Security Basics mailing list archives
RE: FW: CISSP Question
From: "Simmons, James" <jsimmons () eds com>
Date: Wed, 9 May 2007 17:28:08 -0500
And this is a great example. I have never said that the certs do not have a purpose, or at least provide a turn of luck. I just believe that the current system is greatly flawed if not broken. But here is a good situation about were a certification paid off. I congratulate you on your bit of luck. May it continue to flow in your favor. I am a little worried about the company encouraging you to get more certs, but only from an aspect in that they are putting a lot of value in certifications. If you are be positioned in a public facing position I can understand, as it just instills a sense of trust in the company from a customer point of view. Though I do not agree personally because it just perpetuates the myth of certifications as the only meter from which to measure. But as always, if the company is willing to pay, live it up. Regards, Simmons -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Shawn Sent: Wednesday, May 09, 2007 1:33 PM To: listbounce () securityfocus com Cc: security-basics () securityfocus com Subject: Re: FW: CISSP Question I feel silly addressing such a qualified and experienced crowd, but let me relay my experience with certifications as a young inexperienced newcomer to the world of Information Security. Six months ago I worked as a HelpDesk analyst for my company. I had no certifications. I had no technical degree (I have a BA in History). I had begun studying the MCSA track a bit before this. In January, I took and passed MCP 70-290. Literally the day I passed the exam, our Information Security Manager approached me about a job he had open. I'd seen the posting, but never, ever, ever thought I'd be remotely qualified for it, and would have never applied for it on my own without encouragement. Word had gotten around our IT department that I passed the exam...and now here I was being encouraged to apply for a job I never thought I had a chance for, by the person who would be hiring me. I did apply, and was hired shortly thereafter as a security specialist (my current position). I'm now nearly finished with the MCSA track, attending two classes paid for by my company to gain further certs, and am being encouraged by my boss to continue pursuing more certs (which the company is paying for). Just my humble input...but without starting the cert chase, I'd definitely still be a HelpDesker at this point. -Shawn
-----Original Message----- From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]
On Behalf Of Simmons, James Sent: Wednesday, May 09, 2007 12:34 PM To: Craig Wright; security-basics () securityfocus com Subject: RE: CISSP Question Craig, Just found my quote from the CISSP Registration Form. >>Valid experience includes information systems (IS) security-related work performed as a practitioner, >>auditor, consultant, investigator or instructor, that requires IS security knowledge and involves >>the direct application of that knowledge. The four years of experience must be the equivalent of >>actual full-time IS security work (not just IS security responsibilities for a four year* period); >>this requirement is cumulative, however, and may have been accrued over a much longer period of time. https://www.isc2.org/download/ExamRegistrationForm.pdf It mentions a practitioner, but not any sort of management experience. Regards, Simmons -----Original Message----- From: Craig Wright [mailto:Craig.Wright () bdo com au] Sent: Tuesday, May 08, 2007 5:26 PM To: Simmons, James; security-basics () securityfocus com Subject: RE: CISSP Question As a pointy haired manager, it demonstrates that staff are continuing
to
learn. As a manager, I find that this demonstrates commitment and involvement. At times I will have those doing the training and certification present what they have covered to the group (I know I am mean and nasty). As terrible as it may seem there are always those who state that they have been studying, but don't (though the threat of having to stand in front of your peers can be a good control). Being able to point out editorial positions, papers etc is valuable I admit, but you can still do the cert and the other. A part of my role comprises of digital forensic engagements. So having staff gain credentials is good. More the merrier as this helps impress jurists and clients. You get a lot further with a list of certs than industry networking when you are associating with those who have no involvement with IT security. Regards, Craig Craig Wright Manager of Information Systems Direct +61 2 9286 5497 Craig.Wright () bdo com au +61 417 683 914 BDO Kendalls (NSW) Level 19, 2 Market Street Sydney NSW 2000 GPO BOX 2551 Sydney NSW 2001 Fax +61 2 9993 9497 www.bdo.com.au Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. The information in this email and any attachments is confidential. If you are not the named addressee you must not read, print, copy, distribute, or use in any way this transmission or any information it contains. If you have received this message in error, please notify
the
sender by return email, destroy all copies and delete it from your system. Any views expressed in this message are those of the individual sender and not necessarily endorsed by BDO Kendalls. You may not rely on
this
message as advice unless subsequently confirmed by fax or letter
signed
by a Partner or Director of BDO Kendalls. It is your responsibility
to
scan this communication and any files attached for computer viruses
and
other defects. BDO Kendalls does not accept liability for any loss or damage however caused which may result from this communication or any files attached. A full version of the BDO Kendalls disclaimer, and
our
Privacy statement, can be found on the BDO Kendalls website at http://www.bdo.com.au or by emailing administrator () bdo com au. BDO Kendalls is a national association of separate partnerships and entities. -----Original Message----- From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]
On Behalf Of Simmons, James Sent: Wednesday, 9 May 2007 5:47 AM To: security-basics () securityfocus com Subject: CISSP Question >>Being that they have stated that employment as an Operators etc are not considered as valid experience, I would >>state that I feel that this would be a role where there is some management, design, consulting or other similar >>activity involved. So if you already have 4 years of experience in management, or design, or consulting, what is the value of the CISSP? You are already doing
the
job that most people are getting the certification are aiming for. Now of course this is a majority case, as there are people who get the
cert
for other reasons. But this is all my point. http://www.securityfocus.com/archive/105/466897/30/210/threaded Experience in doing the projects, actually getting involved in the industry on your own, is the better way to spend your money then
getting
a certification. And here we arrive back at the beginning. Regards, Simmons -----Original Message----- From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]
On Behalf Of Craig Wright Sent: Monday, May 07, 2007 3:41 PM To: Simmons, James Cc: security-basics () securityfocus com Subject: RE: CISSP Question I would look at this from the perspective of several of the ISC2 comments. Being that they have stated that employment as an Operators etc are not considered as valid experience, I would state that I feel that this would be a role where there is some management, design, consulting or other similar activity involved. That is - not just going through the motions as set by another, but actually having input into the process. As for what the ISC2 would do, this is up to them. They have options, but they have to have these weighted against the alternatives. This is the repercussions of dismissing people against the value of the certificate. So it is a matter of degree I would hazard to guess. Regards, Craig Craig Wright Manager of Information Systems Direct +61 2 9286 5497 Craig.Wright () bdo com au +61 417 683 914 BDO Kendalls (NSW) Level 19, 2 Market Street Sydney NSW 2000 GPO BOX 2551 Sydney NSW 2001 Fax +61 2 9993 9497 www.bdo.com.au Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. The information in this email and any attachments is confidential. If you are not the named addressee you must not read, print, copy, distribute, or use in any way this transmission or any information it contains. If you have received this message in error, please notify
the
sender by return email, destroy all copies and delete it from your system. Any views expressed in this message are those of the individual sender and not necessarily endorsed by BDO Kendalls. You may not rely on
this
message as advice unless subsequently confirmed by fax or letter
signed
by a Partner or Director of BDO Kendalls. It is your responsibility
to
scan this communication and any files attached for computer viruses
and
other defects. BDO Kendalls does not accept liability for any loss or damage however caused which may result from this communication or any files attached. A full version of the BDO Kendalls disclaimer, and
our
Privacy statement, can be found on the BDO Kendalls website at http://www.bdo.com.au or by emailing administrator () bdo com au. BDO Kendalls is a national association of separate partnerships and entities. -----Original Message----- From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]
On Behalf Of Simmons, James Sent: Tuesday, 8 May 2007 2:48 AM To: Craig Wright Cc: security-basics () securityfocus com Subject: RE: CISSP Question Craig, I have to say, that was a well written argument. It is so refreshing
to
debate with someone who actually understands the importance of
including
references. And many of your arguments I just cannot argue with. And you do make very good points. I guess the mind set where all this begat from was
the
definition of professional experience for which ISC2 is requiring. I guess a more proper questions would be, "What is ISC2 qualifying as professional experience?" My first assumptions were based on definitions and ideas on the difference between an amateur and a professional. Amateur is more of a hobbies, where a professional is making a living based on the quality
of
work. I was also speaking from a platform that they are allowing any sort of experience within the ten domains. I have come to this conclusion
based
on personal contact with individuals that I have or current work with that have already been audited. Though granted I was not involved in
the
process, and cannot say for certain the mood, or perceived mindset of the auditors, I can only draw my conclusions from conversations with individuals where military, enlisted IT staff, and other minor non-managerial roles experience was sufficient enough to obtain the CISSP. (Of which, you can make an argument about enlisted individuals having some leadership / manager experience based on rank and role.
But
that is another thread altogether.) So I guess ultimately this questions is just one based on perception
and
risk analysis. If you think one way and are willing to take the risk
for
a higher paying job, then go for it. I am curious though, as to how certain companies would react. An individual is hired, they obviously passed the test, and have been working for a company for x months, only to be told that there was a mistake regarding the what ISC2 regards as experience. Plus, would ISC2 revoke the entire cert, or just bump the individual down to an associate? Either way, this has been an interesting debate. Regards, Simmons -----Original Message----- From: Craig Wright [mailto:Craig.Wright () bdo com au] Sent: Friday, May 04, 2007 10:09 PM To: Simmons, James Cc: security-basics () securityfocus com Subject: RE: CISSP Question Simmons, Your question: "Why do you believe are the qualifications for an IT to be considered
a
professional? What does an IT individual need to have done to earn
such
a coveted title as a professional?" Is the heart of where we differ. I have 1 belief and accept no others personally as belief. My 1 belief has no relevance to this topic.
Other
than this I am a rational positivist. I place reliance on fact and evaluation and use these faculties to either deduce or infer the other aspects I need. Where this is infeasible, I place reliance on
authority
until that source is superseded. Though long winded, I will eventually in this post make answer to this and to the question of relevance to a CISSP. I am not an authority on any area of sociology. Although I have completed some introductory topics I am naught but a babe in the woods to this field. I do however know enough on the topic to place reliance on those who are expert and authoritative on this topic. Andrew Abbot is taken as authoritative in this field of knowledge. I have read his disputation of the professions and although I am
critical
of many aspects of this work, I have no where near the level of skills to dispute any of it. The diagram you liked was not as I stated mine, but from the book below by Dr Abbot. Abbott, Andrew "The System of Professions: An Essay on the Division of Expert Labor". 452 p. 1988 - http://www.press.uchicago.edu/cgi-bin/hfs.cgi/00/2952.ctl A good critical version of Abbott's "system of professions" is
contained
in the paper: "Professional rivalry and changing management control approaches in UK clearing banks" by Willie Seal and Liz Croft
-http://www.emeraldinsight.com/Insight/viewContentItem.do?contentType=Ar
ticle&hdAction=lnkhtml&contentId=869691 And System experts and decision making experts in transdisciplinary
projects
Author(s): Harald A. Mieg
http://www.emeraldinsight.com/Insight/viewContentItem.do?contentType=Art
icle&hdAction=lnkhtml&contentId=1563018&dType=SUB&history=false I have attached an introductory (anonymous) critique of Abbot below. So I place my trust in those who are authorities in their fields. I
have
no plans to add sociology to my studies in any greater way than I already encompass and as such will acquiesce to the superior knowledge and research of those who have wandered this path in depth. Abbot has done this exploration. I have nothing to contend his research and findings and nor do I believe that any other on this list could. It is not after all a list that is generally frequented by research sociologists. So I would that if you wish to answer this, follow his work. It is unfortunate that I can not attach the scan of his decision tree to
this
post, but so is life. I would suggest that those who have an interest read the books and papers I have attached. They are interesting
reading
(at least I found them to be so). So as an answer, some of us in IT engage our roles as professionals, others do not. This is not a statement of how competent or ethical one is; rather it is a classification and legal/sociological class. A trade (eg as was suggested an auto worker) is none the less valuable to society as it is classified as a trade rather than profession. An artisan (as some roles in IT would relate) is again not only valuable, but a class essential foundation to modern society. So whether one is engaged in an occupation, trade, artisan's pursuit
or
profession makes us no more or less valuable, it is just a classification. To desire to be a professional when one is not adds nothing. A belief that only professionals have ethics or values adds nothing. They are but separate designations. In perspective, the CISSP requires professional experience. This is
the
dispute. Those who lack experience in advocacy seek to change the defined boundaries of the classification. In particular, job descriptors such as "coder" or "operator" are generally not accepted by ISC2 as valid IT roles for professional experience. People in these occupations have to first become an associate and than progress in time to a CISSP. I have stated that there is a risk of applying without the requisite experience due to possible future deposition or exposure to the
forensic
process. Many on the list would presume that they are unlikely to have to face court as they are not in LE or digital forensics. HOWEVER, how many of us know the future with precision? What will the next 20 years bring? Something now that is an exaggeration may come
back
in the future to bite us. The case in point is this... As a future IT security manager or professional (if not a current one), how can you state with certainty that you will never have to be involved with a criminal prosecution or civil court action? I would hazard a guess that a good percentage of those on the list will be involved in some action in some manner
within
the next 20 years. The number of incidents is on the rise each year and the
criminalisation
of cyber attacks is progressing significantly. As a current or future
IT
Security manager or consultant, it is likely and even probable that we (us on the list) will have to respond to an incident. It is feasible that this will end us in court as an expert witness - which we will
like
it or not have to testify. So to conclude and being that the law has a long memory[1], is it
worth
ignoring the legal definition and basis for a classification just because we enjoy calling ourself something that we may not fall into? Alternatively, do we decide that not all IT people are actually professionals and that not all IT occupations are professionally associated? That helpdesk operators (as an example) is an introduction to IT that may (and oft does) lead to professional experience, but
that
not all roles are automatically such. I stand on a rather risk adverse platform. I see that I may be called
to
testify at any time and base my actions and statements on what I can categorically support. Than again, I do digital forensic work, insolvency support etc on a day to day basis. Maybe the risk is acceptable to others; that is the crux - it is your personal decision. Regards, Craig [1] The statute of limitations need not apply in cases where you have for instance exaggerated experience to gain a certification (eg a CISSP). In going to court, your testimony is taken at that point and unless you are to state that you lied in this effect (while you are under oath) you are involved in a continuing action and thus the limitations are placed from the time you last stated that you had the required experience - i.e. there in court. If alternatively you do
state
that you lied or exaggerated to gain the certificate while in court,
you
have than (under oath) stated that you breached the terms of the contract that you made to obtain the certification and thus will be excluded from this - a bit of a catch 22 analogy really... Critique Of Andrew Abbott (I do not have the citation for this) Part A: Summary Introduction: Andrew Abbott's book, The System of Professions: An Essay on the Division of Expert Labour contains a mix
of
comparative historical analysis and current evaluation, which is assembled within an analytical model that looks at professions from
the
viewpoint of their jurisdictions, the tasks they do, the expert knowledge needed for those tasks, and how competitive forces
internally
and externally work to change both the jurisdictions and the tasks. Abbott attempts to show that professions are interdependent systems, containing internal structures. He accomplishes this task by means of analyzing the emergence of modern professions and their relationships with each other cooperatively and competitively. Section I: Work, Jurisdiction, and Competition Abbott's book takes on an
individualistic
direction in its inception then moves to a more systematic view of professions. Modern studies of formal professions began with the rise
of
the discipline of social sciences in the 19th century. In the
beginning,
scholars debated about the theoretical interpretations of professionalism. There was a split between proponents of functionalist and monopolistic approaches. However, academics on both sides agreed, "that a profession was an occupational group with some special skill" (Abbott 1988: 7). Abbott mentions that there have been four different perspectives that have sought to interpret professionalization, a functional, structural, monopolistic, and a cultural view. Abbott
states
that the tasks of professions are to provide expert service to amend human problems (Abbott 1988: 33). These problems can be objective, in that they originate naturally or through technological imperatives. Problems can also be subjective, whereby they are imposed by society
or
a culture either from the present or past. Abbott argues that the
"real
difference between the objective and subjective qualities of problems
is
a difference in amenability to cultural work" (Abbott 1988: 36).
Abbott
outlines that there are several types of objective foundations for professional tasks. Some being technological, some organizational,
other
sources of objective qualities lay in natural objects and facts, while others came from slow-changing cultural structures. Abbott also argues that a "profession is always vulnerable to changes in the objective character of its central tasks" (Abbott 1988: 39). Besides the
objective
qualities, professional tasks also have subjective qualities, which
make
them susceptible to change. Unlike objective tasks, change does not
come
from the vagaries of external forces, but from the "activities of
other
professions impinge[ing] on the subjective qualities (Abbott 1988:
39).
According to Abbott, three acts helped to embody the cultural logic of professional practice. The three subjective modalities being
diagnosis,
inference, and treatment. Diagnosis is the process wherein information is taken into the professional knowledge system, and treatment is wherein instruction is brought back out from it (Abbott 1988: 40). During the process of diagnosis, relevant information about the client is assembled into a picture of the client's needs. This picture is
then
categorized into a proper diagnostic category. This process consists
of
two sub-processes known as colligation and classification.
"Colligation
is the first step in which the professional knowledge system begins to structure the observed problems (Abbott 1988: 41). Colligation is the forming of a picture of the client, and consists primarily of "rules declaring what kinds of evidence are relevant and irrelevant, valid
and
invalid, as well as rules specifying the admissible level of ambiguity (Abbott 1988: 41). Classification is the referral of "the colligated picture to the dictionary of professional legitimate problems" (Abbott 1988: 41). Colligation and classification help to define which type of problems fall under which body of profession, and specifically what
kind
of problem it is in that particular profession. Abbott mentions that sometimes problems of classification arise. For some problems are constantly shifting classifications, and fall under more than one classification, due to their defining traits. This may lead to intervention or competition by other professions who want to
assimilate
the unclear problem into their own professional repertoire (Abbott
1988:
44). The procedure of "treatment is organized around a classification system and a brokering process," whereby results are given to the
client
and prescription is offered (Abbott 1988: 44). One major problem associated with treatment is the client's willingness to accept treatment. A profession that adamantly forces clients to take
treatment
risks losing clients to their competition who may be more flexible to their client's wishes (Abbott 1988: 47). Inference is the process that takes place "when the connection between diagnosis and treatment is obscure" (Abbott 1988: 49). Inference can work in one of two ways, either by exclusion or construction. With regards to the ideals of inference, is the fact that professions that have several chances to infer solutions to a problem will consequently have more failures,
than
a profession that gets only one chance. In addition, professions with multiple chances are generally more vulnerable to intervention and competition, or what is known as ceteris paribus, for treatment
failure
is the main attacking point for invading professions (Abbott 1988:
49).
Another factor that leaves professions prone to external attack is the existence of a problem where no treatment can be inferred. To
counteract
this potential downfall, Abbott suggested that professions often
direct
these unsolvable problems to elite consultants or are academicized as 'crucial anomalies' (Abbott 1988: 50). These procedures help to make
the
difficult problem connected with a vague public label, "which serves
as
a stopgap against dangerous questioning" (Abbott 1988: 51). This in
turn
removes direct and stigmatizing responsibility of treatment failure
away
from a profession, which "protects a profession's jurisdiction"
(Abbott
1988: 51). "Diagnosis, treatment, inference, and academic work provide the cultural machinery of jurisdiction" (Abbott 1988: 59). However, Abbott argues that this is not enough for an organized structure to claim jurisdiction. In order to claim jurisdiction, a profession must ask "society to recognize its cognitive structure through exclusive rights" (Abbott 1988: 59). Jurisdictional claim by a profession can be achieved in several possible arenas, within the legal system, the
realm
of public opinion, and within the arena of the workplace. Claiming jurisdiction is only one means of overcoming jurisdictional disputes
by
professions, Abbott mentions that there are five other known types of settlement options. A profession's social organization is comprised of three distinct internal structures, they being groups, controls, and worksites. These modules of professional organization work in unison
to
create a more bonded and organized professional structure. Together
they
influence professions in several ways. First, the more organized a profession is, the more effective it is at claiming jurisdiction. Second, organization of a profession into "a single, identifiable national association is clearly a prerequisite of public or legal claims" (Abbott 1988: 83). Third, in some conditions oddly, some relatively less organized professions due to their internal structures have a certain advantage in workplace competition. For these professional organizations lack rigid focus, and thus have freedom to move back and forth from different tasks, whereas more organized professions lack this flexibility to venture into other areas of work
to
increase diversity, to become more competitive. Finally, professions that have highly organized internal structures are more resilient to attacks by less organized professions. These facts illustrate that the social structure of professions is neither fixed nor uniformly beneficial; the nature of it is "constantly subdividing under the various pressures of market demands, specialization, and interprofessional competition" (Abbott 1988: 84). In addition, these facts demonstrate that different competitive conditions favour a more
or
less organized profession. Taken together these factors imply that the professions as a group will develop in the structured dynamic pattern that Abbott calls the system of professions. Abbott upholds in his
book
the ideal that professions constitute an interdependent system, and
that
jurisdiction is exclusive (Abbott 1988: 86). That being true, then a move by one inevitably affects the others. Change occurs within professions according to Abbott through two sources. One source is
from
external factors, these initiate the "opening or closing [of] areas
for
jurisdiction and by existing or new professions seeking new ground" (Abbott 1988: 90). New tasks areas of jurisdiction are opened; some professions prosper by the acquisition of these new jurisdictions by procedures such as enclosure at the expense of destroying old jurisdictions, that lead to the weakening of the jurisdiction of other professions (Abbott 1988: 91). A second source of change comes from internal factors, these causes unlike external factors do not create
or
abolish jurisdiction. Change is initiated internally within the
dynamic
structures of professions through the development of new knowledge,
and
expansion of jurisdictional consolidation by processes such as professionalization or reduction (Abbott 1988: 91). Section II: The System's Environment Abbott defines professional power "as the ability to retain jurisdiction when system forces imply that a profession
ought
to have lost it" (Abbott 1988: 136). The power of professions to
expand
their cognitive domain, and thus their jurisdiction, Abbott maintains
is
dependent on their use of abstract knowledge to annex new areas of
work,
and to define then as their own (Abbott 1988: 102). Abbott also adds that knowledge must not be too abstract or concrete to be jurisdictionally advantageous for a profession. Two mechanisms help professions to maintain an optimal level of abstraction, these being
the
processes of amalgamation and division. Within professions there
exists
internal differentiation between the organized groups of individuals that comprise the profession. One major source of internal stratification comes from the phenomenon of professional regression. This is a process whereby professionals withdraw into themselves, working in more purely professional environments, as a consequence of gaining greater status (Abbott 1988: 118). They inevitably become segregated from the tasks for which they claim jurisdiction, and from clients, the public, and other subordinate professionals. Besides professional regression there is the concept of client
differentiation,
which leads to specialization within professions, this creates
internal
divisions of labour. A process correlated to labour division is that
of
degradation. Degradation is the progression whereby work is systematically segmented from professional to non-professional status, which leads to the division of labour between "an upper, truly professional group and a lower, subordinate one" (Abbott 1988: 128).
An
interrelated issue of labour division is that of career patterns,
Abbott
argues that career patterns are often quite rigid, and that interchangeability between work of different professions is
impossible.
For due to demographic rigidity, some professions size and
reproduction
mechanisms prevent them from expanding or contracting rapidly, thus constraining their professionals from practicing outside of the profession (Abbott 1988: 129). Abbott proposes that large scale
general
changes on the structures that make up the system of professions, and not their effects on individual professions must be examined, to generate an accurate picture of the variables that mediate change (Abbott 1988: 143). Abbott mentions that two significant circumstances have helped in the advancement of professional jurisdictions. One
being
the rise of the large-scale organization, and the other being the rise of technology (Abbott 1988: 144). Beyond technology and organizations, social movements have also been responsible for the creation and abolishment of professional work. With the organizational revolution
of
the 19th century professions became more bureaucratic. The rise of bureaucracies has increased competition between professions, by absorbing certain forms of work, and thus creating struggle for work that remains (Abbott 1988: 157). As a consequence, there has been a split between workplace and public jurisdiction, and subsequently a division between administrative and legislative authority. This Abbott contends leads to various changes in audiences for professional claims dependent on the social environment (Abbott 1988: 157). Related to the increase of bureaucracy is that of co-optation, the phenomenon of professions shrinking in number and becoming more monopolized in
power.
This process has not decreased interprofessional competition, but has simply changed its location.... and involving different arrangements
of
'friendly' groups (Abbott 1988: 176). Besides the many social organizational and structural changes of professions that have
occurred
throughout the short history of professions, great cultural changes
have
also been involved in remaking the work of professions. The three of most significance have been the growth in size and complexity of professional knowledge, the emergence of new types of legitimacy
claims
for that knowledge, and the rise of the university. The changes in professional knowledge have involved two processes, that of growth and replacement. Growth has lead to the subdivision of knowledge, while replacement has pressured knowledge towards abstraction (Abbott 1988: 179). Legitimation of professions justifies what forms of work they
can
do and how they are to do it (Abbott 1988: 184). The emergence of new forms of jurisdictional legitimacy has been warranted by cultural
shifts
such as secularization, and changing cultural values. This has led to
a
shift in professional legitimation from a reliance on social origins
and
character values to a reliance on scientization or rationalization of technique and on efficiency of service (Abbott 1988: 179). The ascent
of
the modern university has been a great external force behind the development of professions. Universities have served as legitimators
of
professional knowledge and expertise. They have helped to generate new techniques of practice, and have been the training ground for professionals. Finally, universities have also become another arena
for
interprofessional competition (Abbott 1988: 196). Section III: Three Case Studies In his discussion of information professionals Abbott states that there are two types. There are those who reside in qualitative information, such as librarians, academics, advertisers,
and
journalists, and those who abide in quantitative information, such as cost accountants, management engineers, statisticians, operations researchers, and systems analysts. The move by qualitative professions into technical organization has been attributed to the concept of scientific management. Qualitative information work has been shaped decisively by organizational and demographic developments... [as well
as
by] major technological events (Abbott 1988: 219). The area of quantitative information has developed through the advent of two detrimental disturbances. One being the invention of mechanical
devices
for calculation and tabulation, which helped to rountinize the work,
and
the other being the birth of cost accounting, which helped professions to become more competitive (Abbott 1988: 228). The 1930's were the beginning of the unification between qualitative and quantitative information. This brought about the emergence of two practical
claimants
of this new area of information jurisdiction. The first was
information
science (IS) which took a purely theoretical perspective on the topic, and the second was management information systems (MIS), which had a more practical orientation. The initial structural development of the English legal profession began in the early 19th century, while the onset of that of the Americans came at a much later time. Two organizational structures attributed to the growth in demand for legal services in the 19th century. One was large commercial enterprise, the other was administrative bureaucracy. In its infancy legal work
outgrew
its profession. This led to three types of conflict between
competitors
within the profession. The first case known as excess jurisdiction occurs when an incumbent profession cannot grow to meet demand, or increase output, and thus faces invasion by outsiders. The second kind of conflict arises when a professional group's potential output
exceeds
its current jurisdiction. The third type of conflict occurs when
groups
who provide equivalent services at lower prices seek to invade into a settled jurisdiction. Due to the structure of the American legal profession these conflict problems were less severe than in the
British
system (Abbott 1988: 252). The American system because of its use of large firms and the replacement of clerkship with law school, helped
it
to produce higher output, thus it avoided problems related to demand
and
supply (Abbott 1988: 252). Taken together, this shows that the differences in the development of the English and American legal
system
was caused by the actions of the two professions themselves, the
general
social environment, and by competitors trying to secure control of
areas
of importance to the legal profession (Abbott 1988: 275). Abbott
posits
that the birth of professions coincided with the rise of personal problems (Abbott 1988: 285). Thus, the history of professions is a biography of the relationship between problems and the tasks that seek to resolve them. The first groups that attempted to assert
professional
jurisdiction over these personal problems were the clergy and neurologists. This was the beginning of a gradual recognition of personal problems as legitimate categories of professional work
(Abbott
1988: 286). Other groups that subsequently joined the race for professional jurisdiction were gynecologists, psychiatrists, as well
as
weaker groups such as psychotherapists. In his book, Abbott outlines
the
history of professional development by showing that professions have evolved simultaneously through similar patterns of development. In chapters six and seven he argued that professions are organizational structures made-up of many internal components and divisions of
labour.
Related to this issue was his belief that professions were interdependent structures. Abbott believed that the power of
professions
lay in their jurisdictional power, which set the boundaries of what an occupation's work embraced. Work and claims to jurisdiction over tasks for Abbott was what defined a professions power. He illustrated this
by
showing that professions struggle and compete against each other to
gain
control over undefined and unclear areas of tasks, to expand their jurisdictional and overall strength. Chapters two to four devote most
of
their attention to addressing these issues of work, competition, and claims to legitimacy, which are related to jurisdictional power. The primary goal of Abbott's book was to attempt to show that professions exist within a system, he did this by demonstrating that changes in
one
affects the other, and that one profession preempts another's work.
This
was shown by his outlined principles in chapter four of his book,
which
posit that external and internal changes in one profession causes disturbances through the systems of professions. For professions as he advocated constitute an interdependent system. Therefore, relations between professions and their work determine the interwoven history of professional development. In other words, one has helped to transform the other, similar to the system whereby the factors of genetics and environment symbiotically influence the direction of evolutionary processes. Abbott wanted to address the issue that to study the evolution of professions completely and accurately, it is not enough
to
study them individually, that researchers have to examine the relationship and development of all professions to understand any of
one
them. For professions are as he states interdependent systems, which influence each other prospectively. Part B: Discussion The social construction of skill and its relationship to workers' autonomy and discretion relate to Abbott's discussion for it was mentioned that workers derive their skill by means of educational attainment and achievements of credentials. These merits are defined and constructed
by
the professions, it is up to their discretion to design the skill requirements for entry into the professional body. That being so, professions have a structured path for its prospective employees. This would make the career pattern for many workers quite rigid, providing them with very little autonomy and discretion in the career choices (Abbott 1988: 129). We alluded to in class that sometimes the social construction of skill may help to restrain the worker's ability for autonomy and discretion. For instance, in the French system of the 1970's, the government pushed education to be highly specific in its professional focus (Abbott 1988: 133). Thus, the educational system produced skilled, but specifically skilled workers for society.
Workers
knowledge and skill was highly specific and not broad or
generalizable.
The French society socially constructed its own definition of skills needed for society and education. However, the inevitable consequence
of
such actions caused the problem of low interprofessional mobility. Workers there had very little autonomy or discretion with regard to their work (Abbott 1988: 133). Here, we see a situation where the
social
construction of defining skill has led to the restriction of workers' occupational freedom. Even with the social construction of skills that defined the potential autonomy for workers, factors related to the organizational structure of professions can limit such freedom. It was discussed in class that workers choices and freedom to choose what
they
want to do is often restricted by structural factors, such as division of labour and company size. Abbott alludes to this in his discussion
of
career patterns, he posits that the career paths in professions are often quite rigid, with very little chance for interchangeability between professions (Abbott 1988: 129). For example, a doctor cannot move into the profession of law with his present skills, and vice
versa
for a lawyer. The demands of those professions constrict the autonomy professionals within those professions have, with regards to interprofessional flexibility. Although the case may be that within their own prospective professions, professionals have their own forms
of
discretion and occupational autonomy dependent on their skill and expertise. This inflexibility in interprofessional and career pattern autonomy is controlled by the factor of demographic rigidity. Some professions, due to their size and reproduction mechanisms, prevent
them
from expanding or contracting, this constrains their professionals
from
practicing outside of the profession (Abbott 1988: 129). This illustrates that factors of a professions structure mediates the
affect
of socially constructed skill with worker's autonomy and discretion, that the organization of a profession can confine a professionals occupational freedom. However, the situation of restricted freedom for occupational alternative is not always the case, as has been mentioned in class, sometimes through conditions of an individual's skill and by organizational forces, workers find themselves confronted with opportunities for advancement or differentiations. Abbott illustrates that through the phenomenons of specialization and labour division workers can increase their status and thus allow themselves chances
for
expansions into other tasks areas (Abbott 1988: 128). Abbott advocates that for some workers their professions allow them great autonomy and discretion, this is based upon the set of socially constructed skills they obtained. For example, the skills that society has required librarians to acquire for their occupations, has given them more opportunity for personal autonomy and discretion regarding their work (Abbott 1988: 123). Librarians are differentiated and restricted only
by
their own diverse choice of clientele (Abbott 1988: 123). They can choose to work in schools, industry, government, public, and even in academic areas. Their socially demanded skills in research and
knowledge
allow them to move from one professional arena to another with ease,
for
their skills are highly generalizable (Abbott 1988: 123). Sometimes,
an
individuals credentials so happens allow him or her access into other professions, giving him or her discretion to choose where he or she wants to work, or what tasks he or she wants to do. Abbott argues that some credentials allow individuals to claim jurisdiction under more
than
one profession, allowing them autonomy to choose where they want to reside, and allowing them the opportunity to switch over to another jurisdiction as they wish (Abbott 1988: 103). For example, Abbott proposes that a degree such as a M.B.A, because of its broad coverage
of
diverse forms of knowledge and training, allows its owners numerous areas for claimants (Abbott 1988: 103). Thus, students of diverse specialties as psychology, sociology, law, economic, etc. can claim jurisdiction in business management even though their primary study
has
no relations, as long as they possess the certification of a M.B.A degree. Simply by possessing credentials under a certain expertise and skill that society has defined as expert, individuals can increase
their
autonomy of career choice by great folds. This points to the fact that the attainment of what society constructs as expert skill, can help in ones' achievement of autonomy and discretion. Another process that
leads
to the autonomy of the individual is through the process of
degradation.
Degradation leads to the explicit division of labour, which inevitably allows workers different career directions and alternatives (Abbott 1988: 126). In his discussion of the profession of computer
programmers,
Abbott illustrates that the sudden explosion in the computerization of industry in the 1970's created a large demand for computer
programmers.
This led to a division in the work between normal and specialist programmers, and while causing the subordination of some, this created many new opportunities for specialty (Abbott 1988: 127). Specialists
in
that field were presented with total autonomy and discretion with regards to their work. They could set their own standards and jurisdiction, for there existed no forbearers in their expertise to restrict the creation of their own jurisdiction (Abbott 1988: 123)..
As
it has just been illustrated, the social construction of skill and its relationship to workers' autonomy and discretion has not always been a positive one. In some circumstances, workers are provided with great freedom with regards to their work, but in others, the defined skills constructed by society help to restrict the autonomy and discretion of workers. Factors such as government intervention, the organizational structure of professions, individual merit and choice, and processes
of
labour division and destruction all play a role in determining the occupational free choice of workers. Abbott's book outlined many of these factors, his findings helped to substantiate ideals related to this topic discussed in class. Bibliography Reference Abbott, Andrew. The System of Professions: An Essay on the Division of Expert Labour. Chicago: The University of Chicago Press, 1988. See also: Adler, Kwon and Heckscher (2007) "THE EVOLVING ORGANIZATION OF PROFESSIONAL WORK" Abbott, A. 1988. The System of Professions: An Essay on the Division
of
Expert Labor. University of Chicago Press, Chicago. Barber, B. 1963. Some problems in the sociology of the professions. Daedalus 92 669-689. Greenwood, E. 1957. Attributes of a profession. Soc. Work 2 45-55. Hall, RH. 1968. Professionalization and bureaucratization. Amer. Sociological Rev. 33 92-104. Starr, P. 1982. The Social Transformation of American Medicine. Basic Books, New York. Waters, M. 1989. Collegiality, bureaucratization, and professionalization: A Weberian analysis. Amer. J. Sociology 94
945-972.
-------------------------------------- From: Simmons, James [mailto:jsimmons () eds com] Sent: Fri 4/05/2007 9:06 AM To: Craig Wright Cc: security-basics () securityfocus com Subject: RE: CISSP Question Ok so I will attempt this a different way, since I am getting no where here. Why do you believe are the qualifications for an IT to be considered a professional? What does an IT individual need to have
done
to earn such a coveted title as a professional? Regards, Simmons Craig Wright Manager of Information Systems Direct +61 2 9286 5497 Craig.Wright () bdo com au +61 417 683 914 BDO Kendalls (NSW) Level 19, 2 Market Street Sydney NSW 2000 GPO BOX 2551 Sydney NSW 2001 Fax +61 2 9993 9497 www.bdo.com.au Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. The information in this email and any attachments is confidential. If you are not the named addressee you must not read, print, copy, distribute, or use in any way this transmission or any information it contains. If you have received this message in error, please notify
the
sender by return email, destroy all copies and delete it from your system. Any views expressed in this message are those of the individual sender and not necessarily endorsed by BDO Kendalls. You may not rely on
this
message as advice unless subsequently confirmed by fax or letter
signed
by a Partner or Director of BDO Kendalls. It is your responsibility
to
scan this communication and any files attached for computer viruses
and
other defects. BDO Kendalls does not accept liability for any loss or damage however caused which may result from this communication or any files attached. A full version of the BDO Kendalls disclaimer, and
our
Privacy statement, can be found on the BDO Kendalls website at http://www.bdo.com.au or by emailing administrator () bdo com au. BDO Kendalls is a national association of separate partnerships and entities. ----------------------------------------- CONFIDENTIALITY NOTICE: The information contained in this email message may contain confidential information belonging to the sender that is legally privileged. If you are not the intended recipient of this email, or the employee/agent responsible for delivering it to the intended recipient, you are hereby notified that any dissemination or copying of this message is strictly prohibited. If you have received this transmission in error, please notify the sender immediately by reply e-mail then delete this message from your system. Thank you for your cooperation with this directive.
Current thread:
- Clarifications to the CISSP experiance requirement, (continued)
- Clarifications to the CISSP experiance requirement Craig Wright (May 16)
- RE: CISSP Question Simmons, James (May 16)
- RE: CISSP Question David Gillett (May 09)
- RE: CISSP Question David Harley (May 09)
- RE: CISSP Question Craig Wright (May 09)
- RE: CISSP Question Simmons, James (May 09)
- RE: CISSP Question Simmons, James (May 09)
- Re: CISSP Question security (May 09)
- RE: CISSP Question Simmons, James (May 09)
- Re: FW: CISSP Question Shawn (May 09)
- RE: FW: CISSP Question Simmons, James (May 09)
- RE: FW: CISSP Question winsoc (May 10)
- RE: FW: CISSP Question Shawn (May 10)
- RE: FW: CISSP Question David Harley (May 10)
- RE: FW: CISSP Question winsoc (May 10)
- RE: FW: CISSP Question David Harley (May 11)
- RE: CISSP Question Simmons, James (May 09)
- RE: RE: CISSP Question David Harley (May 10)