On Sun, 2004-02-01 at 14:37, Les Bell wrote: > Task 1 "Know common security standards" - This mentions ISO17799, but not > BS 7799.2, which is much more directly applicable. How about NIST 800 > publications, which are popular in the US, or IATF? In other countries, > especially in government areas, candidates may be required to work to local > standards (e.g. ACSI 33). How about industry-specific requirements, e.g. > HIPAA? I'm not sure I'd require a candidate to know all of ISO TR 13335 - > it's huge (not to mention expensive!). > I would *very* much like to see some focus here on the "Plan-Do-Check-Act" > model used in ISO9001 and BS 7799.2:2002. A senior administrator should be > able to take responsibility for most of the "Do-Check" parts of this model, > and should be able to communicate effectively with management in these > terms.
We can get into ISO and NIST and countless other standards. I'm more than open to those as well. I merely suggested the CBK because it is recognized and used by _both_ the ISC2 and the SANS/GIAC, two established certification vendors. More specifically, I suggested following the 7 CBK domains of the SSCP at the top-level of the LPIC-3 Security Exam, and then breaking down from there into tasks (as they do so easily). It's so hard to differentiate between "procedures" and "tasks" in many standards. Again, I feel the 7 CBK domains of the SSCP are the most relevant to a system security practioner, mapping well into LPI's task-focused approach as we get more specific into actual Linux administration and knowledge. -- Bryan J. Smith, E.I. -- Engineer, Technologist, School Teacher [EMAIL PROTECTED] _______________________________________________ lpi-examdev mailing list [EMAIL PROTECTED] http://list.lpi.org/mailman/listinfo/lpi-examdev
