On Tue, 17 Feb 1998, Anton J Aylward wrote:
> >> I don't think anyone proposes such an arrangement when they refer to
> >> ``certification''; instead, they're looking for something on the lines
> >> of the CPA and CFA, where you pay a certificying organization a testing
> >> fee, sit down and take a test, and if you make the grade then you have
> >> your certificate.
The problem is that the basic principles of accounting are fairly
straight-forward, and numbers work the same for everyone. While the
particular CPA or CFA you choose may be better or worse than another
in terms of how much they save you, the basics always work. Security
tends to be implementation specific and acceptable risk models vary per
installation. If we all made up our own mathematical policies, and
purchasing's number system was a little different than payroll's we'd see
the same problems with CPAs.
> Right.
> I propose we shut up and get on with using the CISSP.
> If you don't know what the CISSP is, look at the ISSA, CSI
> and (ISC)2 sites. Look at Charles Cresson Wood's article on why
> the CISSP is relevant as a security certification.
Having seen the reasoning, misunderstandings, and questions of quite a few
folks with CISSP certifications, it's about as useful as a CNE in my opinion.
<soapbox>
I think it's high time the computer industry started realizing that
certification classes are not a valid substitute for real-world
experience and stopped perpetuating the folly.
</soapbox>
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts @
clark .
net which may have no basis whatsoever in fact."
PSB#9280
Follow-Ups:
References:
|
|
