Re: Educational Security Assessment project for Northern Virginia Community College students.

[Balwant Rathore <balwant () oissg org>]

Good morning wade,

Information Systems Security Assessment Framework Draft 0.1 has one 
section on project management and things an assessor should consider 
before assessment, during assessment and after assessment in 
step-by-step manner. Check it out at: http://www.oissg.org/issaf direct 
download http://oissg.org/issaf01/issaf0.1.zip

You can find a security assessment contract at page 1036; it’s reviewed 
by a lawyer. We are including a Non Disclosure Agreement (NDA) in ISSAF 
draft0.2, which you will get in your mail box right away. If any of you 
need NDA, contact me.

Since you are a student and new to security assessment. I will strongly 
recommend you reading Legal Aspects of Security Assessment. This section 
covers various legal issues related to assessment including scanning 
(with example of Moulton vs VC3 case and others), privacy and explains 
various local laws.

>> In any event, if you think that you might help out a group of 
students trying to break into the InfoSec world, please email me 
directly, I have some preliminary project plans, the course syllabus 
which outlines everything, and of course, the contact information for 
our professor if you wish to contact him for validation.
==============
We help people who are involved in our projects with resource, guidance. 
Our conferences are absolutely free: 
http://www.oissg.org/content/view/85/88/


My best

Balwant

Balwant Rathore
Open Information Systems Security Group
www.oissg.org <http://www.oissg.org/>