Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [CISSP-D] Phishing

from [Balwant Rathore] Network Security [Permanent Link]
Subject: Re: [CISSP-D] Phishing
Date: Fri, 04 Feb 2005 11:34:34 +0530 


Roshan Mani wrote:

Hi Rajesh,

First of all what is a social engineering attack? In my opinion, this is 
a method of attack where the attacker exploits certain human tendencies 
to gain the confidence of an individual in order to launch an attack 
against either the individual or some other target!
===============================


Greetings Roshan/Rajesh and All,

Few days back we have released Information Systems Security Assessment 
Framework (ISSAF) Draft0.1, check it out here: 
http://www.oissg.org/issaf direct download: 
http://oissg.org/issaf01/issaf0.1.zip News is given below.

It has a well written chapter on Social Engineering, covering required 
test cases for social engineering assignment. I hope you will find it 
useful.

Your feedback on this will be highly appreciated.


ISSAF Preface:
Today, the evaluation of Information Systems (IS) security in accordance 
with business requirements is a vital component of any organizations 
business strategy. While there are a few information security assessment 
standards, methodologies and frameworks that talk about what areas of 
security must be considered, they do not contain specifics on HOW and 
WHY existing security measures should be assessed, nor do they recommend 
controls to safeguard them.

The Information System Security Assessment Framework (ISSAF) is a peer 
reviewed structured framework that categorizes information system 
security assessment into various domains & details specific evaluation 
or testing criteria for each of these domains. It aims to provide field 
inputs on security assessment that reflect real life scenarios. ISSAF 
should primarily be used to fulfill an organization's security 
assessment requirements and may additionally be used as a reference for 
meeting other information security needs. ISSAF includes the crucial 
facet of security processes and, their assessment and hardening to get a 
complete picture of the vulnerabilities that might exists.

The information in ISSAF is organized into well defined evaluation 
criteria, each of which has been reviewed by subject matter experts in 
that domain. These evaluation criteria include:
* A description of the evaluation criteria.
* Its aims & objectives
* The pre-requisites for conducting the evaluations
* The process for the evaluation
* Displays the expected results
* Recommended countermeasures
* References to external documents

A draft version of this framework is available at OISSG website at: 
http://www.oissg.org/issaf
The Information System Security Assessment Framework (ISSAF) is an 
evolving document that will be expanded, amended and updated in future. 
To improve the usefulness of the future release of ISSAF, please take a 
moment to evaluate it. Your feedback is invaluable to OISSG's efforts to 
fully serve the profession and future ISSAF releases. The feedback form 
is given at the end of ISSAF; please email your feedback at 
feedback@oissg.org <mailto:feedback@oissg.org>. We will get back to you 
ASAP.

Introduction to OISSG:

Open Information Systems Security Group (OISSG) is an independent and 
non profit organization with vision to spread information security 
awareness by hosting an environment where security enthusiasts from all 
over the globe share and build knowledge.

Thanking you.
Respectfully,

Balwant Rathore
Open Information Systems Security Group
www.oissg.org <http://www.oissg.org/>





 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [CISSP-D] Cobit Maturity level 5, Okyar
Next by Date:  [CISSP-D] Re: SSCP vs. CISSP, Doug Landoll
Previous by Thread:  Re: [CISSP-D] Phishing, Roshan Mani
Next by Thread:  [CISSP-D] Re: CISSP is not EASY., Doug Landoll
Indexes:  [Date] [Thread] [Top] [All Lists]