At 08:01 AM 22/12/2009, Mike Boberski wrote:
Hi Gary.
To play devil's advocate:
Current organizational practices aside, I would say that
organizations really need more and better toolkits and standards for
developers to use, than they need more and better committees.
I'd have to agree -
Which is why I list that I have _had_ a CISSP, but am currently
non-financial.. It was too damn easy to pass and too damn hard to
keep up with the CPE point entry...
:) I was LAMN member #8 :) Best number :)
Cheers
Bret
At 03:38 PM 21/03/2009, Joe Teff wrote:
I notice certs like CISSP when
Hi Fransisco,
definitely - the principles are the same. I used
this a couple of years ago to bring a group from
0 to lvl 1... Of course what really tends to
happen is that some parts actually move to 3+
whilst others only just make it to 1 level - and
by the rules of CMM you can only claim
At 10:51 PM 29/08/2007, McGovern, James F (HTSC, IT) wrote:
- So when a vendor says that they are focused on quality and not
security, and vice versa what exactly does this mean? I don't have a
great mental model of something that is a security concern that isn't a
predictor of quality.
You know its a little off topic - but I'd kill for a set of metrics
around the effectiveness/efficiency of a SOC :)
Anyone got any ideas? The usual events per person type metrics are
backwards (good security means less events so lower efficiency
Thanks
Bret