Re: ISC gets owned?

["Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade () shaw ca>]

Date sent:              Tue, 21 Feb 2006 10:52:13 -0500

> http://www.attackprevention.com/forum/comments.php?id=10
>
> How did that code of ethics go again?

Lessee, I think I had a copy of it around here someplace.

Allow me to explain some background to the "Official Guide" and its creation that 
might address some of these issues.  I knew about the project from a time before 
the contract was signed, and reviewed much of the book, in process.

John and Susan might more readily be called editors than authors of the book.  
The source materials originally came from a great many authors.  You'll find huge 
chunks of the text of the book bears great similarity to a number of articles in 
issues of the "Information Security Management Handbook," since many of the 
authors were asked to submit material for the guide based on their contributions to 
ISMH.

You probably will find the same text out in places on the Web where some of the 
authors may have reused materials.  For example, if you look at the reference 
appendix it will bear a striking resemblance to 
http://victoria.tc.ca/techrev/mnbksccd.htm and
http://sun.soci.niu.edu/~rslade/mnbksccd.htm, since I wrote both.  It's easy to see 
that material was copied: at this date it wouldn't be quite as easy for an outsider to 
see which way.  (Knowing security literature to the extent that I do, I did have an 
eye out for similarity to print materials as I reviewed the original.  For example, 
when I reviewed Harris' first edition of her "All-in-one" guide, it was vastly 
amusing to see the sources that she used, sometimes word for word, in sections of 
the book.  Is this plagiarism?  After all, the old academic joke has it that stealing 
from one source is copying, stealing from two sources is plagiarism, and stealing 
from three or more sources is research.)

In addition, neither of the Web pages referenced as sources has any date or 
copyright information.  The earliest version of the crypto chapter I have is June 
of 2002: the digital signature material is present in that version, although the de 
Vigenere is not.  I admit that the idea of the American Bar Association 
plagiarizing materials for its Web site is a little far fetched, but it could happen.  
My glossary has been plagiarized repeatedly: in one case a company had the whole 
thing listed on their site, with no attribution.  When I tasked them about it they 
were quite appalled: they'd contracted someone to do a glossary for them, and had 
no idea that they'd purchased stolen goods.  (The funniest case of plagiarism I ever 
saw was when someone turned in a chapter to me, and the entire thing was stolen, 
a third of it from me.  The reason I found it so amusing was that the chapter was 
on ethics.)

By the way, I've blind copied some of the people involved in the guide on this 
message, and therefore taken out the original poster's identity.

======================
rslade () computercrime org  slade () victoria tc ca  rslade () sun soci niu edu
It is the test of a good religion whether you can joke about it.
                                                  - G. K. Chesterton
Where does the idea come from that if what we are doing is fun,
it can't be God's will?  The God who made giraffes has a sense of
humor.  Make no mistake about that.             - Catherine Marshall
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.