RE: Security Audit

From: Ogle Ron (Rennes) (OgleRat_private)
Date: Mon Sep 10 2001 - 02:11:00 PDT

Next message: Emre Yildirim: "Re: Penetration Testing/Vulnerability Assessment"

Previous message: Aleksander Czarnowski: "RE: DoS tools"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I've seen all of those sources, and I understand that everyone has one.  The
sources are info only.  What I'm saying is that the security business needs
to define more standardized solutions.  What is being asked by a lot of
people, is the same for audits by accountants.  There are standard well
recognized practices that are followed in the accounting area but not in the
security area.  The security area is very much a buyer's be ware strategy
with neophyte security companies providing a lousy service.

Maybe under the auspices of the ISC2 for CISSPs, a standardization of terms
and expectations can be created for all in the security area to follow.  Of
course, each security company can then state that they provide additional
services, but at least there is a minimum expectation.  At least part of the
ethics code that must be signed by CISSPs provides for some level of
professionalism which is really what is needed here for the audits.

Ron Ogle
Thomson multimedia
Rennes, France
> -----Original Message-----
> From: Aleksander Czarnowski [mailto:alekcat_private]
> Sent: Friday, September 07, 2001 5:23 PM
> To: 'pen-testat_private'
> Cc: 'OgleRat_private'
> Subject: RE: Security Audit
> 
> There is already one freely available and it is called Open 
> Source Security
> Testing Methodology (http://uk.osstmm.org/osstmm.htm). In 
> RFCs you will find
> Site Security Handbook (it's not on pen-test, but I guess it 
> can be useful
> anyway).
..........
 Price is also based on resources and time needed to 
> create such
> methodology. And please remember that after creating your 
> methodology should
> be research further to keep up with the rest of the world.
> Regards,
> Aleksander Czarnowski
> AVET INS
> 
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus Security 
> Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security 
> vulnerabilities please see:
> https://alerts.securityfocus.com/
> 

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Emre Yildirim: "Re: Penetration Testing/Vulnerability Assessment"
Previous message: Aleksander Czarnowski: "RE: DoS tools"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Sep 10 2001 - 07:55:29 PDT