Forwarded from: Mark Bernard <mbernardat_private> Dear Associates, There are two sides to this story. For a long, long time It professionals never put much stock in a piece of paper called a certificate. However, in recent years a few of these certificate vendors have strategically positioned themselves with governments and alike. Justifiable or not an affiliation, (not a formal endorsement), to a known organization will help a company gain enough creditability to make millions of dollars without holding any accountability. The other side of the story is the need to assure senior management that your staff have a defined level of InfoSec competency. Since Universities are only beginning to jump on this it will take two or three years before the certificate landscape changes to degrees. Even now some certification organizations are hustling to have their certification accredited by a public body. The down side is that with all the focus being on certifications that the real and tangible goals are being pushed to the back of the InfoSec bus. Anyone with experience in IT Tech or IT Management can tell you that staff credibility is only one element of a complex solution in achieving asset security and being able to assure it. Speaking of creditability, currently there is no link between national, state and-or provincial InfoSec legislation and the people that perform the work. Unlike lawyers, doctors and even bus drivers there is no requirement for someone practising InfoSec to be licensed. However it wouldn't surprise me if that changes in two or three years. In closing; It would be interesting to see a survey conducted here in North America, that is Canada & the USA not just the USA, to see how many hospitals, banks, insurance companies have certified personal doing InfoSec work. My guess is less than 2%, because the mentality has always been to make do with what you have and that will never change! Regards, Mark. ----- Original Message ----- From: "InfoSec News" <isnat_private> To: <isnat_private> Sent: Friday, September 05, 2003 4:06 AM Subject: [ISN] Failing security threatens FTSE100 firms > http://silicon.com/news/500013/1/5876.html > > Will Sturgeon > 4 September 2003 > > Shareholders in some of the UK's most prestigious companies may be > horrified to hear that only 16 per cent of FTSE100 firms employ a > properly qualified, dedicated security specialist to safeguard their > systems from cyber attack. > > These findings have caused one IT training organisation to hit out > at what it calls "boardroom apathy" regarding the issue of security, > with too many CEOs adopting an 'it couldn't happen to us' attitude. > > Despite a recent spate of high-profile virus attacks, and the > constant threat posed by hackers, companies still appear to be > leaving a lot to chance - a stance which Robert Chapman, co-founder > of The Training Camp, who conducted the survey, says displays a > worrying level of "ignorance". - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Sep 08 2003 - 01:06:16 PDT