I think (making some assumptions here) that the SANS comment was made just as much for the "merit badge" idea as the security part. There was a lot of debate over the way SANS does their certs at USENIX and their program style (for our purposes) is worth a review.
I like your suggestion, and of course we already try to keep our eyes open to the most efficient and appropriate way to develop, and a lot sure does get discussed. The difference that I think was suggested at the Advisory Council was that we might be even more formal about our research and planning (i.e. ROI). And that is certainly something we recognize as important moving forward with a new level or two. 8)
Thanks!
sg
Bryan J. Smith wrote:
On Mon, 2004-01-26 at 13:32, Stacy Gildenston wrote:Hi Bryan- As an FYI, the idea of working with the ISC2 came up at the Advisory Board meeting last week, as well as checking into the concept of creating "merit badges" for this level, which I will go into later. The other group that was suggested for a look-see is SANS.To begin and clarify, I was not considering working directly with the ISC2, but to map the LPIC-3 Security exam against the Common Body of Knowledge (CBK) commonly associated with the ISC2 program. I specifically mapped them into the 7 CBK Domains of the ISC2 SSCP program, but that was just my suggestion.Secondly, it should also be noted that the SANS Institute _recognizes_ and even provides training on the 10 CBK Domains in the ISC2 CISSP. This is in addition to their more specialized and specific GIAC programs, with the CBK as a pre-requisite or "general map" of security knowledge. So, in conclusion, I don't see mapping the LPIC-3 Security exam into any of the CBK Domain to be an alignment 'thang, but just a good idea in general. Even SANS does it.
-- Stacy Gildenston Director of Certification Linux Professional Institute [EMAIL PROTECTED] 603.430-9398 office 603.498-2329 cell 603.433-7590 fax
