ... advocacy is a position of representation. ... A Security guard does not." ...
    (Security-Basics)