Penetration Testing mailing list archives
Mastering Trust in Security Assessments
From: Pete Herzog <lists () isecom org>
Date: Thu, 20 May 2010 20:20:41 +0200
Hi,ISECOM has been working on improving and replacing risk analysis, assessments and management with trust. Our research has shown dramatic improvements from using a trust model based on fact over risk models. OSSTMM 3 (www.osstm.org) outlines much of this already and I am beginning to address this at various conferences.
Mastering trust has many benefits for security testing including improved social engineering, improved attack trees, and improved competitive intelligence gathering. Additionally, mastering the ability to see through phishing, scams, PR smoke screens, lies, and other deceptive practices also has the inverse of teaching how to improve stealth, cons, and fraud for your security tests.
A basic version of our Mastering Trust seminar presentation is available here:
http://www.isecom.org/events/Mastering_Trust_3.pdf Enjoy! -pete. -- Pete Herzog - Managing Director - pete () isecom org ISECOM - Institute for Security and Open Methodologies www.isecom.org - www.osstmm.org www.hackerhighschool.org - www.badpeopleproject.org ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review BoardProve to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Mastering Trust in Security Assessments Pete Herzog (May 21)