[email protected] made the following keystrokes: >Another Major reason for being opposed to regulation is that the >definition of the 'right way' to do something varies too much, and it >morphs over time. Licenseing tests change too slowly for a field in as >much flux and with so many 'good' ways to do things for them to be real. >As a result people study the 'right' answer for the test and then ignore >it for real work.
Another of my long rambling posts, but I hope this puts a different spin on this discussion. The topic is "Regulated System Administration", not certified RH, Debian, Solaris, or even Windows* admin. In some ways this could be no more than a checkbox to say that you have read X regulations and know you need to comply with them. There are lots of "right" ways of doing things. The problem is that there aren't "standard" ways of doing things. You can find the same bits on any OS, or at least have the tools to provide those same bits in many different formats and locations on whatever system you are managing. The key in this is that you are first and formost a system-administrator, not a RH-SA or MS-SA or Debian-SA... Going with the medical profession, you are a doctor first then find your specialty. You need to know the basics that cover all the major points. We've seen the debates all to often about how to provide tests for certifications. The debate really does get mired into the details on various operating systems and/or the multitude of "right" ways of doing things. So getting back to the true topic at hand of how to handle or be certified into a "Regulated System Administration" field. it's NOT about the OS you are dealing with. It's the basic best practices. Implementation can be handled in the "right" way per site. Tossing out a possible idea in what regulation may mean... Base the test on how someone can handle questions out of NIST 800-53. It is OS agnostic and looks towards how your system is configured and how much risk you are willing to accept. Not an easy testing/grading method, but better than command/file level expectations. If you are unfamiliar with 800-53, replace it with HIPAA, SOX, PCI, FISMA or other standards. Again the OS details are irrelevant. For a mechanic, they don't need to know what the proper torque is on every bolt, but they need to know when/if it's important and to check it with what the manufacturer says it's supposed to be. It varies per manufacturer per model per engine .... Too much to remember. The goal is the have a better/safer/more-secure/compliant system that isn't going to get you or your company into trouble because you didn't bother to implement standard requirements. For something smaller, try coming up with a way of testing someone on if they are compliant with the Code-of-Ethics. While you may think it's easy, try going to other countries and see if you get the same answers. What is "right"? This came up in the BoF a few years ago when there was concern that the CoE was possibly becoming dated. --Gene _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
