The Information Systems Security Assessment Framework (ISSAF) Draft0.1

[Ken Shaurette <kmshaurette () MPCCORP COM>]

Others here may have interest in the recent release by OISSG
The information in ISSAF is organized into well defined evaluation 
criteria, each of which has been reviewed by subject matter experts in 
that domain. These evaluation criteria include:
* A description of the evaluation criteria.
* Its aims & objectives
* The pre-requisites for conducting the evaluations
* The process for the evaluation
* Displays the expected results
* Recommended countermeasures
* References to external documents

A draft version of this framework is available at OISSG website at: 
http://www.oissg.org/issaf
 
ISSAF should primarily be used to fulfill an organizations security
assessment requirements and may additionally be used, as a reference for
meeting other information security needs.
 
It is a very well put together document.  If you are conducting internal
security assessment and would like a guide besides the ones that NIST
has produced this is very good.  Or maybe you just want another source
of information.


Ken
------ 

Ken M. Shaurette, CISSP, CISA, CISM 

MPC Solutions,  <http://www.mpcscorp.com/> www.mpcscorp.com
(P) (262) 523-3300 x60486
(F) (208) 898-2383
------
National CyberSecurity Awareness Month - October - Awareness Doesn't End
When the Day is Done! 
------
******************************************** 


Disclaimer: 5/1/2005

MPC Computers is providing the following information in compliance with federal regulations:
 
MPC Computers, LLC
906 E. Karcher Road
Nampa, Idaho 83687
1-888-224-4247
http://www.mpccorp.com

To discontinue receiving e-mail communications from MPC in the future, please go to: 
http://www.mpccorp.com/email/manage.html and follow the instructions.




**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.