RE: CISSP Question

[Lee McDonald <bremc () inbox com>]

The education provided is embraced. Mr. Wright, sorry, Graig, always provides fertile ground for growth. Thanks again, 
the both of you.

The edge is nice, if we don't jump off.

"Character is what you are in the dark." 
— Unknown


> -----Original Message-----
> From: jsimmons () eds com
> Sent: Thu, 3 May 2007 19:32:37 -0500
> To: bremc () inbox com
> Subject: RE: CISSP Question
>
> So far this has been quite civil from what I have noticed. (Of course for
> all I know Craig could be swearing and spitting at his computer, but that
> is not what I believe is going on since we seem to both been quite
> civil.) Granted it sometimes seem to get close to the edge, but
> considering what I was expecting when I started this discussion, I am
> quite amazed with the professionalism that this board has conducted
> itself, and more importantly I am amazed that my counterpart isn't the
> unprofessional type.  It is a relief that there is some civility left on
> the tubes these days.  Considering that this is an open forum, I am
> almost struck in disbelief. But I will chalk that up to the moderator.
>
> It has been a pleasure thus far ladies and gentlemen, and I hope that
> others are not yet bored of this discussion yet, as I find it interesting
> and it is bringing up some points I have not thought of yet.
> Either way, my hat is off to my opponent.
>
>
> Regards,
>
> Simmons
>
> -----Original Message-----
> From: Lee McDonald [mailto:bremc () inbox com]
> Sent: Thursday, May 03, 2007 4:25 PM
> To: Craig Wright; Simmons, James; Florian Rommel
> Cc: security-basics () securityfocus com
> Subject: RE: CISSP Question
>
> Guys, guys, nice, please!
>
> > -----Original Message-----
> > From: craig.wright () bdo com au
> > Sent: Thu, 3 May 2007 07:19:15 +1000
> > To: jsimmons () eds com, frommel () gmail com
> > Subject: RE: CISSP Question
> >
> > If you read the requirements you should note that "The specification
> > and selection of controls and mechanisms ...does not include the mere
> > operation of these controls."
> >
> > Gate guards need not apply.
> >
> > A person with experience designing physical controls and data centres
> > for secure sites would have a level of experience.
> >
> > Rather than extrapolating invalid preambles from the basic marketing
> > documents, have a read of ISO Standard 17024:2003 and try to take this
> > in the context that it applies.
> >
> > Regards,
> > Craig
> >
> >
> >
> > Craig Wright
> > Manager of Information Systems
> >
> > Direct +61 2 9286 5497
> > Craig.Wright () bdo com au
> > +61 417 683 914
> >
> > BDO Kendalls (NSW)
> > Level 19, 2 Market Street Sydney NSW 2000 GPO BOX 2551 Sydney NSW 2001
> > Fax +61 2 9993 9497 www.bdo.com.au
> >
> > Liability limited by a scheme approved under Professional Standards
> > Legislation in respect of matters arising within those States and
> > Territories of Australia where such legislation exists.
> >
> > The information in this email and any attachments is confidential.  If
> > you are not the named addressee you must not read, print, copy,
> > distribute, or use in any way this transmission or any information it
> > contains.  If you have received this message in error, please notify
> > the sender by return email, destroy all copies and delete it from your
> > system.
> >
> > Any views expressed in this message are those of the individual sender
> > and not necessarily endorsed by BDO Kendalls.  You may not rely on
> > this message as advice unless subsequently confirmed by fax or letter
> > signed by a Partner or Director of BDO Kendalls.  It is your
> > responsibility to scan this communication and any files attached for
> > computer viruses and other defects.  BDO Kendalls does not accept
> > liability for any loss or damage however caused which may result from
> > this communication or any files attached.  A full version of the BDO
> > Kendalls disclaimer, and our Privacy statement, can be found on the
> > BDO Kendalls website at http://www.bdo.com.au or by emailing
> > administrator () bdo com au.
> >
> > BDO Kendalls is a national association of separate partnerships and
> > entities.
> >
> > -----Original Message-----
> >
> > From: listbounce () securityfocus com
> > [mailto:listbounce () securityfocus com]
> > On Behalf Of Simmons, James
> > Sent: Thursday, 3 May 2007 5:58 AM
> > To: Florian Rommel
> > Cc: security-basics () securityfocus com
> > Subject: RE: CISSP Question
> >
> > So here is a thought for everyone.
> >
> > To qualify for CISSP, you should have at least four years of
> > experience in one of the ten domains. Of which includes Physical
> > Security. So with a bit of cramming, your gun cleaning, gate guard of
> > 4 years can be a qualified CISSP with next to minimal experience in
> > Information security.
> > And as per the ISC2 webpage, to qualify experience you need to have
> > done some of the included actions.
> > (https://www.isc2.org/cgi-bin/content.cgi?category=1187)
> >
> > Reactions anyone?
> >
> > P.S. I am not saying that all gate guards are incapable of being good
> > CISSP's.  I am just pointing out an all too common scenario.
> >
> > Regards,
> >
> > Simmons
> >
> > -----Original Message-----
> > From: listbounce () securityfocus com
> > [mailto:listbounce () securityfocus com]
> > On Behalf Of Florian Rommel
> > Sent: Wednesday, May 02, 2007 10:53 AM
> > To: Nicolas villatte; krymson () gmail com;
> > security-basics () securityfocus com
> > Subject: Re: CISSP Question
> >
> > I agree with Nicolas here. I definitely wouldn't endorse a Desktop
> > Jockey with 4 years of experience. I already filed once a complaint
> > because I know a guy who, because he has some certifications and has
> > worked as a pc support, thinks he is qualified to take the exam. His
> > "boss/ partner in crime" was ready to sign off on it. I know for some
> > people a certification like the CISSP doesn't mean much but that still
> > shouldn't mean anyone can get in. I had my work experience fully
> > documented by all my previous employers  before I took the exam.
> >
> > Security experience in any of the 10 domains for 4 years doesnt mean
> > that during those 4 years you should have done something security
> > related at some point it means that your position was directly security
> > related.
> >
> > //flosse
> > http://blog.2blocksaway.com
> >
> >
> > On 5/2/07 9:47 AM, "Nicolas villatte" <Nicolas.Villatte () chello be>
> > wrote:
> >
> > > Not really, because 5% of your time involved in security during 4
> > > years would give you barely 2 months of experience. I don't know any
> > > CISSP who would endorse such a candidate.
> > >
> > > https://www.isc2.org/cgi/content.cgi?category=1187
> > >
> > > "Applicants must have a minimum of four years of direct full-time
> > > security professional work experience in one or more of the ten
> > > domains of the (ISC)² CISSP® CBK®."
> > >
> > > Regards,
> > > Nicolas.
> > >
> > >
> > > ---------------------------------------------------------------------
> > > -
> > > ------
> > > --------
> > >
> > > Nicolas VILLATTE
> > >
> > > CISSP, GCIA, GCIH, GCFA
> > >
> > > Sr. Security Management Specialist
> > >
> > >
> > > -----Original Message-----
> > > From: listbounce () securityfocus com
> > > [mailto:listbounce () securityfocus com] On Behalf Of krymson () gmail com
> > > Sent: mardi 1 mai 2007 14:14
> > > To: security-basics () securityfocus com
> > > Subject: RE: CISSP Question
> > >
> > > Just a quick add, don't overthink the 4 years' experience requirement.
> > > You need that experience in any one (or more) of the 10 domains.
> > > Honestly, if you're a desktop support jockey for 4 years and you do
> > > some sort of security as part of your work (do you manage passwords
> > > and/or respond to spyware incidents?), you can still qualify.
> > > Realistically, anyone with 4 years'
> > > experience in IT.