Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Risk Assessment Standards

from [Rafael de Dios] Network Security [Permanent Link]
Subject: RE: Risk Assessment Standards
Date: Mon, 6 Jun 2005 08:56:00 +0200 
Hi all

I have seen this discussion today and I have a question for all of you: 
What are the differences between CRAMM and OCTAVE? Is there any? 

Regards,

Rafael de Dios

Security Analyst


Disclaimer
This message (including any attachments) is confidential and may be
privileged.  If you have received it by mistake please notify the sender
by return e-mail and delete this message from your system. Any
unauthorised use or dissemination of this message in whole or in part is
strictly prohibited.

-----Original Message-----
From: Jeff Bardin [mailto:jsbardin@hotmail.com] 
Sent: Saturday, June 04, 2005 12:36 PM
To: lightningstorm53@yahoo.com; altb@educationcentral.org;
security-management@securityfocus.com
Subject: Re: Risk Assessment Standards

OCTAVE follows ISO17799.  Very detail oriented but will get the job done
if 
you have the stamina to stay with it.  I was licensed to both teach and 
deliver OCTAVE at one point but the $6k per year renewal fee didn't seem

worth the support I received (or did not receive) from CMU.

Cobra is a tool based on ISO17799.  Riskwatch is another tool that has 
mutiple modules but is very detailed as well.

Regards,
Jeff

From: Chris Raymond <lightningstorm53@yahoo.com>
To: "Alt, Brandon C." 
<altb@educationcentral.org>,security-management@securityfocus.com
Subject: Re: Risk Assessment Standards
Date: Wed, 1 Jun 2005 20:04:32 -0700 (PDT)

IAM (InfoSec Assessment Methodology) This one has a
good methogology, but has a limited depth in the
assessment area.  It is a good assessment
methogodology overall.

I've heard down side to Octave, but nothing about
cobra.

Chris Raymond

Master of Information Assurance and Computer Security
student

--- "Alt, Brandon C." <altb@educationcentral.org>
wrote:


I'm looking to find what standards are available for
performing a
security risk assessment. What's out there? I know
of Cobra and Octave,
but have never used them. Does anyone have any
experience with these
two? What other standards do other follow?



Thanks.



Brandon Alt

Information Security Manager

Technology Division

Duval County Public Schools







__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Information Risk Management PowerPoint Slides - Was 'RE: Information Risk Management', Aric Perminter
Next by Date:  RE: Risk Assessment Standards, Salaets, Steven
Previous by Thread:  Re: Risk Assessment Standards, Mitchell Rowton
Next by Thread:  RE: Risk Assessment Standards, Salaets, Steven
Indexes:  [Date] [Thread] [Top] [All Lists]