Common Criteria and/or Certifications

["Norman R. Bottom" <normanr () herald infi net>]

Musings on InfoSec, common criteria, certifications, and our current weakness.
. . . . . . . 

The ability to certify hardware and software goes along with technical
expertise; however, in an era of Beta Testing, it may be too soon to opt for
serious certification ala ASTM, etc.

My concern is the seemingly impervious Firewall between techies and old line
security folks. Security techies do not seem to have time for addressing human
factors (i.e., "All problems are people problems.") Old line security folks
fear the technology and cling to old habits.

Here is a "People Protocol" developed years ago by my wife, and I. It is
called WAECUP (pronounced "Wake-Up"). This acronym stands for Waste, Accident,
Error, Crime, and Unethical Practices. These Human Factors can influence
InfoSec in a major, major way. Firewalls administrators are like Western
settlers, looking out the window to see if the Indians are coming. Alas, some
of the Indians are in the workplace, ready to stab you in the back.

All I am saying, here, is that we need to join forces to combat information
theft. It seems somewhat silly to put all our egg in the technology basket,
when the workplace is rife with anti loyalty and free floating ethics.

By the way, there is one certification that combines tech factors and human factors.
If you want more information, contact me directly.

Thanks for listening.

Blessings,

Norman
-- 
http://www.cgroup.com/secarticles/Jsa1/jsaintro.htm
http://www.wiu.edu/users/mfkac/jsa
http://www.miamisecurityexpert.com
Prayer is the Work ! •  Psalm 32:7-8

Attachment: vcard.vcf
Description: Card for Bottom, Norman