Re: Government of Mauritius, confidentiality compromised

From: S Moonesamy <sm+mu_at_elandsys.com>
Date: Thu, 10 Dec 2015 01:57:24 -0800

Hi Ajay,
At 22:26 09-12-2015, Ajay R Ramjatan wrote:
>I don't think its 100% subjective. In a security course, if the
>training material goes against established security practices, it is
>an indication that the course is of questionable quality.

The training material could cover vulnerabilities which have been
used or which are currently in use. The best way to learn about that
is from the person writing the software. However, that is usually
not recommended as it raises questions about ethics. If the person
is going to be responsible for some aspects of information security,
the person would have to be able to analyze a vulnerability and
assess its impact. Some of the work of the person would have to go
through open peer review if there isn't any evidence that it adheres
to established security practices.

There is a message from Dr Naicken at
http://lists.elandnews.com/archive/mauritius/internet-users/2015/11/3978.html
One of the interesting points in that message is about the depth of
knowledge which is required. There is also breath of knowledge which
is sometimes confused with depth of knowledge.

Regards,
S. Moonesamy
Received on Thu Dec 10 2015 - 09:58:41 PST

This archive was generated by hypermail 2.3.0 : Thu Dec 10 2015 - 10:00:01 PST