Security Certification Body (ISC)2 Defends Proposed Bylaw Changes (portswigger.net) 12
Security certification body (ISC)Â — the International Information System Security Certification Consortium — "is a non-profit organization providing training and certification for cybersecurity professionals," writes PortSwigger "Daily Swig" blog for cybersecurity news. "Over the last two years, it has been carrying out a review of its practices around committees, nominations, and governance."
But some of the proposed bylaw amendments (announced earlier this month) drew criticism: According to Wim Remes, a former board member who spent three years as (ISC)Â chair, the organization currently has a poor record on member engagement, with election turnout averaging only around 4%. As things stand, 500 endorsements are required for members to raise a petition. However, the new proposals would see this figure raised to 1% of the 170,000-odd members. "This effectively shuts down an important relief valve in corporate governance, in my opinion, and is not in the interest of the membership," Remes told The Daily Swig. "It's already impossible to get up to 500. It's unthinkable anybody would make it to 1,600, [or] to 2,000."
Also in the pipeline is a significant change to the process for electing the board of directors. If approved, this would remove the option for a write-in candidate and witness the board submitting a slate of qualified candidates to the membership that would be equal to the number of open seats. "Combined with making the petition process harder — if not impossible — this is as close to a coup by governance as one could get," Remes argued. "They still call it an election, but it is officially a coronation."
Meanwhile, the Ethics Committee is to be eliminated as a standing committee of the board.
Clar Rosso, CEO of (ISC)2, tells the site that the bylaw changes will be voted on by members, and will move the ethics process "from one that is majority board-run to a process that is adjudicated by a broader cross-section of members."
"Additionally, many of these bylaw changes are reflective of best practices of other similarly-sized associations, and some simply provide clarity and ensure legal compliance with applicable state and federal laws. The (ISC)Â board of directors, comprised entirely of member volunteers, supports the proposed changes."
Long-time Slashdot reader mencik shares a page offering nine alternate proposals to increase transparency — along with a petition for including them on the agenda of the group's next annual meeting. (Reminder: only ISC2 members can vote.)
But some of the proposed bylaw amendments (announced earlier this month) drew criticism: According to Wim Remes, a former board member who spent three years as (ISC)Â chair, the organization currently has a poor record on member engagement, with election turnout averaging only around 4%. As things stand, 500 endorsements are required for members to raise a petition. However, the new proposals would see this figure raised to 1% of the 170,000-odd members. "This effectively shuts down an important relief valve in corporate governance, in my opinion, and is not in the interest of the membership," Remes told The Daily Swig. "It's already impossible to get up to 500. It's unthinkable anybody would make it to 1,600, [or] to 2,000."
Also in the pipeline is a significant change to the process for electing the board of directors. If approved, this would remove the option for a write-in candidate and witness the board submitting a slate of qualified candidates to the membership that would be equal to the number of open seats. "Combined with making the petition process harder — if not impossible — this is as close to a coup by governance as one could get," Remes argued. "They still call it an election, but it is officially a coronation."
Meanwhile, the Ethics Committee is to be eliminated as a standing committee of the board.
Clar Rosso, CEO of (ISC)2, tells the site that the bylaw changes will be voted on by members, and will move the ethics process "from one that is majority board-run to a process that is adjudicated by a broader cross-section of members."
"Additionally, many of these bylaw changes are reflective of best practices of other similarly-sized associations, and some simply provide clarity and ensure legal compliance with applicable state and federal laws. The (ISC)Â board of directors, comprised entirely of member volunteers, supports the proposed changes."
Long-time Slashdot reader mencik shares a page offering nine alternate proposals to increase transparency — along with a petition for including them on the agenda of the group's next annual meeting. (Reminder: only ISC2 members can vote.)
Re:Irrelevant organisation now even more irrelevan (Score:5, Informative)
All ISC2 members need to vote against this proposal, and also sign the petition at https://jsweb.net/isc2 [jsweb.net]
Re: (Score:2)
There's also an underlying, entirely different issue at play here: Most (ISC)2 members are members only because it's a rubber-stamp you need to work in lots of jobs, thus the almost nonexistent turnout. Apart from a tiny number of volunteers, no-one in (ISC)2 cares about (ISC)2. So this change isn't some takeover, it's an attempt to reduce the workload on the miniscule percentage of members who actually do something, while at the same time having no effect on the vast majority of (ISC)2 members who don't
Re: (Score:2)
Dear Slashdot (Score:1)
If you can't make your website support Unicode text, like every other website on the fucking planet, at least make your editors edit.
Thank you.
Re: Dear Slashdot (Score:2)
I guess they took their 2001 story about "Why Unicode Won't Work on the Internet" [slashdot.org] too much to heart.
Re: Dear Slashdot (Score:2)
I'd say the main problem with Unicode is that there are too many variants. We should create a new standard that meets all use case...eh...nevermind. Just fuckin go with UTF-8 everywhere and be done with it already. That's basically the approach Rust took, and it works.
Re: Dear Slashdot (Score:2)
Python went with UTF-8 too and it works well. I can embed emojis in my comments on students' exam code and then programmatically paste the whole thing back as a comment on the class grading website, and never have to worry about charsets.
It's funny to read those comments from 2001 bending over backward to argue that everyone should just use English or that we never need to mix languages within a document so we can just use different charsets for each document. It has turned out to be quite handy to have one
Re: Dear Slashdot (Score:2)
UTF-8 detractors can be annoying though. They make a big deal about how inefficient it is for Asian languages when compared to UTF-16. This isn't the 90s anymore. 64-bit architectures are literally everywhere now, including my wrist watch, and that is technically speaking wasting lots of memory everywhere you see an opcode. Character encoding barely makes any difference at all compared to that.
Re: (Score:2)
A while back, Slashdot did experiment with allowing Unicode, but IIRC some trolls abused LTR and RTL override marks to make it look like karma scores were different than they actually were. So, Slashdot responding by banning all non-ASCII Unicode again, instead of a more nuanced approach of, say, only blocking certain code points that can cause problems like those.