Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: CISSP Question

from [Robinson, Sonja] Network Security [Permanent Link]
Subject: RE: CISSP Question
Date: Mon, 30 Apr 2007 13:53:01 -0400 
Go to their website for their requirements.  You can take and pass the
test and when you meet the other requirements officially obtain the
certification.

Sonja L. Robinson, CISSP, CIFI, CISA, CISM
Director - Forensic Lab Management
F T I 
646-453-1283 direct
646-468-6518 mobile
sonja.robinson@fticonsulting.com
 
3 Times Square
11th Floor
New York, NY 10036
www.fticonsulting.com
 
Confidentiality Notice:
This email and any attachments may be confidential and protected by
legal privilege. If you are not the intended recipient, be aware that
any disclosure, copying, distribution or use of the e-mail or any
attachment is prohibited. If you have received this email in error,
please notify us immediately by replying to the sender and then delete
this copy and the reply from your system. Thank you for your
cooperation.
 
 

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Elizabeth Tolson
Sent: Friday, April 27, 2007 4:57 PM
To: Simmons,James; andrews@rbacomm.com
Cc: security-basics@securityfocus.com
Subject: CISSP Question

I am in the process of getting my Master's in Information Systems
Security and my CCE for KSU.  

As far as the CISSP, it is my understanding that you need four years of
experience in computer security or IT Management.  Is that true?

Elizabeth

-----Original Message-----

From: "Simmons, James" <jsimmons@eds.com>
Sent: Apr 27, 2007 3:24 PM
To: andrews@rbacomm.com
Cc: security-basics@securityfocus.com
Subject: RE: Value of certifications

ISACA does have a standard that is used in many places. So does DISA 
(government entity), ISECOM, OWASP, and many others. Of course if you 
just blindly follow a standard procedure  then you are not worth your 
pay as a professional to begin with. If you are not re-evaluating your 
own procedure constantly let alone someone else's, then you are already



behind the power curve. Base procedures are a good way to cover the 
basics, and ensure you don't forget something small. That is why they 
are considered a set of best practices. There is never a single common 
procedure that will fit 100% of the situations. That is what you are 
being paid for as a professional. It is a lot like a lawyer. You can 
easy use a cookie cutter form for any legal document, but you pay a 
lawyer to ensure that your particular situation is covered.


Are you seriously arguing that most people who get their CISSP didn't

learn anything new >to pass?  Would the same apply to the CISA and CISM



tests from ISACA?

I am not arguing that people do not learn anything new in the process. 
I am saying that the purpose of the cert is to prove that you have a 
baseline of acceptable knowledge in that field. I am making the point 
that if you are taking a cert to learn something new, then you are 
confused as to the purpose of a certification. If you are taking the 
CISSP to learn about security, then you are providing a great 
disservice to your employer. It is a sampling issue, the difference 
between creating a test to ensure knowledge, and creating knowledge to 
pass a test.  Unless you want to argue that the CISSP test covers all 
information that is relevant to computer security, in which case I 
would just have to laugh at you, and then silently cry at the turn 
humanity has taken. I would hope that not even ISC2 would take that

stance.



On a side note, look at the board of directors for ISC2. They are all 
computer security people. So granted they have enough people for the 
technical experience, but where is the resource for education and 
psychology? Only one person (the only professor) has any sort of 
background in education and training. So how is a group of people 
suppose to make a general certification to determine the knowledge 
level for everyone that takes this test?
One teacher is not enough for a valid education system. When was the 
last time you had a horrible teacher/ professor? What are the chances 
that this guy is such a savant in teaching that he can handle all the 
executive level education decision needs of this company by himself? At



least ISACA has three professors on their board of directors.


While I wish they cost less, since I will be paying for any tests

myself, the are at

what the market will bear.  If you can make one cheaper that is just

effective, go ahead

and do so.  :)


And that is my point. This is a call to arms of sorts. We need a new 
system. Who doesn't agree? What points do you have that this system is 
the best and doesn't need to be changed drastically?  I am proposing as



an example a system that has been working (ASE). It is far from 
perfect, but it is better then our current system. The problem, is that



nothing is going to change until more people wake up and see the flaws 
in the current system. Especially with computer security, an industry 
that was created with the mindset that you can never really trust what 
people say, because we are always looking for man-in-the-middle 
attacks, social engineering, and other anomalies that we have to 
protect against. This should go out to hiring managers, and the 
decision makers. Point out the flaw in the hiring practices. I can not 
be the only one who is tired of having to work with someone who is 
completely unqualified and believes that they are the best.

Regards,

Simmons

-----Original Message-----
From: listbounce@securityfocus.com 
[mailto:listbounce@securityfocus.com]
On Behalf Of andrews@rbacomm.com
Sent: Friday, April 27, 2007 10:13 AM
To: security-basics@securityfocus.com
Subject: RE: Value of certifications


Quoting "Simmons, James" <jsimmons@eds.com>:



Do you honestly think that any of these companies have put that much 
time and effort into their tests?


The ISC2 is far from a startup company.  ISACA has also been around a 
while.  And their COBIT standard is used many places....

I may be wrong, but I think they have put some thought into their

tests.



They are not getting the certs to learn anything new. They are 
getting



them to prove that they know.


Are you seriously arguing that most people who get their CISSP didn't 
learn anything new to pass?  Would the same apply to the CISA and CISM 
tests from ISACA?


And at that
point I question why these certs have to cost so much?


While I wish they cost less, since I will be paying for any tests 
myself, the are at what the market will bear.  If you can make one 
cheaper that is just effective, go ahead and do so.  :)

Brad
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: how to find out a list of available ftp servers on LAN, Tremaine Lea
Next by Date:  Re: how to find out a list of available ftp servers on LAN, Steven
Previous by Thread:  Re: CISSP Question, Steven
Next by Thread:  how to find out a list of available ftp servers on LAN, Turbo
Indexes:  [Date] [Thread] [Top] [All Lists]