Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Risk Assessment Standards

from [Ken S] Network Security [Permanent Link]
Subject: Risk Assessment Standards
Date: Wed, 10 Nov 2004 14:26:04 -0600 
My employer is jumping in with both feet for OCTAVE.  I've been
through some training, and it seems like a good method.

We're also using an automated tool and other consulting assistance
from http://www.aticorp.org/ , which we believe will significantly
improve the speed of the assessments.

Best of luck.

Ken

On Wed, 10 Nov 2004 10:05:01 +0100, Lucien Fransman
<lucien.fransman@siennax.com> wrote:

On Monday 08 November 2004 14:14, Alt, Brandon C. wrote:

I'm looking to find what standards are available for performing a
security risk assessment. What's out there? I know of Cobra and Octave,
but have never used them. Does anyone have any experience with these
two? What other standards do other follow?


There is also (sun's) ESA (Enterprise Security Assessment) that I know of.
Ofcourse a lot of companies that perform certifications use "appropriate
security assessment methodologies" but they are variations of the above, or
(a subset) of the requirements of the certification. (Think itsec, trust
services/systrust)
With kind regards

Enchanter_tim

----
This e-mail is intended exclusively for the addressee(s), and may not be
passed on to, or made available for use by any person other than the
addressee(s). Siennax rules out any and every liability resulting from any
electronic transmission.
----
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  FIRM -framework fo risk assessment methodology implementation, Ramiro Rodrigues
Next by Date:  Re: Risk Assessment Standards, Richard . Sullivan
Previous by Thread:  Re: Risk Assessment Standards, Lucien Fransman
Next by Thread:  Re: Risk Assessment Standards, Richard . Sullivan
Indexes:  [Date] [Thread] [Top] [All Lists]