RE: Information

Subject: RE: Information
From: Christensen, Joe (joe.christensenplanningtech.com)
Date: Wed Jan 12 2000 - 17:32:29 CST

• Next message: Gary Dentremont/Towers Perrin: "Re: Information"
• Previous message: Osborne-1, Brett: "RE: Internet Scanner - Large scans"
• Maybe in reply to: Julie Williams: "Information"
• Next in thread: Gary Dentremont/Towers Perrin: "Re: Information"
• Maybe reply: Christensen, Joe: "RE: Information"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any problems!
----------------------------------------------------------------------------

The reverse is also true. What is the point of implmenting a firewall if
you don't have a strategic view of network security from a broad
perspective? a firewall is tactical. It is no good without a security
polciy and management framework guiding it at the strategic level.
Something needs to guide the implementation of firewall rules and policy.

If you are at all familiar with history, the U.S. in Vietnam won almost all
its battlefield engagements with its foe but lost the war because it had a
lack of a strategic vision for winning the war. The same is true for our
revolutionary war. We lost 4 out of 7 of the major battles but won the war
through a superior strategic command (Washington).

Tactics and strategy go hand. The CISSP is very good for testing beyond the
technical and tactical but it is not the end all and be all. Folks with
superior technical and tactical skills are needed as well.

SANS looks much more promising in regard to certification for technical
(tactical) knowledge.

Joseph J. Christensen
CISSP
Attorney at Law

-----Original Message-----
From: Mary_L_Jensen/Boulder/IBMca.ibm.com
[mailto:Mary_L_Jensen/Boulder/IBMca.ibm.com]
Sent: Monday, January 10, 2000 11:52 AM
To: Jim Boxmeyer
Cc: Matthew F. Caldwell; Julie Williams; issforumiss.net
Subject: Re: Information

TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any
problems!
----------------------------------------------------------------------------

The problem I have with the CISSP certification is that it is not as
"technical" as I would like. CISSP proves you know the general theories
and aspects of security as a whole. Not a bad thing to have but, there
seems to be a gap in the technical requirements.

What good is there is knowing the general aspects of firewalls if you can't
configure one?

"Jim Boxmeyer" <boxmeyeronctek.com> on 01/08/2000 06:49:32 PM

To: "Matthew F. Caldwell" <mattcguarded.net>, "Julie Williams"
      <jawilliansg.navy.mil>
cc: issforumiss.net (bcc: Steve Manzuik/CanWest/IBM)
Subject: Re: Information

TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any
problems!
----------------------------------------------------------------------------

Hi,

Another site which is bringing a security training program online is the
SANS organization.
Their SNAP program is looking very good, although it is still new there has
been approval given
by many security professionals. You can get further information at their
web
site http://www.sans.org

Jim Boxmeyer
Senior Engineer
ONCTek LLC
http://www.onctek.com
908-595-2159

-----Original Message-----
From: Matthew F. Caldwell <mattcguarded.net>
To: Julie Williams <jawilliansg.navy.mil>
Cc: issforumiss.net <issforumiss.net>
Date: Saturday, January 08, 2000 8:27 AM
Subject: Re: Information

>TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
to
>majordomoiss.net Contact issforum-owneriss.net for help with any
problems!
>---------------------------------------------------------------------------

-
>
>
>Hi Julie,
>
> The only test I have found that provides some security knowledge
>testing is the CISSP exam for information security professionals.
>
>The web site with test information is located at the following:
>http://www.isc2.org. ISC^2 is a independent consortium that does the
>testing. This is a ~258 question test that deals with everything from VMS
>security to encryption.
>
>
>Matthew F. Caldwell, CISSP - Senior Consultant
>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Guarded.Net - An Information Security Company
> connect(); to the future of secure computing!
> Email: matt.caldwellguarded.net
>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> http://www.guarded.net
>
>On Tue, 4 Jan 2000, Julie Williams wrote:
>
>> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
to
>> majordomoiss.net Contact issforum-owneriss.net for help with any
problems!
>>
-------------------------------------------------------------------------

---
>>
>> I apologize if this email is being sent out of the realm of this
listserv,
>> but I am sorta lost as to where it would be appropriately sent..
>> I am trying to find out how commercial business test their experts.
>> 1.  Are they tested?
>> 2.  How are they tested?
>> 3.  As a supervisor in Information Assurance/Security/Vulnerabilities,
how
>> do you OBJECTIVELY test the people that are supposed to know what they
are
>> doing.
>>
>> Why test, I need to know where I am at, Is their a standard level of
>> knowledge for this stuff???
>> Any Help would be greatly benefical
>>
>>
>>
>
>
>

• Next message: Gary Dentremont/Towers Perrin: "Re: Information"
• Previous message: Osborne-1, Brett: "RE: Internet Scanner - Large scans"
• Maybe in reply to: Julie Williams: "Information"
• Next in thread: Gary Dentremont/Towers Perrin: "Re: Information"
• Maybe reply: Christensen, Joe: "RE: Information"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Thu Jan 13 2000 - 11:13:05 CST