back to article Slap on wrist for NCC Group over CREST exam-cheating scandal as infosec org agrees to rewrite NDAs and more

British infosec firm NCC Group has been rapped over the knuckles after infosec accreditation body CREST found it was "vicariously responsible" for employees who helped staff cheat certification exams. In a lengthy statement published yesterday, CREST said last summer's exam-cheating scandal boiled down to just two incidents …

  1. Libertarian Voice

    Why a Basset Hound?

    Not sure what the picture of a Basset Hound on this story has to do with anything; still cute though!

    1. John Brown (no body) Silver badge

      Re: Why a Basset Hound?

      The Basset Hound is often seen, especially in cartoons, as being a detective because the big floppy ears are reminiscent of the Deerstalker supposedly worn by Sherlock Holmes.

  2. Mike 137 Silver badge

    Standards

    "...exam walkthroughs, cheatsheets [...] that would be helpful to anyone sitting CREST's CCT-INF (CREST certified tester – infrastructure), CCT-APP (applications) and CRT (pentesting) exams."

    If any exam can be passed by use of materials such as this, it must be a pretty trivial exam, particularly in the realms of software testing and pen testing. Competence in these requires understanding and experience, which obviate the need for and can't be simulated by reference to "exam walkthroughs" or "cheatsheets" unless the exam questions are idiot-level.

    However in my experience, with the exception of Masters degrees, the vast majority of security qualifications are merely checks of the ability to regurgitate parrot memory of matters not necessarily understood. On one institution-approved security management course I was contracted to deliver, at the end of four days "training" of a bunch of active practitioners, one asked me "how do you use a risk matrix?". The whole class passed the (computer marked) exam and got their certificates.

    Maybe the standards of expertise expected explain to some extent the parlous state of infosec.

    1. Anonymous Coward
      Anonymous Coward

      Security Qualification

      Now that I've been through the course, I know how to correctly pronounce the magic terms, so nobody will guess I've no clue what security is all about. (worked for you, boss, right?)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022