Larry Kwiat wrote:
> Bennett Todd wrote:
> > Anton J Aylward:
> > > stuff, but is still of direct relevance to INFORMATION SECURITY,
<FLASH>
What? What? What? I was sleeping...
> Bennett Todd wrote:
> > Anton J Aylward:
> > > There are many things which the CISSP examines which are not technical.
> >
> > Yeah hoo. The problems I've had with poorly-qualified auditors were in
> > missing or obsolete technical skills.
> >
> > So perhaps the CISSP isn't useless, it's just irrelevant to the area
> > where we've been seeing problems.
Bennett's still sore about not being able to pass CISSP after three tries.
> Bennett Todd wrote:
> > I stand by my claim that a computer security professional requires a
> > skill set that moves very rapidly; a test can only report whether an
> > individual has a good grasp of a painfully obsolete body of knowlege.
I assume you aren't claiming no one has the required skill set.
So, how do they get this "skill set"?
>From reading all the latest books on the subject, being on mailing lists
for security alerts, security talk (like this list, sometimes ;-), and
in general keeping up with the latest technology & proposed standards?
Any particular reason such an up-to-date person couldn't maintain
such a test in real-time (okay, a week's delay), and this test
be given to the auditors you want to check out?
You could score them as % competent and % out-of-date.
Hey.
BTW, when Polish Butthead left the firm, he also left the field
of security (too much heat from...? ;-).
He told me he took a job doing regular applications
development, and was very happy with the change.
---guy
Just kidding about Bennett and CISSP testing. ;-)
|
|
