Home > Archive > Security+ > January 2003 > P.J. Connolly 's last column plugs Security+





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author P.J. Connolly 's last column plugs Security+
Tcat

2003-01-02, 1:50 pm

http://www.infoworld.com/articles/o...6opsecurity.xml

Farewell, for now
I CAN'T GET into a holiday frame of mind. I'm writing this column in the first week of December; the sun is shining, and the temperature is shirtsleeve comfortable. No wonder I lack the desire to hand out coal and oranges, and reprise last year's festivities by saluting people who made 2002 such an interesting year for IT security.
Instead, I'm going to wrap up a couple of topics near and dear to my heart. I won't get a chance to revisit them next year because this is my last Security Adviser column. Don't despair -- Wayne Rash will be writing the column in the foreseeable future. I'm not being punished (much to the dismay of some of you), but merely taking a rest.
Anyway, I wanted to touch base on the issue of certifications before the year ended. A few of you assumed that I'm against all certification programs, which couldn't be further from the truth. Most of you shared, or at least understood, my negative opinion of the value of most vendor-specific credentials in the absence of demonstrated day-in-and-day-out experience.
Many of you recommended the SANS (SysAdmin, Audit, Network, and Security) Institute/GIAC (Global Information Assurance Certification) course of study as a good, neutral grounding in security from the bottom up. But unless you're going to specialize in IT security, the SANS courses would be overkill for most IT people. A new program from CompTIA (Computing Technology Industry Association) prompted me to revisit the subject of certification. Known as "Security+," the program appears to provide a good assessment of an individual's overall IT security awareness.
The level of knowledge required for a Security+ ticket isn't trivial, but it covers a broader range of topics than anything you'll get in a course on how to secure the XYZ operating system. Instead, the test focuses on basics that are consistent from platform to platform, whether you're driving a mainframe or an iMac. Shoot, with all my new-found free time, I might even take the test myself.
Meanwhile, those of you who have to come up with an information security policy for your shop in the new year have two choices. The first is to search the Web and come up with the best possible collage from publicly available materials. You'll learn a lot along the way, but that's an awfully time-consuming process, and it's tough to feel that you've covered every contingency.
The second choice -- the one I endorse -- is to cough up $800 for Information Security Policies Made Easy by Charles Cresson Wood. This mammoth tome, published by PentaSafe Security Technologies, is now in its ninth edition, and I figure that anything not covered by one of the more than 1,300 canned policies probably isn't worth worrying about. The admittedly steep price looks a lot better when you realize that it includes an organizationwide license to use the materials in the book and on the CD-ROM.
That's it for me, so I wish all of you happy holidays, safe driving, and a secure new year.
P.J. Connolly is a senior analyst at the InfoWorld Test Center. Contact him at pj_connolly@infoworld.com .
Sponsored Links





Free Braindumps | MCSE braindumps software forum

Copyright 2003 - 2008 examnotes.net