> dcontesti (Contributor I) mentioned you in a post! Join the conversation below:
> PS: Rob, remember I was trying to be nice with the over 50.
Not to worry. (At least you put in the "under 90" :-)
Also remember that, while I am a newcomer (from your perspective) to ISC2, I took my CISSP way late. (Although I do remember the first calls for submissions to the exam, even before they had settled on the org and cert names. That was a couple of years after I had started researching computer viral programs, but I didn't get involved with the creation of the exam because "security" people didn't think viruses were a security problem, back then.)
Brilliant, and you have been telling the story ever since.
"Truth is a term used to indicate various forms of accord with fact or reality, or fidelity to an original or to a standard or ideal. The opposite of truth is falsehood, which, correspondingly, can also take on logical, factual, or ethical meanings. Language and words are a means by which humans convey information to one another in semiotic associations, and the method used to recognize a truth is termed a criterion of truth. There are differing claims as to what constitutes truth, what things are truthbearers capable of being true or false, how to define and identify truth, the roles that revealed and acquired knowledge play, and whether truth is subjective or objective, relative or absolute. " Source: https://en.wikiquote.org/wiki/Truth
Whereas Bias is deemed to be:
"Bias is disproportionate weight in favor of or against one thing, person, or group compared with another, usually in a way considered to be unfair.
Biases can be learned by watching cultural contexts. People may develop biases toward or against an individual, an ethnic group, a sexual or gender identity, a nation, a religion, a social class, a political party, theoretical paradigms and ideologies within academic domains, or a species. Biased means one-sided, lacking a neutral viewpoint, or not having an open mind. Bias can come in many forms and is related to prejudice and intuition.
In science and engineering, a bias is a systematic error. Statistical bias results from an unfair sampling of a population, or from an estimation process that does not give accurate results on average."
You all realize that if you *ever* fix *anything* for *any* of your relatives, you are thereafter required to be free technical support for it for the rest of your life ...
I couldn't agree more! But I've been playing it safe. For example, when my Mum recently complained that her smart phone was getting slow and asked if I could speed it up, I told her it might call for removing free apps & the like that she had on it. After that, she didn't ask me again.
Of course, at times there's no avoiding it --- in which case I'll take steps to reduce the impact of forgetfulness. Few years back I assisted an uncle with making a purchase from my computer, after which I felt compelled to send him an email, despite having it verbally confirmed...
So if they're going by 'Don't hate the player, hate the game,' there's not doubt that I've inadvertently given my relatives a reason to dislike IT Security....
In walks the general manager, he states you know all about security, my friend a fellow CEO has a problem, I would like you look at and advise him. Like a good Kiwi.... He suspects that someone internally or externally is eavesdropping on their important e-mail exchanges. So one duly advises the General Manager to inform his friend the CEO, that perhaps he should bring in a licensed forensic investigator recognised by a court of law - because I do not believe in human behaviour, unless you get a written submission stating they will not prosecute based on your findings. Would you believe the CEO, when they state do your best - we won't take it to a court of law or we won't prosecute. However as we know, whoever touches the keyboard, effectively owns the situation and everything that goes with it, in such cases.
Would you believe the CEO?
Would you believe the CEO?
There's always the possibility that you'll be made a scapegoat at an organization, so it's best to take a CYA (Cover Your A**) approach. No doubt I can't add this to our organisation's Security Policy (), but I follow and promote it for just about everything, nonetheless.
If I'm asked to carry out any kind of task at work, I ensure that I've got a proper approval from management before I go ahead. If it's an emergency, I'll record the initial communication and document authorization at a later stage. Wherever there are any issues / risks, etc, I formally notify the management about this.
I think trusting anyone at work to the extent that you're confident nothing will bounce back at you is a risk...
@Shannon I am in total agreement. I advised the General Manager and gave him reasons, why we should not be involved, with a full explanation.