On Saturday, November 16, 2002 1:49 PM, Hugo van der Kooij wrote: > So one is either capable enough to install a free os and perform the > required tests with tools like nessus. Or one should be larted untill > (s)he knows that security is a job which requires skills on which > one must work and keep working. > > Hugo.
I got to take expection to that one. Although the understanding of many of the skills required by security professionals overlap those of traditional system administrators, to imply that an individual has no business doing security management unless they have intimate understanding of current implementation and package management processes of any particular OS (linux in this case) and software as a requirement to the "job" of security isn't appropriate, IMHO. The demands being placed on security groups today to protect the availability, accountability, and integrity of systems is growing on many fronts. As organizations mature their security management program, challenges in risk management relating to organizational, cultural, ethical, and technical issues are requiring many new skills in the areas of strategic planning, risk mitigation, incident management, and security investigations that have nothing to do with being able to install and run something like Nessus. Nessus is a great tool, but as such is just a means and not an end to security. The "job" is changing. Bob Mahan Network Security Operations Phone: (847) 571-5525 mailto:[EMAIL PROTECTED] http://www.nsoco.com - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
