At 09:25 PM 2/23/98 -0800, Jeromie Jackson wrote:
>At 08:41 AM 2/24/98 -0800, Bennett Todd wrote:
>>If neither the CISSP initial exam,
>>nor the CISSP official required maintenance classes, can keep up with
>>ongoing developments in computer security admin practice, then they
>>are all a waste of time (for a computer security admin or auditor).
>>Certainly I and some other participants on this thread think this is the
>I could equally argue that "in the trench" work will not keep compsec
>admins/auditors up to date. There is so much r&d and technology being
>developed that you cannot spend enough time to completely evaluate and
>analyze everything. Thus, because your work cannot keep up with ongoing
>developments in the infosec. area, your job, and the resources spent on you
>is a waste of time.
>Jeromie Jackson - CISSP
>Senior Security Engineer
That was a part of my argument a while ago. When things are moving too
fast to keep up with (high potential for chaotic behaviour) you need
to move your point of observation and/or regulation _outside_ the sphere
of high rate-of-change.
The rest of the crud about who knows more is really a pissing contest
over issues of credibility.
If there was some kind of live certification technique that worked,
it would be extremely valuable here. Maybe we should look at the
way airline pilots certify... But I don't think there is enough
structure and standard in our industry to apply some of it.
Theologians indicated that gnosticism doesn't work several hundred years
Government of Yukon
Phone: (867) 667-8081