Forwarded From: William Knowles <erehwonat_private> Experts: Use Caution With White-Hat Hackers By Lee Bruno, Data Communications Apr 5, 1999 (8:44 AM) URL: http://www.techweb.com/wire/story/TWB19990405S0003 Security experts are sounding a warning about so-called ethical hackers, the security-busters companies hire to search for vulnerabilities in their networks. In recent interviews with Data Comm, they said it's almost impossible to make the necessary background checks, since white-hat applicants are sworn to secrecy by the organizations that have used their services. And that's the perfect cover for "wannabes" who use it to hide their inexperience. "There are a lot of so-called security experts who really lack the necessary qualifications," said Steph Marr, national director of Predictive Systems, a New York-based security consultancy. To keep from getting burned, Marr suggested checking out an applicant's certification, making sure credentials come from an established institution. He said these include the American Society for Industrial Security, in Alexandria, Va., the Computer Security Institute, in San Francisco, and the Certified Information Systems Security Professional (CISSP) group, in Shrewsbury, Mass. It's also important, he said, to find out what's behind these certifications. CISSP, for instance, offers an ISC2 certification that requires a security professional to have worked in information security for a minimum of three years and to have passed a 250-question test. Other experts said business acumen is as much a job requirement as esoteric knowledge of system vulnerabilities. "A security policy that's not firmly grounded in business practice is useless," said Chuck Williams, chief scientist at Cylink, in Sunnyvale, Calif., a vendor of network security gear. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Hacker News Network [www.hackernews.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:21:59 PDT