Security Basics mailing list archives

Re: Assessment Methodology

From: robert () dyadsecurity com
Date: Mon, 25 Oct 2004 16:58:20 -0700

Paul Ryan(pryan () rogers wave ca)@Mon, Oct 25, 2004 at 02:40:53PM -0400:

I am in the process of doing an audit on various portions of our IT
infrastructure. I wanted to know everyone's opinions on what the preferred
metric system is. I've been researching OCTAVE - my objective is to provide
a report with a scheme that easily reflects the status based on our current
policy. Something like pass,fail or compliance % - just brainstorming here


We've always done tests based on what we can actually measure.  We try to represent findings in terms that clearly 
articulate what we measured.  As far as methodologies that we've seen, evaluated, and used, I have had the best 
practical results by using the Open Source Security Testing Methodology Manual (www.OSSTMM.org) from the Institute for 
Security and Open Methodologies (www.ISECOM.org).

Robert

-- 
Robert E. Lee
CTO, Dyad Security, Inc.
W - http://www.dyadsecurity.com
E - robert () dyadsecurity com
M - (949) 394-2033

Current thread:

Assessment Methodology Paul Ryan (Oct 25)
- Re: Assessment Methodology robert (Oct 26)
- <Possible follow-ups>
- RE: Assessment Methodology Randy Golly (Oct 27)