Re: Re: MS not telling enough - ethics

["Ivan ." <ivanhec () gmail com>]

> : Well done, anyone else who knows of people committing fraud against isc2
> : should report them. Unfortunately I don't think its feasible for isc2 to
> : check everybody.
> Oh, how coincidental..

What do you suggest? that they check everyone who passes the exam? 

> Ethics Complaint Procedures [0]
so whats your complaint? people passing the exam, gaining the cert
without the relevant experience?
or now the ethics complaint handling procedure? 

> You are so proud of our certification, you won't even list yourself in
> the (ISC)2 directory so that we can verify you even hold the
> certification! [2]

yep, you must be on crack?

https://www.isc2.org/cgi-bin/cert_verification.cgi?displaycategory=1300

CERTIFICATION VERIFICATION SEARCH RESULTS
Ordered by Last Name
Back to Certificate Verification page.

Name:   Ivan Coric
Brisbane
Certification(s):       CISSP


> Best for who?! Oh yes, for you since you hold it. And best for those
> issuing it, since they profit directly from the certification and the
> yearly 'renewal' fee. The fact is, (ISC)2 and the CISSP certification is a
> marketing ploy and money maker. It is *not* in their best interest to
> allow the credibility of their certification to be tarnished for any
> reason, even when criminals are 'earning' it.

yeah it's good for me, and yes because I hold it. Your a smart fellow,
have a lolly.

Hopefully someone from ISC2 can reply to the list and address your concerns.

cheers
Ivan

On 8/19/05, security curmudgeon <jericho () attrition org> wrote:
> : Well done, anyone else who knows of people committing fraud against isc2
> : should report them. Unfortunately I don't think its feasible for isc2 to
> : check everybody.
>
> Oh, how coincidental..
>
> : They do random credential checking and I should I know, since I was
> : audited after I passed the exam.
>
> Ethics Complaint Procedures [0]
>
> The board and its agents undertake to keep the identity of the complainant
> and respondent in any complaint confidential from the general public.
>
> [..]
>
> The board will consider only complaints that specify the canon of our code
> that has been violated.
>
> [..]
>
> Complaints will be accepted only from those who claim to be injured by the
> alleged behavior. While any member of the public may complain about a
> breach of Canon I, only principals may complain about violations of Canons
> II and III, and only other professionals may complain about violations of
> Canon IV.
>
> [..]
>
> All complaints must be in writing. The board is not an investigative body
> and does not have investigative resources. Only information submitted in
> writing will be considered.
>
> [..]
>
> Complaints and supporting evidence must be in the form of sworn
> affidavits. The board will not consider other allegations.
>
> [..]
>
> Where there is disagreement between the parties over the facts alleged,
> the ethics committee, at its sole discretion, may invite additional
> corroboration, exculpation, rebuttals and sur-rebuttals in an attempt to
> resolve such dispute. The committee is not under any obligation to make a
> finding where the facts remain in dispute between the parties. Where the
> committee is not able to reach a conclusion on the facts, the benefit of
> all doubt goes to the respondent.
>
> [..]
>
> Discipline of certificate holders is at the sole discretion of the board.
> Decisions of the board are final.
>
> --
>
> Ok, let me translate this for you:
>
>   Keep it private, for your own good, we swear! This way the complaint is
>   kept out of public scrutiny. You have to clearly define what canon was
>   violated, even though they are general and vague. You must personally be
>   injured to complain, even though breaking any of the four canons may not
>   directly harm one individual! You must submit said complaint in writing,
>   and the board does not have time to investigate your complaint at all.
>   Such complaints must be in the form of sworn affidavits [1], signed by a
>   notary as witness to your signature etc. If there is any dispute of
>   facts, which is entirely up the to the (ISC)2 board, it is entirely
>   their discretion whether to act on or continue the process. The board
>   may arbitrarily decide not to pursue or consider additional evidence,
>   will make no effort to research the matter themselves, and drop the
>   matter without further consideration. Even if the board finds someone
>   guilty of breaking one of the canons, the board will decide what
>   punishment, if any, is appropriate, including 'none'.
>
> How many hoops does one have to jump through to file a complaint that will
> actually be considered?! Should I slice my wrists and bleed all over the
> signed and notarized document in case they need a blood sample or DNA?
> Does the complaint need to be shouted out from town square right after
> slaughtering a chicken while juggling hedgehogs? I mean really, how many
> ways can they make this process counter-productive and full of backdoors
> so the 'board' can simply ignore your complaint?
>
> : Ivan Coric, CISSP
>
> You are so proud of our certificiation, you won't even list yourself in
> the (ISC)2 directory so that we can verify you even hold the
> certification! [2]
>
> : The CISSP cert is the best security cert around, without a doubt.
>
> Best for who?! Oh yes, for you since you hold it. And best for those
> issuing it, since they profit directly from the ceritification and the
> yearly 'renewal' fee. The fact is, (ISC)2 and the CISSP certification is a
> marketing ploy and money maker. It is *not* in their best interest to
> allow the credibility of their certification to be tarnished for any
> reason, even when criminals are 'earning' it.
>
>
> security curmudgeon
>
> [0] https://www.isc2.org/cgi-bin/content.cgi?page=176
> [1] http://en.wikipedia.org/wiki/Affidavit
> [2] https://www.isc2.org/cgi-bin/directory.cgi?displaycategory=503
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/