Re: [SC-L] InformIT: You need an SSG

2009-12-22 Thread Bret Watson
At 08:01 AM 22/12/2009, Mike Boberski wrote: Hi Gary. To play devil's advocate: Current organizational practices aside, I would say that organizations really need more and better toolkits and standards for developers to use, than they need more and better committees. I'd have to agree -

Re: [SC-L] Announcing LAMN: Legion Against Meaningless certificatioNs

2009-03-22 Thread Bret Watson
Which is why I list that I have _had_ a CISSP, but am currently non-financial.. It was too damn easy to pass and too damn hard to keep up with the CPE point entry... :) I was LAMN member #8 :) Best number :) Cheers Bret At 03:38 PM 21/03/2009, Joe Teff wrote: I notice certs like CISSP when

Re: [SC-L] Question about SSE-CMM

2007-10-08 Thread Bret Watson
Hi Fransisco, definitely - the principles are the same. I used this a couple of years ago to bring a group from 0 to lvl 1... Of course what really tends to happen is that some parts actually move to 3+ whilst others only just make it to 1 level - and by the rules of CMM you can only claim

Re: [SC-L] Really dumb questions?

2007-08-30 Thread Bret Watson
At 10:51 PM 29/08/2007, McGovern, James F (HTSC, IT) wrote: - So when a vendor says that they are focused on quality and not security, and vice versa what exactly does this mean? I don't have a great mental model of something that is a security concern that isn't a predictor of quality.

Re: [SC-L] MetriCon 2.0 CFP

2007-04-25 Thread Bret Watson
You know its a little off topic - but I'd kill for a set of metrics around the effectiveness/efficiency of a SOC :) Anyone got any ideas? The usual events per person type metrics are backwards (good security means less events so lower efficiency Thanks Bret