Full Disclosure mailing list archives
Re: Re: MS not telling enough - ethics
From: "Ivan ." <ivanhec () gmail com>
Date: Sun, 21 Aug 2005 20:26:51 +1000
: Well done, anyone else who knows of people committing fraud against isc2 : should report them. Unfortunately I don't think its feasible for isc2 to : check everybody. Oh, how coincidental..
What do you suggest? that they check everyone who passes the exam?
Ethics Complaint Procedures [0]
so whats your complaint? people passing the exam, gaining the cert without the relevant experience? or now the ethics complaint handling procedure?
You are so proud of our certification, you won't even list yourself in the (ISC)2 directory so that we can verify you even hold the certification! [2]
yep, you must be on crack? https://www.isc2.org/cgi-bin/cert_verification.cgi?displaycategory=1300 CERTIFICATION VERIFICATION SEARCH RESULTS Ordered by Last Name Back to Certificate Verification page. Name: Ivan Coric Brisbane Certification(s): CISSP
Best for who?! Oh yes, for you since you hold it. And best for those issuing it, since they profit directly from the certification and the yearly 'renewal' fee. The fact is, (ISC)2 and the CISSP certification is a marketing ploy and money maker. It is *not* in their best interest to allow the credibility of their certification to be tarnished for any reason, even when criminals are 'earning' it.
yeah it's good for me, and yes because I hold it. Your a smart fellow, have a lolly. Hopefully someone from ISC2 can reply to the list and address your concerns. cheers Ivan On 8/19/05, security curmudgeon <jericho () attrition org> wrote:
: Well done, anyone else who knows of people committing fraud against isc2 : should report them. Unfortunately I don't think its feasible for isc2 to : check everybody. Oh, how coincidental.. : They do random credential checking and I should I know, since I was : audited after I passed the exam. Ethics Complaint Procedures [0] The board and its agents undertake to keep the identity of the complainant and respondent in any complaint confidential from the general public. [..] The board will consider only complaints that specify the canon of our code that has been violated. [..] Complaints will be accepted only from those who claim to be injured by the alleged behavior. While any member of the public may complain about a breach of Canon I, only principals may complain about violations of Canons II and III, and only other professionals may complain about violations of Canon IV. [..] All complaints must be in writing. The board is not an investigative body and does not have investigative resources. Only information submitted in writing will be considered. [..] Complaints and supporting evidence must be in the form of sworn affidavits. The board will not consider other allegations. [..] Where there is disagreement between the parties over the facts alleged, the ethics committee, at its sole discretion, may invite additional corroboration, exculpation, rebuttals and sur-rebuttals in an attempt to resolve such dispute. The committee is not under any obligation to make a finding where the facts remain in dispute between the parties. Where the committee is not able to reach a conclusion on the facts, the benefit of all doubt goes to the respondent. [..] Discipline of certificate holders is at the sole discretion of the board. Decisions of the board are final. -- Ok, let me translate this for you: Keep it private, for your own good, we swear! This way the complaint is kept out of public scrutiny. You have to clearly define what canon was violated, even though they are general and vague. You must personally be injured to complain, even though breaking any of the four canons may not directly harm one individual! You must submit said complaint in writing, and the board does not have time to investigate your complaint at all. Such complaints must be in the form of sworn affidavits [1], signed by a notary as witness to your signature etc. If there is any dispute of facts, which is entirely up the to the (ISC)2 board, it is entirely their discretion whether to act on or continue the process. The board may arbitrarily decide not to pursue or consider additional evidence, will make no effort to research the matter themselves, and drop the matter without further consideration. Even if the board finds someone guilty of breaking one of the canons, the board will decide what punishment, if any, is appropriate, including 'none'. How many hoops does one have to jump through to file a complaint that will actually be considered?! Should I slice my wrists and bleed all over the signed and notarized document in case they need a blood sample or DNA? Does the complaint need to be shouted out from town square right after slaughtering a chicken while juggling hedgehogs? I mean really, how many ways can they make this process counter-productive and full of backdoors so the 'board' can simply ignore your complaint? : Ivan Coric, CISSP You are so proud of our certificiation, you won't even list yourself in the (ISC)2 directory so that we can verify you even hold the certification! [2] : The CISSP cert is the best security cert around, without a doubt. Best for who?! Oh yes, for you since you hold it. And best for those issuing it, since they profit directly from the ceritification and the yearly 'renewal' fee. The fact is, (ISC)2 and the CISSP certification is a marketing ploy and money maker. It is *not* in their best interest to allow the credibility of their certification to be tarnished for any reason, even when criminals are 'earning' it. security curmudgeon [0] https://www.isc2.org/cgi-bin/content.cgi?page=176 [1] http://en.wikipedia.org/wiki/Affidavit [2] https://www.isc2.org/cgi-bin/directory.cgi?displaycategory=503
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: MS not telling enough Jason Coombs (Aug 18)
- Re: Re: MS not telling enough TheGesus (Aug 18)
- Re: Re: MS not telling enough J u a n (Aug 18)
- Re: Re: MS not telling enough - ethics DAN MORRILL (Aug 18)
- Re: Re: MS not telling enough - ethics TheGesus (Aug 18)
- Re: Re: MS not telling enough - ethics Jeremy Bishop (Aug 18)
- Re: Re: MS not telling enough - ethics DAN MORRILL (Aug 18)
- Re: Re: MS not telling enough - ethics J.A. Terranson (Aug 18)
- Re: Re: MS not telling enough - ethics Ivan . (Aug 18)
- Re: Re: MS not telling enough - ethics security curmudgeon (Aug 19)
- Re: Re: MS not telling enough - ethics Ivan . (Aug 21)
- morphed into certification argument (was : MS not telling enough - ethics) Michael Holstein (Aug 19)
- Re: Re: MS not telling enough - ethics DAN MORRILL (Aug 18)
- Re: not telling enough - ethics Bennett Todd (Aug 18)
- <Possible follow-ups>
- Re: Re: MS not telling enough tuytumadre (Aug 18)
- Re: Re: MS not telling enough James Tucker (Aug 19)