Firewall Wizards mailing list archives
Re: certification of skill
From: Paul Robertson <proberts () patriot net>
Date: Wed, 13 Feb 2002 18:31:41 -0500 (EST)
On Wed, 13 Feb 2002, Chad Schieken wrote:
I recently tested for this. I must say that the thing that impressed me most by the test was the "common sense" behind most of the questions was excellent. For an "associate" or mid-level colleague it's exactly the set of basics I'd want them to subscribe to.
[Note: This is not an official response, it's my own personal response[1][2]] Thanks, that's _exactly_ the goal we were aiming for.
The thing that impressed me least were some questions about what would or would not be legally required in certain situations. Given the various jurisdictions through-out the US and the world, I can't see how there is a single "best" answers, besides 'go ask a lawyer'.
We aimed for do least harm, tell most people stuff to cover what issues we could. The answers seemed appropriate for most jurisdictions, but we probably should review those questions specifically. We cover privacy issues, so that's where it was probably most apparent, and we didn't want to ignore that issue or try to have jurisdictional centric tests.
Also with no obvious feedback mechanism, I'm not certain how they plan to improve the test. To compare it the CISSP certification process, the CISSP does allow you to "challenge" test items but my memory of the process is lacking (maybe someone could chime in), and you can submit new or updated
The feedback mechanism is primarily based on analysis of answers by the test administration company, but I'd be happy to bring up the possibility of another mechansim.
test questions. Also the test incorporates some number of "beta" questions if I'm not mistaken.
The original test takers were offered the beta exam (no longer in beta), which included a lot more questions than the final test incorporates. The beta was used to weed out questions that were too easy, too difficult, wrong, or questionable. We went through the beta feedback (which was given by a significant number of beta testers) and the data and "fixed" the exams. That'll be a continuing process. Folks who would have passed after the bad questions were weeded out were awarded certification. I'd be happy to discuss this more off-list, as this is vendor-centric (I thought about flaming Fred about that ;) ) Paul [1] TruSecure is my current employer [2] I'm on the certification oversight board [3] There is no [3] ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- certification of skill Eric Globe (Feb 12)
- Re: certification of skill Marcus J. Ranum (Feb 12)
- Re: certification of skill Drew (Feb 12)
- Re: certification of skill Frederick M Avolio (Feb 12)
- Re: certification of skill R. DuFresne (Feb 12)
- Re: certification of skill Tony Howlett (Feb 12)
- Exchange 2000 in DMZ ? Bara Zani (Feb 12)
- Re: Exchange 2000 in DMZ ? Chuck Swiger (Feb 13)
- <Possible follow-ups>
- Re: certification of skill Bill_Royds (Feb 12)
- Re: certification of skill Chad Schieken (Feb 13)
- Re: certification of skill Paul Robertson (Feb 13)