Duane writes:
> We are not swayed much by certifications. Of course, a number
> of us at QSS don't even have a college degree.

The CISSP people look to be trying to create a guild of "professional"
security workers.

I suspect that, having created this new professional class, a subsequent
goal will be to pursue policy and/or legislation that reserves certain jobs
for the members of the new "profession" and/or requires the employment of
their members in as many positions as they can get away with.

Like seemingly all such activities, membership in their club requires that
one subscribe to a "Code of Ethics".  These codes often include provisions
that seem to support the guild itself rather than the ethical behavior of
its members.

From:

   https://www.isc2.org/cgi-bin/content.cgi?category=12

we see that the CISSP group's ethics "canons" are simple enough:

   Protect society, the commonwealth, and the infrastructure.
   Act honorably, honestly, justly, responsibly, and legally.
   Provide diligent and competent service to principals.
   Advance and protect the profession.

Though they provide guidance for their interpretation...

"In arriving at the following guidance, the committee is mindful of its
responsibility to:
[...]
* To discourage such behavior as:
[...]
   * Professional association with non-professionals
   * Professional recognition of or association with amateurs
[...]

I note that to become a CISSP "Certified Professional" one must have three
years of experience as a "full-time security professional" (the requirement
goes up to four years as of 2003).  There can't be that many people who can
qualify under this requirement, and those who can probably will have no
trouble finding employment regardless of their certification status.

G.

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *