TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
In terms of hiring there is the CISSP test as mentioned. However, there are
many security professionals out there who not only have not taken the CISSP,
but do not know exactly what it is. Not being CISSP certified does not
necessarily mean that the person in question does or does not know about
security, and is or is not a competent (or even MORE than competent)
professional. Similarly, someone who is CISSP certified does not
necessarily know everything about security. The best thing to do is to
check references with past jobs. As far as checking on whether someone who
is currently hired is keeping up his or her level of competence, that is
another story. You could have that professional take the CISSP test, they
could pass with flying colors, but if they do not know about the latest
attacks, there *is* the possibility that through an honest mistake your
network could be left wide open.
Peer review, and making sure that the security person has the resources
available (including TIME) to keep current (iow, there is a lot of
daily/weekly reading required to keep current!), are probably your best bets
for current employees.
Hope this helps some,
Alex F
[EMAIL PROTECTED]
-----Original Message-----
From: Julie Williams [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 04, 2000 12:23 PM
To: [EMAIL PROTECTED]
Subject: Information
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
----------------------------------------------------------------------------
I apologize if this email is being sent out of the realm of this listserv,
but I am sorta lost as to where it would be appropriately sent..
I am trying to find out how commercial business test their experts.
1. Are they tested?
2. How are they tested?
3. As a supervisor in Information Assurance/Security/Vulnerabilities, how
do you OBJECTIVELY test the people that are supposed to know what they are
doing.
Why test, I need to know where I am at, Is their a standard level of
knowledge for this stuff???
Any Help would be greatly benefical
