Penetration Testing mailing list archives
Re: OSCP
From: "Andre Gironda" <andreg () gmail com>
Date: Sat, 13 Dec 2008 10:41:54 -0700
On Fri, Dec 12, 2008 at 2:38 PM, Chris Griffin <chris () logossecurity com> wrote: Chris,
I suggest that you read the full OSSTMM 3.0Im currious why you say the OSSTMM "only" covers 10 controls.
Where was that quote? :> Any good audit framework contains a taxonomy of tiered controls. The top level of OSSTMM has 10, and I guess that is a lot. I probably shouldn't have included the word "only" because it's misleading and inaccurate. Thanks for the correction. Nice to have you on this list. You should explain the difference between regular IT Security Certifications and what ISECOM does/offers.
From what I understand, OSSTMM 3.0 not only has certifications to run
the audits (and thus become auditors), but it also allows the auditors to be audited themselves. For those curious as to whether Qualys or WhiteHatSec are running Chinese Banker malware or Singapore based hypervisors, this might clue some people in above and beyond what PCI-DSS, SAS70, and BITS SA offer. Cheers, Andre ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- RE: OSCP Al Rivas (Dec 03)
- Re: OSCP Taras P. Ivashchenko (Dec 18)
- Re: OSCP Pete Herzog (Dec 18)
- Re: OSCP christopher . riley (Dec 18)