Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Security Metrics

from [Dan Duplito] Network Security [Permanent Link]
Subject: Re: Security Metrics
Date: Fri, 15 Apr 2005 14:44:49 +0800 
hi, john.

don't know of any papers that recorded the details of an actual security 
assessment for a company, but check out Pete Herzog's OSSTMM project 
(http://www.isecom.org/osstmm/) for an assessment guideline. 

As for the tools, Pete used to have a list of tools related to each security 
test method at OSSTMM's old home, www.ideahamster.org, but you can get a list 
of the commonly used security testing tools at 
"http://www.hackingexposed.com/tools/tools.html"; or at 
"http://www.insecure.org/tools.html";.

HTH

dan

----- Original Message -----
From: "John Blackley" <jblackley@sysmatrix.net>
To: security-management@securityfocus.com
Subject: Security Metrics
Date: 14 Apr 2005 15:24:18 -0000





Folks,

a little guidance here please. I'm looking for work already done on 
building security metrics for an organization. Let's say an 
organization wants to measure its security performance against a 
baseline (perhaps ISO17799?). Do you know of any works that have 
been published showing how it was done or tools that were used in 
the effort.

Any help will be appreciated.

John A Blackley
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Security Metrics, Medzich, Maik
Next by Date:  RE: Security Metrics, Chad Miller
Previous by Thread:  RE: Security Metrics, Medzich, Maik
Next by Thread:  EU privacy laws resources, Dora Mandadjiev
Indexes:  [Date] [Thread] [Top] [All Lists]