Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Re: Notes from CISSP class with Dr. Eric Cole

Re: Notes from CISSP class with Dr. Eric Cole

From: Eoin Keary <eoinkeary_at_gmail.com>
Date: Tue, 11 Oct 2005 08:44:59 +0000

Hi,
Regardless of what any of your opinions are. CISSP is the benchmark
for security qualification, along with CISA/CISM and GIAC More and
More employers require this qualification.
In saying that there are many CISSP's out there which are not so
"gifted" at security but passed the examination.

On 10/10/05, danew123_at_nsw.chariot.net.au <danew123_at_nsw.chariot.net.au> wrote:
> A pre requisite for getting certified as a CISSP is to have at least 4 years
> experience in the field of security, in at least one of the domains covered
> in the common body of knowledge.
>
> The certification is also non vendor specific, and to say that it is based
> on jargon or 'certain terminology' is pure folly.
>
> As far as I am concerned, if you have issues with the certification, it
> probably means you haven't got it, or you can't get it.
>
> Regards,
>
> DW
>
> > -----Original Message-----
> > From: Lyal Collins [mailto:lyal.collins_at_key2it.com.au]
> > Sent: Monday, 10 October 2005 8:36 PM
> > To: 'Harley David'; webappsec_at_securityfocus.com
> > Subject: RE: Notes from CISSP class with Dr. Eric Cole
> >
> > I disagree regarding CISSP and some other certification processes.
> > The "knowledge measurement" process in this case is based upon knowing
> > certain terminology and the related definition inside and out as used by
> > the
> > individuals in the certifying body.
> >
> > Think of the english language - while the USA, Canada, England and
> > Australia
> > all speak english, we all misunderstand each other at times because some
> > terms are used differently. Lunch and dinner can be the same meal time
> > in
> > some places but separate meals in others. The principle of them being a
> > meal is the same, however.
> >
> > Based on sample CISSP questions I've looked through, such differences
> > affect
> > about 5-10% of the questions in my view. So it seems the safest pass
> > strategy is to buy a set of the study material, answer the questions
> > (from
> > the same vendor as the study material) the way the study material state,
> > then return to real life work and real life security based on the same
> > principles that CISSP tries to verify that one posesses.
> >
> > Regards,
> > Lyal
> >
> >
> >
> >
> >
> >
> > -----Original Message-----
> > From: Harley David [mailto:David.Harley_at_cfh.nhs.uk]
> > Sent: Monday, 10 October 2005 6:10 PM
> > To: webappsec_at_securityfocus.com
> > Subject: RE: Notes from CISSP class with Dr. Eric Cole
> >
> >
> >> the CISSP answers are structured around knowing definitions,
> >> terminology and concepts particular to CISSP study materials, not
> >> those used in real life nor real life complexity in systems and
> >> security management.
> >
> > But that is real life...
> >
> > Exam-based certifications are based on knowledge of a predetermined body
> > of
> > what the certifying organization defines as knowledge, more or less by
> > definition. Problem solving in a real life situation may be based on
> > that
> > Common Body of Knowledge, as ISC2 call it, but exams generally attempt
> > to
> > measure knowledge, rather than skill in -applying- knowledge.
> >
> > --
> > David Harley
> >
> >
> >
> > This e-mail is confidential and privileged. If you are not the intended
> > recipient please accept our apologies; please do not disclose, copy or
> > distribute information in this e-mail or take any action in reliance on
> > its
> > contents: to do so is strictly prohibited and may be unlawful. Please
> > inform
> > us that this message has gone astray before deleting it. Thank you for
> > your
> > co-operation.
> >
> >
> >
> >
> > _____________________________________________________________________
> > This e-mail has been scanned for viruses by MCI's Internet Managed
> > Scanning Services - powered by MessageLabs. For further information
> > visit http://www.mci.com
> >
> > **********************************************************************
> > This e-mail message and any attachments are intended only for the use of the addressee(s) named above and may contain information that is privileged and confidential. If you are not the intended recipient, any display, dissemination, distribution, or copying is strictly prohibited. If you believe you have received this e-mail message in error, please immediately notify the sender by replying to this e-mail message or by telephone to (02) 9646 9222. Please delete the email and any attachments and do not retain the email or any attachments in any form.
> > **********************************************************************
>
>
>
Received on Oct 11 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]