|We don't bite newbies here... much|
[OT] What is "the German Institute for Security in Information Technology"?by BrowserUk (Pope)
|on Jul 31, 2007 at 17:07 UTC||Need Help??|
BrowserUk has asked for the
wisdom of the Perl Monks concerning the following question:
Have any of you good monks any knowledge of an organisation called German Institute for Security in Information Technology?
So, I went looking to see who these guys were, with a view to trying to find out how the came up with those criteria--and that's where things start getting confusing. Google lists exactly two references to this organisation. One is the earlier referenced wikipedia page; the other is a pdf at the springerlink website that it refuses to let me see.
If you expand the "search with omitted results included", you'll find a dozen more references that all appear to be plagiarised from the original wikipedia page.
I also tried searching for "GESIT", and that gets more hits, and the first looks likely but turns out to be something to do with geography, and in any case, the link redirects to a .cx url, which tells you nothing and doesn't inspire confidence.
Now if these 4 criteria are so authoritative, one would expect that the organisation that produced them would have done some other important work in the field of IT security. And as such, you might expect that it would have a web footprint. You might also expect that there might be some documentation of the basis upon which it arrived at these 4 criteria. You might also expect that work to (at least) be referenced from one or more of the established clearing houses for citations and IT-related papers: like ACM, or CiteSeer, or one of the dozen or so others. But nada, zip, ziltch, nary a mench.
So, does anyone know anything about this organisation? Is it an authoritative government institution? A fly-by-night quango? A private company with an official sounding title? A complete ghost?
In the field of security more than any other I've tried, the internet abounds with "security" companies and organisations doling out reams of sophisticated sounding advice and judgement criteria, but so often when I try to track these to source, they end up being dead ends(*).
The only other thing that comes close is "medical advice". I once tried to track down the basis of the World Health Organisation radiation exposure guidelines, and to the best of my ability to find out, they seem to have been plucked from the air by some committee at some point in the past and have become the defacto-standard ever since.
(*)Note: I'm not saying that is the case with GISIT, just that it seems possible given what I have been able to discover so far.
Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
"Science is about questioning the status quo. Questioning authority".
In the absence of evidence, opinion is indistinguishable from prejudice.