One major flaw in your example is that as a system administrator, it's not your job to dig through every line of the web application to see if it is following best practices.
Going back to the medical profession stuff that was used earlier, it's not just the Doctors that are considered professionals when dealing with your health care. Doctors, Nurses, Aides, and basicly anyone involved in your care has requirements and training. In considering SA as a profession, you really are not going to get much business buy-in on needing that if it also means that everyone else working in their IT spaces also needs to follow these standards. Note they can't have an untrained nurse in your med path, so why would you allow just any web developer to be involved in your web site? This started from the status of CyberSecurity as a profession. While there are lots of change going on in that space, I think it's badly named. Most people in the CyberSecurity are also in the Information Security realm. The core pieces of that have remained consistent over a fairly long time. You may have more exposures added because of the online cyber components, but the basic goals go back to the first time information was expected to be protected. Most people in Cybersecurity also have to deal with some of the physical aspects of the data. Where are the backups? How is it retained long term? etc etc etc. We've been fighting variations of worm, virus, trojans, ... malware for over 25 years now. While there are new ones appearing all the time, you can trace their history back to those very early things. Much like the many variations of the flu,... and the similarities to the medical profession. Michael Tiernan made the following keystrokes: >If I were to put it in terms of the SA business.... (fer instance) > >A company (Acme Inc) who wants a website to represent them for >advertisement/sales/support must, by orders of their being a business, make >sure that the company hosting the product is reasonably reliable and 'in >good standing' and that their practices include "licensed" (or whatever >term you want) system admins who practice a known set of standard type >procedures for security and privacy and reliability. > >Should this company, Acme, run into a problem and, let's say a number of >social security numbers are exposed, their insurance company can look at >the steps they took in procuring this website, see that they didn't make >sure that there were sysadmins in good stead employed and then the >insurance company can say "Tough luck dude. You're on your own." > >One or two of those cases and a large portion of businesses would make the >point of backing everyone here to make sure we meet a measurable set of >standards and practices. > >Before anyone starts saying the obvious, no, this does not cover 100% of >the cases/incidents out there but I'm sure it covers a good 90% of them and >let's face it, that's more than a majority and might be enough to reach a >critical mass allowing this business to be recognized as a 'true' >profession. > >Thank you to everyone for their indulgence and my use of the soap-box. >-- > << MCT >> Michael C Tiernan. > http://www.linkedin.com/in/mtiernan > Non Impediti Ratione Cogatationis _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
