31 Aug
2009
31 Aug
'09
4:06 p.m.
Highly unlikely that 3 years is sufficient time to devise a certification,
No big deal; they could just adopt the CISSP/GIAC cert without modification as an interim step. Existing certs are already being used in some court cases: http://www.wisbar.org/AM/Template.cfm?Section=Home&TEMPLATE=/CM/ContentDisplay.cfm&CONTENTID=70438
Unintended consequences - will this encourage the head of an agency to instead say "screw it" and *not* use any cybersecurity services?
Not likely. Corporate Officers must already make decisions that meet a wide range of existing "reasonable man" tests with respect to security. This is not the only law/regulation in existence. David