On Tue, 17 Feb 1998, Anton J Aylward wrote:
<snip>
>
> And an important part of auditing, as any forensic CPA will
> tell you, is having the field experience to know what can go wrong.
> KNowing how to read an ISS scan means blah.
> There are many of us who could set up a machine which would
> look clean to one of these tools which the Big N-1 put so
> much faith in, but would still be not just vulnerable but in a
> definite CFM (Come Fiddlearound with Me) mode.
Agreed, but how many Big N-1 auditors do you know can actually do this??
>
<snip>
>
> That and the 80/20 rule. Eighty percent of your problems
> aren't going to come from the internet, they're going to
> come from the lack of experience, procedures and controls
> of your own people.
Agreed.
>
> Which is the most fundamental rule of all in security, be it
> for InfoSec, bank clerks or theme parks.
>
> "Certification? We don' nee' no steenking certification"
>
> .... because they'll be certifying the wrong things.
>
> We've got the CISSP. Lets shift the debate over to how
> relevant that is and how we can make the industry pay
> more attention to the certifications which already exist.
OK, let us focus on how relevant the CISSP exam is to the industry and try
to focus on making the those Big N-1 firms realize why a CISSP or
equivalent is important to their business practice.
>
> /anton
>
> ## Reply End ##
>
##########################################################
'Turn on, Boot Up, Jack in'
#########################################################
References:
|
|
