[Full-disclosure] Geeks
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Thu May 15 20:10:01 BST 2008
On Thu, 15 May 2008 09:11:37 PDT, Morning Wood said:
> >> Anybody who thinks a CISSP is a "license to hack" is dreadfully ignorant
> >> of what little overlap there is between hacking skills and the material
> >> covered in the CISSP.
>
> CISSP's cant hack
Right, because the CISSP isn't about hacking. It's about risk management.
It's about balancing the cost of adding more security to a system against
the costs of an intrusion. It's about the costs of testing a disaster
recovery plan, and the costs of not having a plan. It's about what sort
of backup schedule you should have, and what the retention period on the
backups should be, and why. It's about knowing how deep a background check
you should make on prospective employees. It's about how much security
awareness training the users need.
Hacking is a *very small* part of the security world.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080515/e6ff4aad/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.