I've seen all of those sources, and I understand that everyone has one. The sources are info only. What I'm saying is that the security business needs to define more standardized solutions. What is being asked by a lot of people, is the same for audits by accountants. There are standard well recognized practices that are followed in the accounting area but not in the security area. The security area is very much a buyer's be ware strategy with neophyte security companies providing a lousy service. Maybe under the auspices of the ISC2 for CISSPs, a standardization of terms and expectations can be created for all in the security area to follow. Of course, each security company can then state that they provide additional services, but at least there is a minimum expectation. At least part of the ethics code that must be signed by CISSPs provides for some level of professionalism which is really what is needed here for the audits. Ron Ogle Thomson multimedia Rennes, France > -----Original Message----- > From: Aleksander Czarnowski [mailto:alekcat_private] > Sent: Friday, September 07, 2001 5:23 PM > To: 'pen-testat_private' > Cc: 'OgleRat_private' > Subject: RE: Security Audit > > There is already one freely available and it is called Open > Source Security > Testing Methodology (http://uk.osstmm.org/osstmm.htm). In > RFCs you will find > Site Security Handbook (it's not on pen-test, but I guess it > can be useful > anyway). .......... Price is also based on resources and time needed to > create such > methodology. And please remember that after creating your > methodology should > be research further to keep up with the rest of the world. > Regards, > Aleksander Czarnowski > AVET INS > > -------------------------------------------------------------- > -------------- > This list is provided by the SecurityFocus Security > Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security > vulnerabilities please see: > https://alerts.securityfocus.com/ > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Sep 10 2001 - 07:55:29 PDT