Task 1 "Know common security standards" - This mentions ISO17799, but not BS 7799.2, which is much more directly applicable. How about NIST 800 publications, which are popular in the US, or IATF? In other countries, especially in government areas, candidates may be required to work to local standards (e.g. ACSI 33). How about industry-specific requirements, e.g. HIPAA? I'm not sure I'd require a candidate to know all of ISO TR 13335 - it's huge (not to mention expensive!).
I would *very* much like to see some focus here on the "Plan-Do-Check-Act" model used in ISO9001 and BS 7799.2:2002. A senior administrator should be able to take responsibility for most of the "Do-Check" parts of this model, and should be able to communicate effectively with management in these terms. Best, --- Les Bell, RHCE, CISSP [http://www.lesbell.com.au] _______________________________________________ lpi-examdev mailing list [EMAIL PROTECTED] http://list.lpi.org/mailman/listinfo/lpi-examdev
