RE: CISSP Question

[Lee McDonald <bremc () inbox com>]

Guys, guys, nice, please!

> -----Original Message-----
> From: craig.wright () bdo com au
> Sent: Thu, 3 May 2007 07:19:15 +1000
> To: jsimmons () eds com, frommel () gmail com
> Subject: RE: CISSP Question
>
> If you read the requirements you should note that "The specification and
> selection of controls and mechanisms ...does not include the mere
> operation of these controls."
>
> Gate guards need not apply.
>
> A person with experience designing physical controls and data centres for
> secure sites would have a level of experience.
>
> Rather than extrapolating invalid preambles from the basic marketing
> documents, have a read of ISO Standard 17024:2003 and try to take this in
> the context that it applies.
>
> Regards,
> Craig
>
>
>
> Craig Wright
> Manager of Information Systems
>
> Direct +61 2 9286 5497
> Craig.Wright () bdo com au
> +61 417 683 914
>
> BDO Kendalls (NSW)
> Level 19, 2 Market Street Sydney NSW 2000
> GPO BOX 2551 Sydney NSW 2001
> Fax +61 2 9993 9497
> www.bdo.com.au
>
> Liability limited by a scheme approved under Professional Standards
> Legislation in respect of matters arising within those States and
> Territories of Australia where such legislation exists.
>
> The information in this email and any attachments is confidential.  If
> you are not the named addressee you must not read, print, copy,
> distribute, or use in any way this transmission or any information it
> contains.  If you have received this message in error, please notify the
> sender by return email, destroy all copies and delete it from your
> system.
>
> Any views expressed in this message are those of the individual sender
> and not necessarily endorsed by BDO Kendalls.  You may not rely on this
> message as advice unless subsequently confirmed by fax or letter signed
> by a Partner or Director of BDO Kendalls.  It is your responsibility to
> scan this communication and any files attached for computer viruses and
> other defects.  BDO Kendalls does not accept liability for any loss or
> damage however caused which may result from this communication or any
> files attached.  A full version of the BDO Kendalls disclaimer, and our
> Privacy statement, can be found on the BDO Kendalls website at
> http://www.bdo.com.au or by emailing administrator () bdo com au.
>
> BDO Kendalls is a national association of separate partnerships and
> entities.
>
> -----Original Message-----
>
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
> On Behalf Of Simmons, James
> Sent: Thursday, 3 May 2007 5:58 AM
> To: Florian Rommel
> Cc: security-basics () securityfocus com
> Subject: RE: CISSP Question
>
> So here is a thought for everyone.
>
> To qualify for CISSP, you should have at least four years of experience
> in one of the ten domains. Of which includes Physical Security. So with a
> bit of cramming, your gun cleaning, gate guard of 4 years can be a
> qualified CISSP with next to minimal experience in Information security.
> And as per the ISC2 webpage, to qualify experience you need to have done
> some of the included actions.
> (https://www.isc2.org/cgi-bin/content.cgi?category=1187)
>
> Reactions anyone?
>
> P.S. I am not saying that all gate guards are incapable of being good
> CISSP's.  I am just pointing out an all too common scenario.
>
> Regards,
>
> Simmons
>
> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
> On Behalf Of Florian Rommel
> Sent: Wednesday, May 02, 2007 10:53 AM
> To: Nicolas villatte; krymson () gmail com;
> security-basics () securityfocus com
> Subject: Re: CISSP Question
>
> I agree with Nicolas here. I definitely wouldn't endorse a Desktop Jockey
> with 4 years of experience. I already filed once a complaint because I
> know a guy who, because he has some certifications and has worked as a pc
> support, thinks he is qualified to take the exam. His "boss/ partner in
> crime" was ready to sign off on it. I know for some people a
> certification like the CISSP doesn't mean much but that still shouldn't
> mean anyone can get in. I had my work experience fully documented by all
> my previous employers  before I took the exam.
>
> Security experience in any of the 10 domains for 4 years doesnt mean that
> during those 4 years you should have done something security related at
> some point it means that your position was directly security related.
>
> //flosse
> http://blog.2blocksaway.com
>
>
> On 5/2/07 9:47 AM, "Nicolas villatte" <Nicolas.Villatte () chello be> wrote:
>
> > Not really, because 5% of your time involved in security during 4
> > years would give you barely 2 months of experience. I don't know any
> > CISSP who would endorse such a candidate.
> >
> > https://www.isc2.org/cgi/content.cgi?category=1187
> >
> > "Applicants must have a minimum of four years of direct full-time
> > security professional work experience in one or more of the ten
> > domains of the (ISC)² CISSP® CBK®."
> >
> > Regards,
> > Nicolas.
> >
> >
> > ----------------------------------------------------------------------
> > ------
> > --------
> >
> > Nicolas VILLATTE
> >
> > CISSP, GCIA, GCIH, GCFA
> >
> > Sr. Security Management Specialist
> >
> >
> > -----Original Message-----
> > From: listbounce () securityfocus com
> > [mailto:listbounce () securityfocus com] On Behalf Of krymson () gmail com
> > Sent: mardi 1 mai 2007 14:14
> > To: security-basics () securityfocus com
> > Subject: RE: CISSP Question
> >
> > Just a quick add, don't overthink the 4 years' experience requirement.
> > You need that experience in any one (or more) of the 10 domains.
> > Honestly, if you're a desktop support jockey for 4 years and you do
> > some sort of security as part of your work (do you manage passwords
> > and/or respond to spyware incidents?), you can still qualify.
> > Realistically, anyone with 4 years'
> > experience in IT.