Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Information System Security Assessment Framework (ISSAF) Draft 0.1

from [Gideon T. Rasmussen, CISSP, CISA, CISM, CFSO, SCSA] Network Security [Permanent Link]
Subject: Information System Security Assessment Framework (ISSAF) Draft 0.1
Date: Thu, 30 Dec 2004 12:53:02 -0500 
-------- Original Message --------
Subject:        Information System Security Assessment Framework (ISSAF) Draft 
0.1
Date:   Thu, 30 Dec 2004 21:56:09 +0530
From:   admoore@phreaker.net <admoore@phreaker.net>
Reply-To:       admoore@phreaker.net
To:     gideon@infostruct.net


Dear Colleague,

Today, the evaluation of Information Systems (IS) security in accordance with 
business requirements is a vital component of any organizations business 
strategy. While there are a few information security assessment standards, 
methodologies and frameworks that talk about what areas of security must be 
considered, they do not contain specifics on HOW and WHY existing security 
measures should be assessed, nor do they recommend controls to safeguard them.

The Information System Security Assessment Framework (ISSAF) is a peer reviewed structured 
framework that categorizes information system security assessment into various domains 
& details specific evaluation or testing criteria for each of these domains. It aims 
to provide field inputs on security assessment that reflect real life scenarios. ISSAF 
should primarily be used to fulfill an organization’s security assessment 
requirements and may additionally be used as a reference for meeting other information 
security needs. ISSAF includes the crucial facet of security processes and, their 
assessment and hardening to get a complete picture of the vulnerabilities that might 
exists.

The information in ISSAF is organized into well defined evaluation criteria, 
each of which has been reviewed by subject matter experts in that domain. These 
evaluation criteria include:
•        A description of the evaluation criteria.
•        Its aims & objectives
•        The pre-requisites for conducting the evaluations
•        The process for the evaluation
•        Displays the expected results
•        Recommended countermeasures
•        References to external documents

A draft version of this framework is available at OISSG website at:
http://oissg.org/issaf01/issaf0.1.zip (5.59 MB) or 
http://oissg.org/issaf01/issaf0.1.pdf (12.6 MB)

The Information System Security Assessment Framework (ISSAF) is an evolving 
document that will be expanded, amended and updated in future. To improve the 
usefulness of the future release of ISSAF, please take a moment to evaluate it. 
Your feedback is invaluable to OISSG's efforts to fully serve the profession 
and future ISSAF releases. The feedback form is given at the end of ISSAF; 
please email your feedback at feedback@oissg.org. We will get back to you ASAP.

Best regards,
A.D. Moore






[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Information System Security Assessment Framework (ISSAF) Draft 0.1, Gideon T. Rasmussen, CISSP, CISA, CISM, CFSO, SCSA <=
Previous by Date:  Re: Security implementation case study, Sam Koh
Previous by Thread:  Data scoring and fine-tuning of back-up policy, Rafael de Dios
Indexes:  [Date] [Thread] [Top] [All Lists]