RE: Is there any way to measure IT Security??

["Craig Wright" <cwright () bdosyd com au>]

17799 - part2
SANS have a few measures
The NSA and NIST methodologies are good
ITOL
COSO
COBIT

Lots and the list goes on....

Craig 

-----Original Message-----
From: Larry Marin (Irony Account) [mailto:irony () trini org] 
Sent: 29 July 2005 2:30
To: Toto A Atmojo
Cc: pen-test () securityfocus com; security-management () securityfocus com;
secpapers () securityfocus com; focus-linux () securityfocus com;
libnet () securityfocus com; firewalls () securityfocus com;
security-basics () securityfocus com
Subject: Re: Is there any way to measure IT Security??

You should check out NSA IAM/IEM Methodology...it works well for me.
http://www.iatrp.com/iam.cfm


Toto A Atmojo wrote:

> Dear all,
>
> Currently I'm looking for a tool, or a technique to measure IT
security?
> The baseline for security is CIA (Confidentiality, Integrity and 
> Availability), that is every organization which want to called secure 
> must be guarantee that their system comply this matter.
>
> But the problem is, we need a tool/technique to measure how secure are

> we. Therefore, wee need a tool/technique to measure how close that our

> system status now to CIA.
>
> Please share your experience about this matter.
>
> If there any link about this issue, I really appreciate if you share 
> to us (You may contact me privately) .
>
> Best Regs,
>
> Toto