[EMAIL PROTECTED] writes:
> certifications such as CISSP whereby the exams that
> prove you are a security professional talk all about
> physical security and network security but really don't
> address software development in any meaningful way.
Perhaps what is needed is a separate certification
I'm gonna have to go ahead and disagree with you, there, Michael. You're
looking at things far too narrowly. And here's a very simple example:
Small business. Single DMZ. Hosts DB and Web App on separate platforms.
Web app needs to make back-end calls to DB. There's no reason whatsoever
why
I respectfully disagree.
The need for a firewall or IDS is due to the poor coding of the receptor of
network traffic - so you have to prevent bad things from reaching the
receptor (which is the TCP/IP stack and then the host operating system - and
then the middleware and then the application).
Th
On Thu, 8 Mar 2007, Greg Beeley wrote:
> Perhaps one of the issues here is that if you are in operations work
> (network security, etc.), there are more aspects of the CISSP that are
> relevant to your daily work. In software development, there is usually
> just the one - app development sec - t
> [...] I do suspect that some of it is tied to the romance of
> certifications such as CISSP whereby the exams that prove you are a
> security professional talk all about physical security and network
> security but really don't address software development in any meaningful
> way. [...]
Tha
-Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Gunnar Peterson
> Sent: Thursday, March 08, 2007 9:13 AM
> To: [EMAIL PROTECTED]
> Cc: SC-L@securecoding.org
> Subject: Re: [SC-L] What defines an InfoSec Professional?
>
> actually
MAIL PROTECTED]
Sent: Thursday, March 08, 2007 2:07 PM
To: Gunnar Peterson; McGovern, James F (HTSC, IT)
Cc: SC-L@securecoding.org
Subject: RE: [SC-L] What defines an InfoSec Professional?
The right answer is both IMO. You need the thinkers, integrators, and
operators to do it right. The term S
a, Brian A [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 08, 2007 2:07 PM
To: Gunnar Peterson; McGovern, James F (HTSC, IT)
Cc: SC-L@securecoding.org
Subject: RE: [SC-L] What defines an InfoSec Professional?
The right answer is both IMO. You need the thinkers, integrators, and
operators to d
erson
Sent: Thursday, March 08, 2007 9:13 AM
To: [EMAIL PROTECTED]
Cc: SC-L@securecoding.org
Subject: Re: [SC-L] What defines an InfoSec Professional?
actually just the former. Robert Garigue characterized firewalls, nids,
et al as good network hygiene. The equivalent of a dentist telling you
to
actually just the former. Robert Garigue characterized firewalls, nids, et al
as good network hygiene. The equivalent of a dentist telling you to brush your
teeth. An infosec pro needs much more depth than that. The model is charlemagne
http://1raindrop.typepad.com/1_raindrop/2007/02/thinking_ab
10 matches
Mail list logo
