Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Where to get recognizable, 3rd party security audits?

From: Pete Herzog <lists () isecom org>
Date: Sun, 05 Mar 2006 17:03:17 +0100
Hi,
Have you looked into getting an OSSTMM Audit? (Disclaimer, I work for ISECOM.) ISECOM is an independent, non-profit organization which will provide certification, is well known and respected, and can provide both valid metrics and certification of those metrics. You will need to choose an ISECOM Auditor but there are thousands of capable people who can do an OSSTMM security test (we hi-lite those who are involved deeply in the OSSTMM project with ISECOM at http://www.isecom.org/auditors.shtml) but you can also find qualified OSSTMM auditors just by requesting proof of OPST/OPSA certification from the auditors. If you're unfamiliar with the certifications, you can read more at www.opst.org and www.opsa.org. 

It may be exactly what you're looking for.

Sincerely,
-pete.

Managing Director, ISECOM
www.isecom.org
-----Original Message----- From: Pigeon [mailto:fredit () charter net] Sent: Sat 4/03/2006 9:40 AM To: pen-test () securityfocus com Cc: Subject: Where to get recognizable, 3rd party security audits?
Hello, I need to find a company that will do security testing on our 5 or 6 servers to verify their security level. We will need a very well recognized certificate from them.. AKA, I couldn't do the security audit, and no Joe Blow (granted you might be awesome) can do them. The reason for this is to show VERY large corporations our credentials. 
        
        
        So far, people have mentioned these certs:
        SAS type 2
        FISAAA
        HIPPA
        ISO7799
        COSO
but I am unsure on these.. It appears like these could takes months to prepare internally and then we submit the information to an organization for review. Is this normal? 
        
        
        thanks!


------------------------------------------------------------------------------
This List Sponsored by: Lancope

"Discover the Security Benefits of Cisco NetFlow"
Learn how Cisco NetFlow enables cost-effective security across distributed enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA) and Response solution, leverages Cisco NetFlow to provide scalable, internal network security. Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response Systems in the Enterprise." 

http://www.lancope.com/resource/
------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: