RE: Notes from CISSP class with Dr. Eric Cole

I apologise if I upset some people.
I occasionally forget that having knowledge to pass an exam doesn't always
equate to having the skills and self initiative to use that knowledge
effectively to protect systems, applications, infrastucture and data.

Lyal

-----Original Message-----
From: Harley David [mailto:David.Harley_at_cfh.nhs.uk]
Sent: Tuesday, 11 October 2005 1:23 AM
To: webappsec_at_securityfocus.com
Subject: RE: Notes from CISSP class with Dr. Eric Cole

> I disagree regarding CISSP and some other certification processes. The
> "knowledge measurement" process in this case is based upon knowing
> certain terminology and the related definition inside and out as used
by the
> individuals in the certifying body.

Of course it is. My point is that this applies as a generality, not
specifically to CISSP or MCSE or whatever. You have to make assumptions
about 'right' and 'wrong' content to mark an exam, and that includes
assumptions about terminology and definitions. Obviously, different
organizations can use variant terminology. Indeed, different people teaching
the same knowledge base may do the same thing wherever there's scope for
divergence.
 

-- 
David Harley 
NHS Infrastructure Security Manager
Threat Assessment Centre Manager
Malware and Email Abuse Management Specialist
NHS Connecting for Health
This e-mail is confidential and privileged. If you are not the intended
recipient please accept our apologies; please do not disclose, copy or
distribute information in this e-mail or take any action in reliance on its
contents: to do so is strictly prohibited and may be unlawful. Please inform
us that this message has gone astray before deleting it. Thank you for your
co-operation.