On Tuesday 16 May 2006 13:01, Steve Armstrong wrote:
However, you state you are undertaking IS1&3 but not 2 why is that. And
given the nature of IS1&3 why are you using CRAMM?
Beaucse IS2 is th building of Accreditation Document sets - which fall outside
the remit, as does IS4 and IS5.
Finally, are you looking to use the OSSTMM as in internal testing
standard or one to level contracts against? I ask because your
questioning alludes to a non technical level of expertise but you are
discussing a methodology to undertake technical testing.
We are looking for an internal testing methodology. We already have an very
technical internal testing system in place, but it is home grown and our
accreditors wish for something more recognised.
This accounts for why we have to use CRAMM as well as IS1. Now IS1 is a good
back of a fag packet stuff, useful in management meetings and the like but
our accreditors don't trust it for some reason.
Rik
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------
