All of the examples that are mentioned are not considered a technology based
education. Politics, phycology etc are all humanities based subjects and are
well suited to business. Most professional managers do not have a
âbusinessâ degree, but rather a related degree as you have listed. A BA in
Politics for example is oft considered a business degree. (look to the works on
frames in business and interpersonal relationships in organisational studies.
Politics is a valid business frame).
The point is a range of subjects. Security is NOT about technology. An
understanding of the technology is needed, but the key focus is people. Hence
the need to have a broader focus.
What we need to look at is a process of continual or even as it has been called
life long learning. One or the other (certification or qualification) is never
sufficient; stopping the learning process at any stage is not a good policy.
Craig
-----Original Message-----
From: Bob Radvanovsky [mailto:rsradvan@unixworks.net]
Sent: Sat 28/01/2006 1:59 PM
To: Craig Wright; Kain, Becki (B.); security-basics@securityfocus.com
Cc:
Subject: RE: Re: University Degree or CISSP
So...those who have BOTH a business AND a computer science backgrounds
can understandably "fit" better into a security role than simply someone who
has one or the other? Perhaps. I have known people who had either psychology,
political science, history, and liberal studies degrees -- all of them have
done very well with security. Perhaps it is with the "human factor" that
allowed them to transition into security so well... ;))
-rad
P.S. Then again, I've known my fair share of "security people" who
couldn't conduct any security role or function without constantly reviewing
their "Security For Dummies" manuals. The sad thing was that they were
certified in one or more security-based certifications (and that included the
CISSP)!!! >(((
----- Original Message -----
From: Craig Wright [mailto:cwright@bdosyd.com.au]
To: "Kain, Becki (B.)" [mailto:bkain1@ford.com],
security-basics@securityfocus.com
Subject: RE: Re: University Degree or CISSP
>
> The completion of a degree shows a certain process. It demonstrates a
> certain level of research ability and knowledge. A degree does not do
> everything for you, but it does help.
>
> Most importantly it is important to have an understanding of more than
> just IT. A "security" engineer with technical knowledge and no process
> knowledge or business knowledge is oft worse than useless. Security is
> not about tools and is a Risk based process. Many people with a
> technical ONLY background do not understand this or the related
business
> controls.
>
> Craig
>
> -----Original Message-----
> From: Kain, Becki (B.) [mailto:bkain1@ford.com]
> Sent: 27 January 2006 8:22
> To: security-basics@securityfocus.com
> Subject: RE: Re: University Degree or CISSP
>
> The thing that I find frustrating, and I have a 4 year degree from
> University of Michigan, in Economics, is that companies, like the one
> I'm posting from, make it a requirement that you have a degree, but
not
> what the degree is in. Seems that a person with 4 years of practical
> computer work should be seen as just as (or more, IMHO), useful that a
> person with a 4 year degree, but no practical skills. But then again,
> I'll never understand HR departments.
>
> Liability limited by a scheme approved under Professional Standards
> Legislation in respect of matters arising within those States and
> Territories of Australia where such legislation exists.
>
> DISCLAIMER
> The information contained in this email and any attachments is
confidential.
> If you are not the intended recipient, you must not use or disclose
the
> information. If you have received this email in error, please inform
us
> promptly by reply email or by telephoning +61 2 9286 5555. Please
delete the
> email and destroy any printed copy.
>
> Any views expressed in this message are those of the individual
sender. You
> may not rely on this message as advice unless it has been
electronically
> signed by a Partner of BDO or it is subsequently confirmed by letter
or fax
> signed by a Partner of BDO.
>
> BDO accepts no liability for any damage caused by this email or its
> attachments due to viruses, interference, interception, corruption or
> unauthorised access.
>
>
---------------------------------------------------------------------------
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The Norwich University program offers unparalleled Infosec management
> education and the case study affords you unmatched consulting
experience.
> Tailor your education to your own professional goals with degree
> customizations including Emergency Management, Business Continuity
Planning,
>
> Computer Emergency Response Teams, and Digital Investigations.
>
> http://www.msia.norwich.edu/secfocus
>
---------------------------------------------------------------------------
>
>
Bob Radvanovsky, CISM, CIFI, REM, CIPS
rsradvan@unixworks.net | rsradvan@infracritical.com |
rsradvan@ehealthgrid.com
(630) 673-7740 | (412) 774-0373 (fax)
Liability limited by a scheme approved under Professional Standards Legislation
in respect of matters arising within those States and Territories of Australia
where such legislation exists.
DISCLAIMER
The information contained in this email and any attachments is confidential. If
you are not the intended recipient, you must not use or disclose the
information. If you have received this email in error, please inform us
promptly by reply email or by telephoning +61 2 9286 5555. Please delete the
email and destroy any printed copy.
Any views expressed in this message are those of the individual sender. You may
not rely on this message as advice unless it has been electronically signed by
a Partner of BDO or it is subsequently confirmed by letter or fax signed by a
Partner of BDO.
BDO accepts no liability for any damage caused by this email or its attachments
due to viruses, interference, interception, corruption or unauthorised access.
