Full Disclosure mailing list archives
Re: [OT] CISSP Test
From: "SecurityLSI" <security () lan-slam com>
Date: Sat, 26 Mar 2005 12:17:55 -0500
----- Original Message ----- From: SecurityLSI <Security () lan-slam com> To: "Anders Langworthy" <hades () psilanthropy org>; <full-disclosure () lists grok org uk> Sent: Saturday, March 26, 2005 12:16 PM Subject: Re: [OT] [Full-disclosure] CISSP Test
When it comes to InfoSec, its not hard to imagine the government
madating
a form of licensing for all security professionals that deal with
regulated
privacy matters (i.e. HIPPA et al). In fact, I think this would be a good thing as it would inevitably be extended to other realms of IT, although
it
would probably occur in an informal fashion. As more and more privacy regulation becomes the norm, I fully encourage the government to require some form of high-level certification that must
be
an across-the-board mandate (i.e. licensing). Its the only way to ensure competent professionals are the ones filling security positions. That's
not
to say there still won't be some duds, but at least you won't have the
flood
of bootcampers, braindumps, and paper certs who are only out to make a
fast
buck. After all, the security of our citizens' privacy, as well as the integrity of our nation's critical infrastructures are at stake. --Joe ----- Original Message ----- From: "Anders Langworthy" <hades () psilanthropy org> To: <full-disclosure () lists grok org uk> Sent: Saturday, March 26, 2005 1:59 AM Subject: Re: [OT] [Full-disclosure] CISSP TestSecurityLSI wrote:I wholeheartedly agree that there needs to be an industry benchmark, something that says you cannot operate in this field unless you havepassedx. I'm thinking along the lines of something similar to the Bar examthatlawyers have to take, or perhaps a license like what doctors arerequired toobtain before being able to practice. I fear its going to take
something
ofthat level to truly separate the chaff from the wheat. Anything less
and
youonly end up with braindumps and bootcampers throwing resume after
resume
atyou.There is an important distinction between something like the Bar, and medical licensure. The InfoSec equivalent of the legal Bar would be impossible to implement, because unlike a courtroom, a network is not under regulated control. If you wish to practice law, you must do it in a government-controlled courtroom*, and that government says that you must pass the Bar before doing so. My network, on the other hand--like my body--belongs to me. Nobody has the right to tell me who I can and cannot hire to work on them. In the same way, I could pay somebody off the street to perform surgery on me if I wished. I wouldn't recommend it, and they wouldn't be a licensed doctor, but nobody can stop me. So what difference does it make if we add another benchmark/"cert"? We already have plenty. Even if it were possible, would we really want to grant absolute power to something like the medical AMA? * Judge Judy doesn't count. -- Anders _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: [OT] CISSP Test SecurityLSI (Mar 26)