Full Disclosure mailing list archives
Re: Patterns and Security Measurement
From: "eric williams" <nfobro () gmail com>
Date: Fri, 5 May 2006 14:51:20 -0400
On 5/5/06, Nguyen Pham <nguyen.petronius () gmail com> wrote:
Hi list, Actually, I am trying to measure security (and then security assurance) level of a complex telecommunication network. I am looking for a method/approach/product using sets of predefined, standard entities (station, server, firewall, router, ...) and relations (forming "patterns" like pipe, cluster, bus, gateway, ..., architectures) which have already been measured to simplify the process of system security measurement. An aggregation algorithm is then needed to arrive at an overall system security value. Any recommendation of academic or industrial solutions would be welcome.
Depending on your status w.r.t. US based offerings there are two NSA sanctioned methodologies for assessment of complex information system infrastructures and information security. The INFOSEC Assessment Methodology and the INFOSEC Evaluation Methodology (IAM and IEM, respectively). I can recommend both highly. Given what you have posted I think the IEM would be your best bet. Again, accessing these methods will depend on your status with respect to US Gov't affiliated offerings. http://www.iatrp.com/iam.cfm http://www.iatrp.com/iem.cfm
Other suggestions for solving the problem (security measurement of complex network) are also greatly appreciated. Many thanks,
no problema. -e
Nguyen Pham. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Patterns and Security Measurement Nguyen Pham (May 05)
- Re: Patterns and Security Measurement foofus (May 05)
- Re: Patterns and Security Measurement Sol Invictus (May 05)
- Re: Patterns and Security Measurement eric williams (May 05)