cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Newcomer II

Re: It takes courage to fail!


@billclancy wrote:

"... I've also been in the infosec field for a good many years, and I've discovered What we do at work, usually isn't the correct answer.. Sounds odd, but it turns out to be true."


The view of the CISSP test is always "top down" not "bottom up". You can have worked in the field and you have processes which work for your organization, but are you fully implementing best practices?

 

The CBK of the CISSP is framework much like ITIL. Many companies choose what components they can implement due to organizational maturity and business needs.

 

-Gary

Highlighted
Community Champion

Re: It takes courage to fail!

Yep. That's likely why it's better to call them "good practices" instead of "best practices" for ITIL and all of the other compendia out there, including our own dear CBK.

There is never one-size-fits-all because not everything is the same size, runs the same way or has the same value.

Moreover, not all of the countermeasures known are needed; and often it's the counter to the countermeasure that could have (or should have) been applied (and wasn't). ;-(

Beleaguered security folk simply can't think of everything (whether they be newbies or old hands.)

Community Champion

Re: It takes courage to fail!

> j_M007 (Contributor I) posted a new reply in Certifications on 07-25-2018 05:19

> Yep. That's likely why it's better to call them "good practices" instead of
> "best practices" for ITIL and all of the other compendia out there, including
> our own dear CBK.

When I wrote the dictionary, I defined:
best practice
(1) the gold standard for security buzzphrases.

and

gold standard
the best practice in describing your standard, if you want people to buy into it

There was an extended discussion on the use of the phrase "best practice" on the
CISSPforum in July of 2005.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
[M]any US tourists were put off visiting Europe on the grounds
that they would be targeted by terrorists. Some US tour groups
started wearing maple leaf and similar Canadian motifs so as to
feel safer from attacks. However, statistics suggest that you
are much more likely to suffer personal violence in many US
cities than in many perceived European trouble spots.
- Angus McIlwraith
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468