Some of the best security experts are the hackers and crackers themselves-the certifications (if they have them) aren't the base of their skills. The ability to detect and correct security exploits and security holes is largely a matter of experience and ingenuity. Security exploits and holes can be very many and can cross a wide range of devices (basically anything that can be programmed and can connect to a network is lethal nowadays) e.g. I could write a virus or worm than lies dormant on a host portable device until it's plugged into a computer, the virus then creeps into the systems collecting some few info and it returns into the portable device. This device can be mine or anyone else (which I might have sent via bluetooth), the worm can detect the anti virus in the system and when it was last updated and abort if necessary, This is just a quick thought in my mind and one can easily see how it can become far more complex.
- Someone intruding a system doesn't
have to cause damage to it.
- There is a psychology that motivates these people to intrude one system and not another, I hope there is a certification that talks about that. Just because the systems of company X haven't been intruded yet doesn't mean they are secure.
- Intrusion can happen from almost anywhere in the world. Someone can be sitting in the middle of L.Victoria with a nice satelitte connection, do the job, damp the laptop in the lake (, catch some fish) and go home.
I definitely wouldn't compare to a doctor.
waudo siganga <emailsignet@mailcan.com> wrote:
Re: [kictanet] Experts: Kenyan businesses unprepared for security attacks IT Security can also be enhanced if we promote the idea of IT experts operating in a legal and regulatory environment. An IT Practioners Management Act would go a long way in ensuring acceptable qualifications, licensing, disciplining, continuous professional development (including periodic training in security). When a doctor is to operate on me I expect him to be licenced; I should have the same expectation of an "IT expert" who wants to operate on my company systems/data.WaudoOn Tue, 29 Apr 2008 03:44:57 -0700 (PDT), "Rebecca Wanjiku" <rebeccawanjiku@yahoo.com> said:Experts: Kenyan businesses unprepared for security attacks
The switch to more computerized information and processes has led to increased productivity and profits for many Kenyan companies, but information security has been neglected, according to IT experts in the country.Many companies in Kenya adopt high-tech hardware and software, but very few are fully investing in information security and frequent audits to identify vulnerabilities, according to John Gichuki, an information security and forensic auditor.http://computerworld.co.ke/articles/2008/04/28/experts-kenyan-businesses-unprepared-security-attacks
Tel. 254 720 318 925
blog:http://beckyit.blogspot.com/
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.--_______________________________________________
waudo siganga
emailsignet@mailcan.com
kictanet mailing list
kictanet@lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: kiriinya2000@yahoo.com
Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/kiriinya2000%40yahoo.com