[ISN] Experts: Use caution with White-Hat hackers

From: mea culpa (jerichoat_private)
Date: Tue Apr 06 1999 - 16:29:22 PDT

  • Next message: mea culpa: "[ISN] Inspector General Finds NASA Export Control "May Be Inadequate"."

    Forwarded From: William Knowles <erehwonat_private>
    Experts: Use Caution With White-Hat Hackers
    By Lee Bruno, Data Communications
    Apr 5, 1999 (8:44 AM)
    URL: http://www.techweb.com/wire/story/TWB19990405S0003
    Security experts are sounding a warning about so-called ethical hackers,
    the security-busters companies hire to search for vulnerabilities in their
    networks. In recent interviews with Data Comm, they said it's almost
    impossible to make the necessary background checks, since white-hat
    applicants are sworn to secrecy by the organizations that have used their
    services. And that's the perfect cover for "wannabes" who use it to hide
    their inexperience.
    "There are a lot of so-called security experts who really lack the
    necessary qualifications," said Steph Marr, national director of
    Predictive Systems, a New York-based security consultancy.
    To keep from getting burned, Marr suggested checking out an applicant's
    certification, making sure credentials come from an established
    institution. He said these include the American Society for Industrial
    Security, in Alexandria, Va., the Computer Security Institute, in San
    Francisco, and the Certified Information Systems Security Professional
    (CISSP) group, in Shrewsbury, Mass.
    It's also important, he said, to find out what's behind these
    certifications. CISSP, for instance, offers an ISC2 certification that
    requires a security professional to have worked in information security
    for a minimum of three years and to have passed a 250-question test.
    Other experts said business acumen is as much a job requirement as
    esoteric knowledge of system vulnerabilities. "A security policy that's
    not firmly grounded in business practice is useless," said Chuck Williams,
    chief scientist at Cylink, in Sunnyvale, Calif., a vendor of network
    security gear.
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Hacker News Network [www.hackernews.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:21:59 PDT