RE: [ISN] INFOSEC: Certifiably Certified

From: InfoSec News (isnat_private)
Date: Sat Oct 26 2002 - 04:35:49 PDT

Next message: InfoSec News: "Re: [ISN] INFOSEC: Certifiably Certified"

Previous message: InfoSec News: "[ISN] Crack in OpenHack"
Maybe in reply to: InfoSec News: "[ISN] INFOSEC: Certifiably Certified"
Next in thread: InfoSec News: "Re: [ISN] INFOSEC: Certifiably Certified"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded from: "BERNARD, Mark" <MEBERNARat_private>

Dear Associates,

The one thing that you appear to have over looked is one fundamental
principle of incident handling and Information Security, that is to
ensure that who you are getting advice has some basis for their
decision making.

Certification simply implies that a person has a basic level of
knowledge it does not imply that they know how to use that knowledge
that only comes with experience and/or mentoring.

If you look at the most revered professions within our society you
will see that some level of certification under a common body of
knowledge is necessary for that profession to become stable and
continue to develop. A few examples are lawyers, doctors, mechanics,
etc...

To boldly state, as a few of you have, that all certifications are
basically useless is not to understand the goals of these
certifications.

Regards,
Mark.

-----Original Message-----
From: InfoSec News [mailto:isnat_private]
Sent: Friday, October 25, 2002 5:43 AM
To: isnat_private
Subject: Re: [ISN] INFOSEC: Certifiably Certified 

Forwarded from: Eric Lee Green <ericat_private>

On Wednesday 23 October 2002 11:44 pm, InfoSec News wrote:
> eyes of a third party is foolish. Haphazardly hiring security
> personnel on the basis of a certification for which there is not
> even a standard (such as ISO 17799) is a reckless endangerment of
> the hiring organization's resources. Furthermore, given the
> interconnected nature of the Internet, in some cases, this has the
> real possibility of adversely affecting security across the Internet
> in general.

Heh. Something I've been saying for years.

> That having been said, I'm happy to announce that I'm going into the
> certification business. If anyone cares to send me $500 and copies
> of

I already beat him to it, in July 2001. See http://badtux.org/pooe.pdf
for your own free certificate :-).

[...]

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "Re: [ISN] INFOSEC: Certifiably Certified"
Previous message: InfoSec News: "[ISN] Crack in OpenHack"
Maybe in reply to: InfoSec News: "[ISN] INFOSEC: Certifiably Certified"
Next in thread: InfoSec News: "Re: [ISN] INFOSEC: Certifiably Certified"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Oct 26 2002 - 07:25:27 PDT