Wait, a cert that requires EVERYONE to get it and not just the security
people? Brilliant! They'll make millions.
BB
On 1/31/12 11:45 AM, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote:
> http://www.infosecurity-magazine.com/view/23571/a-call-for-a-new-standard-in-
> infosec-training-and-awareness/
>
> " ... the way to do this is via a new infosecurity standard that solely
> focuses on
> training and awareness and is delivered in the work environment"
>
> Now, I'm all for security awareness. I'm all for *more* security awareness.
> I'm all
> for *better* security awareness. I'm all for infosec departments to actually
> *try*
> security awareness (since they say often say, "well, if it was gonna have
> worked, it
> woulda worked by now" and never try it).
>
> But, come on. A new "standard"?
>
> As the man[1] said, the wonderful thing about computer "standards" is that
> there
> are so many to choose from.
>
> What are we going to certify? Users? "Sorry, you have been found to be too
> stupid to use a computer at work. You are hereby issued this non-jailbroken
> iPad."
>
> No, undoubtedly he thinks we are going to "certify" the awareness materials
> themselves. Good luck with that.
>
> I've been a teacher for a lot of years. I've also been a book reviewer for a
> lot of
> years. And I've published books. Trust me on this: a variant of Gresham's
> Law is
> very active in the textbook and educational materials field. Bad textbooks
> drive
> out good. As a matter of fact, it's even closer to Gresham: money drives out
> good
> textbooks and materials. Publishers know there is a lot of money to be made
> in
> textbooks and training materials. Publishers with a lot of money are going
> to use
> that money to advertise, create "exclusive" contracts, and otehrwise ensure
> that
> they have the biggest share of the market. The easiest way to do that is to
> publish
> as many titles as you can, as cheaply as you can. "Cheaply" means you use
> contract writers, who can turn out 2-300 pages on anything, whether they know
> about it or not.
>
> So, do you really think that, if someone starts making noise about a security
> awareness standard, the publishers won't make absolutely certain that they've
> got
> control of the certification process? That if someone comes up with an
> independent standard that they can withstand the financial pressures that
> large
> publishers can bring to bear? That if someone creates an independent cert,
> and
> firmly holds to principles and standards, that the publishers won't just
> create a
> competing cert, and advertise it much more than the independent cert can ever
> hope to?
>
> After all, none of us can possibly think of any lousy security product with a
> lot of
> money behind it that can command a larger market share than a good, but
> independent, product, now can we?
>
>
> [1] Well, maybe it was Andrew Tanenbaum, but maybe it was Grace Hopper. Or
> Patricia Seybold. Or Ken Olsen.
>
> ====================== (quote inserted randomly by Pegasus Mailer)
> [email protected] [email protected] [email protected]
> Been working on my people skills. I can throw them pretty far now
> https://twitter.com/robotinthewild/status/34707914191011840
> victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
> http://blogs.securiteam.com/index.php/archives/author/p1/
> http://twitter.com/rslade
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
