At 04:37 AM 19/02/98 -0800, you wrote:
## Reply Start ##
>However, Anton also seems to be arguing that it's not actually a
>computer skills test of any sort, but rather a physical security and
>organizational skills and law and so forth test --- everything else
>except computer security skills.
Excuse me? Something's not right here.
OK, if I FTP in and steal a file because there is inadequate
authorization, that's 'computer security'.
But if there is no lock on the computer room door, and
poor human security practices means that anyone can walk
in past reception to the computer, which has a root
password on a yellow stickie on the screen, login
and copy the file to a floppy and walk out,
that's not 'computer security'.
Or if the file was printed out and thrown in the
garbage without shredding, and our hypothetical hacker
walks off with that, this is not 'computer security'.
Or if the hacker calls down to the security guard
and asks for his help to carry all the executive
laptops out to his car, that's not 'computer security'.
Oh, I see, The CISSP was defined by the ISSA, that
INFORMATION SYSTEM SECURITY ASSOCIATION, and
that's the Certified INFORMATION system security professional.
Its only INFORMATION, not computer security they're addressing.
And the ISACA isn't any better because that's INFORMATION
systems audit and control association.
My sincere apologies, I didn't realise the domain
of discourse was limited to computer security only.
/anton
## Reply End ##
Follow-Ups:
|
|
