[Techtalk] Security professionals/hobbyists -- Opinions?
Megan Golding
meggolding at yahoo.com
Sat Aug 3 08:05:00 EST 2002
Hello everyone!
I'm writing an article about the value of security training and am
interested in opinions from y'all.
According to a 1999 SANS survey[1] of about 1800 security experts,
the top management error that leads to vulnerabilities in networks is
the assignment of untrained people to security roles and providing
neither training nor time.
Though this survey is almost 3 years old, I think the general
conclusion -- people are all-too-often left guarding a network
without the knowledge of exactly what they're doing -- is still
accurate. In fact, If you contrast this conclusion against the Top 20
Internet Security Vulnerabilities[2], you start to believe. If not a
majority, then at least a significant number, of the top 20 are
easily attributed to lack of knowledge.
Anyone care to offer up opinions on this?
* Do you think lack of training is really the
top explanation for weak security?
* If we think of "training" in the formal sense,
where one attends courses, which security
certifications carry the most value? Least?
* If we count "training" in the SANS survey
as acquiring knowledge (regardless of the
source), can you describe the optimal environment
for acquiring maximum knowledge -- how
many people are ther? What types of experience?
* Have any horror stories you're willing to share?
Network breakins because of some lack of
knowledge on your or someone else's part?
[1] http://www.sans.org/newlook/resources/errors.htm
[2] http://www.sans.org/top20.htm
Thanks for your input! I look forward to hearing from y'all -- and
discussing your viewpoints.
Meg
__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com
More information about the Techtalk
mailing list