Access "Perspectives: Smoke and mirrors certifications"
This article is part of the July/August 2007 issue of CISO survival guide: 18 of the best security tips
Professional organizations use ethics policies to protect their certifications instead of promoting ethical behavior. Every major security certification organization--ISACA, GIAC, (ISC)2 and ASIS--has some sort of ethics requirements, which at first blush appears good for both the security community and the world at large. After all, doctors and lawyers have ethics requirements. And Sarbanes-Oxley requires every employee of every covered company to annually sign off on what is effectively an ethics statement. However, these security organizations seem to use ethics requirements as more of an excuse to protect the certification rather than having any real interest in promulgating ethical behavior by their members or constituencies. These groups like to say that they certify knowledge, not qualifications for employment. However, aside from the Professional Certified Investigator (PCI) from ASIS, which requires the ability to identify potential ethical conflicts in investigations, none of the traditional information security certifications (CISSP, GIAC or CISM)... Access >>>
Premium Content for Free.
Emerging Technologies: How to secure new products
New business initiatives mean new threats.
Protecting Your Brand
Customer confidence is at risk when a breach occurs.
Is perimeter security viable with Swiss cheese networks?
At Your Service: Veracode's SaaS-based application analysis
Metasploit Framework 3.0 Product Review
In this product review, learn everything about the Metasploit Framework 3.0, a penetration testing tool for Linux and Windows platforms.
- Emerging Technologies: How to secure new products
Success requires skills in business, technology and people.
Antivirus: ESET's NOD32 Antivirus 2.7
ESET's NOD32 Antivirus 2.7
Unified Threat Management: Secure Computing's Sidewinder 2150 v7
Secure Computing's Sidewinder 2150 v7
Encryption software vendors can expect challenge from hardware front
Until now, the laptop encryption market has belonged to software vendors. Learn how all that has changed.
Endpoint Security: F-Secure's Client Security 7.0
F-Secure's Client Security 7.0
- Office Politics
More Premium Content Accessible For Free
Deploying data protection technologies properly requires a lot of time and patience. While most firms can get started by using preconfigured policies...
The bring your own device (BYOD) movement, which has flooded the enterprise with employee-owned smartphones, tablets, phablets and purse-sized ...
For so long penetration testing meant hiring an expert to use skill and savvy to try to infiltrate the company system. But, as with most ...