On Thu, 15 May 2008 09:11:37 PDT, Morning Wood said: > >> Anybody who thinks a CISSP is a "license to hack" is dreadfully ignorant > >> of what little overlap there is between hacking skills and the material > >> covered in the CISSP. > > CISSP's cant hack Right, because the CISSP isn't about hacking. It's about risk management. It's about balancing the cost of adding more security to a system against the costs of an intrusion. It's about the costs of testing a disaster recovery plan, and the costs of not having a plan. It's about what sort of backup schedule you should have, and what the retention period on the backups should be, and why. It's about knowing how deep a background check you should make on prospective employees. It's about how much security awareness training the users need. Hacking is a *very small* part of the security world.
Attachment:
pgpP7k3mlgRRE.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/