Monday, October 22, 2007
Do Audit Firms create Insecurity...
There are two things that need to change in order to make security better and the first is the elimination of the CISSP certification...
Security is a state of mind, not the exclusive territory of certified professionals. In fact, most real security professionals acknowledge that the notion of remembering best practices and running around with checklists can actually hurt the agenda to becoming secure.
If we can get folks to understand that CISSP is of questionable value and instead figure out how to talk about real issues such as selling information security management to IT executives then we would be in a better place.
Most IT executives have their heads filled with garbage as compliance is the only issue ever raised by most external auditors who likewise encourage template oriented thinking.
| | View blog reactionsSecurity is a state of mind, not the exclusive territory of certified professionals. In fact, most real security professionals acknowledge that the notion of remembering best practices and running around with checklists can actually hurt the agenda to becoming secure.
If we can get folks to understand that CISSP is of questionable value and instead figure out how to talk about real issues such as selling information security management to IT executives then we would be in a better place.
Most IT executives have their heads filled with garbage as compliance is the only issue ever raised by most external auditors who likewise encourage template oriented thinking.