Hello all, For those with opinions on the Level 3 security specialization - how far outside of the "linux box" do you think the L3 security stuff should look? Do you think its something that should focus on the technology alone, e.g. hardening boxes and running and IDS? Or do you think that a more well rounded curriculum would be of benefit? One, for example, that might include the non-technical aspects of risk assessment, security policy (in the written sense), disaster recovery, etc?
It seems like a huge difference in development to me. If technology alone, it is certainly more focused, and more along the lines of the SANS certs. It would, however, be the easiest to write and test on, being more static. If the latter, we would be looking more along the lines of a CISSP style certification, or standards such as ISO17799/BS7799 which is good also. This would certainly be a much more useful education for the LPI candidate, but would be a lot harder to quantify and would add a whole lot of work. Clearly, there would have to be a very selective sampling of non-technical security tasks if this were done, or it would just be too much. I was hoping some on the lists had thoughts on this. On a scale of 1 to 10 (1 being total technology, 10 being very comprehensive) where should it rate? Thanks, Mark Lachniet _______________________________________________ lpi-examdev mailing list [EMAIL PROTECTED] http://list.lpi.org/mailman/listinfo/lpi-examdev
