Firewall Wizards mailing list archives
RE: Seeking input: Research Proposal: "Is a third position possible?"
From: "Laura Taylor" <ltaylor () relevanttechnologies com>
Date: Tue, 6 Apr 2004 08:10:58 -0400
This is the database I was speaking of in my prior email. According to ISC2, not all CISSPs are listed in this database. They actually told me that some don't choose to be listed...not sure why anyone going through the trouble to get the certificate wouldn't want to be listed. They don't automatically list every CISSP and told me that many are not listed. The CISSP has to ask to be listed. It thought it seemed strange that they just didn't list them all. Laura -----Original Message----- From: Bill Royds [mailto:broyds () rogers com] Sent: Monday, April 05, 2004 6:39 PM To: ltaylor () relevanttechnologies com Cc: firewall-wizards () honor icsalabs com Subject: RE: [fw-wiz] Seeking input: Research Proposal: "Is a third position possible?" Laura, I forwarded your message to the CISSPforum mailing list and received several comments including this useful one: -----Original Message----- From: Bill Putman [mailto:w_putman () pacbell net] Sent: April 5, 2004 12:11 PM To: cisspforum () yahoogroups com Subject: [cisspforum] Re: FW: [fw-wiz] Seeking input: Research Proposal: "Is a third position possibl There is a "Certification Verification" page on the public side of the ISC Web site. It is not easy to find. One must click on the "Post-Certification" link on a page other than the home page. A menu of links is then presented with one labeled "Certification Verification - Verify an individual's (ISC)2 credentials." The link is as follows: https://www.isc2.org/cgi/cert_verification.cgi Querying on the last name or portion thereof, the full name and some location info is displayed of the "certified individual." Presumably the queried database is complete and the cert is in good standing. Hopefully, the navigation to this page will be more apparent in the redesigned Web site, and ISC personnel will direct phone inquiries to it. Bill Putman --- In cisspforum () yahoogroups com, "Brigitte Grieger" <Brigitte.Grieger@g...> wrote:
Keep in mind the person said they CALLED the ISC2 offices and were
turned
down... this makes sense if you think about it. If the person
followed
theinstructions and WRITTEN to ISC2 on corporate letterhead, then
there would
have likely been a verification.[...]I was thinking of hiring a person with a CISSP and called up ISC2 toverifyif they really were a CISSP. ISC2 told me that they never verify ifanyoneis a CISSP as it is an invasion of the person's privacy.Seems that this case was handled very badly by the ISC2 person
answering the
call. (S)he should have told the caller what to do in order to get a verification. However, if that was the reason the CISSP was not hired (s)he might be better off that way. Regards, Brigitte --
-----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Laura Taylor Sent: April 2, 2004 10:31 AM To: 'Crispin Cowan'; 'Holt, Philip' Cc: firewall-wizards () honor icsalabs com Subject: RE: [fw-wiz] Seeking input: Research Proposal: "Is a third position possible?" Something curious to know about CISSP is this.... I was thinking of hiring a person with a CISSP and called up ISC2 to verify if they really were a CISSP. ISC2 told me that they never verify if anyone is a CISSP as it is an invasion of the person's privacy. I then asked them how could I know for sure if this person really was a CISSP and told them that the person was not listed in the CISSP database on the ISC2 web site. They then told me that not all CISSPs are listed in the database because some don't want to be listed. They told me that the only way to verifiy if a person is a CISSP is to ask them for their certificate. I then asked them if all certificates look exactly alike and can they tell me how to know if a certificate it authenticate. I was told that all certificates do not look exactly alike and that they have changed their look over the years so there is no way to know if a particular certificate is real or not. After much discussion, it became clear that they were not willing to verify if anyone is a CISSP, and that there was no way for anyone to really verify this information unless the person chooses to be listed in the database on the ISC2 web site. I told them that in my opinion their process for certification was not consistent with the concept of "trust, but verify" and I ended up not hiring the person I had originally interviewed. If a certification cannot be verified, to me it is worthless. I'd rather hire an MCSE because Microsoft is willing to verify all their certifications. The philosophies and ethics of 2600 could possibly be questionable, but I dare say that ISC2 is not at all the organization that I once thought it to be. Laura ------------------------------------------------ Laura Taylor Relevant Technologies, Inc. www.relevanttechnologies.com -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of Crispin Cowan Sent: Tuesday, March 23, 2004 12:28 AM To: Holt, Philip Cc: firewall-wizards () honor icsalabs com Subject: Re: [fw-wiz] Seeking input: Research Proposal: "Is a third position possible?" Holt, Philip wrote:
that reveals your thoughts concerning, "Is a third position possible?" We are all aware of CISSP's Canons. We are also all aware of the positions put forth and the beliefs held fast to of the 2600 Group, Hacktivismo, John Perry Barlow's "Declaration of Cyberspace" and a host of other similar positions and beliefs that are in fact counter-positions to those revealed in CISSP's Canon.
No, I'm not aware of the CISSP canon. To me, the philosophies of CISSP are about as mystic and secretive as Scientology, and as such about as useful :) The 2600 crowd have a lot of well-known philosophies. One of the particularly well-known canon of the 2600 crowd is that they never actually agree on anything :) And I dare say that some 2600 people have CISSPs. So no, I have no idea what your question is. You suggest that there are two diametrically opposed views here, but since you specify both by obscure reference and never actually define them, it's really hard to tell what the hell you are talking about. Please specify what you think the opposing views are, and then we can discuss them. Crispin -- Crispin Cowan, Ph.D. Security Consulting http://crispincowan.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Seeking input: Research Proposal: "Is a third position possible?" Laura Taylor (Apr 04)
- RE: Seeking input: Research Proposal: "Is a third position possible?" Bill Royds (Apr 07)
- RE: Seeking input: Research Proposal: "Is a third position possible?" Laura Taylor (Apr 09)
- RE: Seeking input: Research Proposal: "Is a third position possible?" Bill Royds (Apr 07)