Security Basics mailing list archives
Re: Assessment Methodology
From: robert () dyadsecurity com
Date: Mon, 25 Oct 2004 16:58:20 -0700
Paul Ryan(pryan () rogers wave ca)@Mon, Oct 25, 2004 at 02:40:53PM -0400:
I am in the process of doing an audit on various portions of our IT infrastructure. I wanted to know everyone's opinions on what the preferred metric system is. I've been researching OCTAVE - my objective is to provide a report with a scheme that easily reflects the status based on our current policy. Something like pass,fail or compliance % - just brainstorming here
We've always done tests based on what we can actually measure. We try to represent findings in terms that clearly articulate what we measured. As far as methodologies that we've seen, evaluated, and used, I have had the best practical results by using the Open Source Security Testing Methodology Manual (www.OSSTMM.org) from the Institute for Security and Open Methodologies (www.ISECOM.org). Robert -- Robert E. Lee CTO, Dyad Security, Inc. W - http://www.dyadsecurity.com E - robert () dyadsecurity com M - (949) 394-2033
Current thread:
- Assessment Methodology Paul Ryan (Oct 25)
- Re: Assessment Methodology robert (Oct 26)
- <Possible follow-ups>
- RE: Assessment Methodology Randy Golly (Oct 27)