At 08:01 AM 22/12/2009, Mike Boberski wrote: Hi Gary. To play devil's advocate: Current organizational practices aside, I would say that organizations really need more and better toolkits and standards for developers to use, than they need more and better committees. I'd have to agree -
Which is why I list that I have _had_ a CISSP, but am currently non-financial.. It was too damn easy to pass and too damn hard to keep up with the CPE point entry... :) I was LAMN member #8 :) Best number :) Cheers Bret At 03:38 PM 21/03/2009, Joe Teff wrote: I notice certs like CISSP when
Hi Fransisco, definitely - the principles are the same. I used this a couple of years ago to bring a group from 0 to lvl 1... Of course what really tends to happen is that some parts actually move to 3+ whilst others only just make it to 1 level - and by the rules of CMM you can only claim
At 10:51 PM 29/08/2007, McGovern, James F (HTSC, IT) wrote: - So when a vendor says that they are focused on quality and not security, and vice versa what exactly does this mean? I don't have a great mental model of something that is a security concern that isn't a predictor of quality.
You know its a little off topic - but I'd kill for a set of metrics around the effectiveness/efficiency of a SOC :) Anyone got any ideas? The usual events per person type metrics are backwards (good security means less events so lower efficiency Thanks Bret