Full Disclosure mailing list archives
Re: Patterns and Security Measurement
From: Sol Invictus <sol () haveyoubeentested org>
Date: Fri, 05 May 2006 14:36:27 -0400
I would say take a look at the OSSTMM. www.isecom.org/osstmm. There is also a tool from CIOView that will help you determine your Risk Assessment Values using the OSSTMM. www.cioview.com.
Hope that helps! Sol. Nguyen Pham wrote:
Hi list,Actually, I am trying to measure security (and then security assurance) level of a complex telecommunication network. I am looking for a method/approach/product using sets of predefined, standard entities (station, server, firewall, router, ...) and relations (forming "patterns" like pipe, cluster, bus, gateway, ..., architectures) which have already been measured to simplify the process of system security measurement. An aggregation algorithm is then needed to arrive at an overall system security value.Any recommendation of academic or industrial solutions would be welcome.Other suggestions for solving the problem (security measurement of complex network) are also greatly appreciated.Many thanks, Nguyen Pham. ------------------------------------------------------------------------ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Patterns and Security Measurement Nguyen Pham (May 05)
- Re: Patterns and Security Measurement foofus (May 05)
- Re: Patterns and Security Measurement Sol Invictus (May 05)
- Re: Patterns and Security Measurement eric williams (May 05)