Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Risk Assessment Standards

from [Jeff Bardin] Network Security [Permanent Link]
Subject: Re: Risk Assessment Standards
Date: Sat, 04 Jun 2005 06:36:17 -0400
OCTAVE follows ISO17799. Very detail oriented but will get the job done if you have the stamina to stay with it. I was licensed to both teach and deliver OCTAVE at one point but the $6k per year renewal fee didn't seem worth the support I received (or did not receive) from CMU.

Cobra is a tool based on ISO17799. Riskwatch is another tool that has mutiple modules but is very detailed as well.

Regards,
Jeff

From: Chris Raymond <lightningstorm53@yahoo.com>
To: "Alt, Brandon C." <altb@educationcentral.org>,security-management@securityfocus.com
Subject: Re: Risk Assessment Standards
Date: Wed, 1 Jun 2005 20:04:32 -0700 (PDT)

IAM (InfoSec Assessment Methodology) This one has a
good methogology, but has a limited depth in the
assessment area.  It is a good assessment
methogodology overall.

I've heard down side to Octave, but nothing about
cobra.

Chris Raymond

Master of Information Assurance and Computer Security
student

--- "Alt, Brandon C." <altb@educationcentral.org>
wrote:

> I'm looking to find what standards are available for
> performing a
> security risk assessment. What's out there? I know
> of Cobra and Octave,
> but have never used them. Does anyone have any
> experience with these
> two? What other standards do other follow?
>
>
>
> Thanks.
>
>
>
> Brandon Alt
>
> Information Security Manager
>
> Technology Division
>
> Duval County Public Schools
>
>
>
>


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com


[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Information Risk Management PowerPoint Slides - Was 'RE: Information Risk Management', Brad Bemis
Next by Date:  RE: Information Risk Management PowerPoint Slides - Was 'RE: Information Risk Management', Aric Perminter
Previous by Thread:  Re: Risk Assessment Standards, Chris Raymond
Next by Thread:  Re: Risk Assessment Standards, Mitchell Rowton
Indexes:  [Date] [Thread] [Top] [All Lists]