Information Security News mailing list archives

RE: INFOSEC: Certifiably Certified

From: InfoSec News <isn () c4i org>
Date: Sat, 26 Oct 2002 06:35:49 -0500 (CDT)

Forwarded from: "BERNARD, Mark" <MEBERNAR () mccain ca>

Dear Associates,

The one thing that you appear to have over looked is one fundamental
principle of incident handling and Information Security, that is to
ensure that who you are getting advice has some basis for their
decision making.

Certification simply implies that a person has a basic level of
knowledge it does not imply that they know how to use that knowledge
that only comes with experience and/or mentoring.

If you look at the most revered professions within our society you
will see that some level of certification under a common body of
knowledge is necessary for that profession to become stable and
continue to develop. A few examples are lawyers, doctors, mechanics,
etc...

To boldly state, as a few of you have, that all certifications are
basically useless is not to understand the goals of these
certifications.


Regards,
Mark.




-----Original Message-----
From: InfoSec News [mailto:isn () c4i org]
Sent: Friday, October 25, 2002 5:43 AM
To: isn () attrition org
Subject: Re: [ISN] INFOSEC: Certifiably Certified 


Forwarded from: Eric Lee Green <eric () badtux org>

On Wednesday 23 October 2002 11:44 pm, InfoSec News wrote:

eyes of a third party is foolish. Haphazardly hiring security
personnel on the basis of a certification for which there is not
even a standard (such as ISO 17799) is a reckless endangerment of
the hiring organization's resources. Furthermore, given the
interconnected nature of the Internet, in some cases, this has the
real possibility of adversely affecting security across the Internet
in general.


Heh. Something I've been saying for years.

That having been said, I'm happy to announce that I'm going into the
certification business. If anyone cares to send me $500 and copies
of


I already beat him to it, in July 2001. See http://badtux.org/pooe.pdf
for your own free certificate :-).

[...]



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.

Current thread:

INFOSEC: Certifiably Certified InfoSec News (Oct 24)
- <Possible follow-ups>
- Re: INFOSEC: Certifiably Certified InfoSec News (Oct 25)
- Re: INFOSEC: Certifiably Certified InfoSec News (Oct 26)
- Re: INFOSEC: Certifiably Certified InfoSec News (Oct 26)
- RE: INFOSEC: Certifiably Certified InfoSec News (Oct 26)
- Re: INFOSEC: Certifiably Certified InfoSec News (Oct 28)
- Re: INFOSEC: Certifiably Certified InfoSec News (Oct 28)
- RE: INFOSEC: Certifiably Certified InfoSec News (Oct 29)