[ISN] Certifications: A false sense of security

From: InfoSec News <alerts_at_private>
Date: Thu, 7 Jan 2010 02:37:24 -0600 (CST)
http://gcn.com/articles/2010/01/11/backtalk-security-certification.aspx

By John S. Monroe
GCN.com
Jan 06, 2010

Nothing irks a security professional more than the suggestion that the 
federal government could improve security by setting up a standard 
certification program for agency staff members.

This idea, which is gaining traction in Congress, might sound 
reasonable. But many security experts say it is a red herring. One such 
expert is Daniel Castro, a senior analyst at the Information Technology 
and Innovation Foundation, who wrote a column on the topic [1] for 
FCW.com.

"If certifications were effective, we would have solved the 
cybersecurity challenge many years ago," Castro wrote. "Certainly more 
workforce training, although not a panacea, can help teach workers how 
to respond to known cyberattacks. However, workforce training is not 
certification, and organizations, not Congress, are in the best position 
to determine the most appropriate and effective training for their 
workers."

His column triggered a flurry of reaction from readers, most of whom 
seconded his remarks by sharing observations and experiences of their 
own. Here is a sample of the responses, which have been edited for 
length, style or clarity.

[1] http://fcw.com/articles/2009/12/01/comment-castro-certification.aspx

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Thu Jan 07 2010 - 00:37:24 PST

This archive was generated by hypermail 2.2.0 : Thu Jan 07 2010 - 01:01:15 PST