Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

No More of the Same Bad Security

From: Pete Herzog <lists () isecom org>
Date: Fri, 14 Jan 2011 18:16:08 +0100
Hi,

I saw that HashDays posted my slides from the event.
"No More of the Same Bad Security: Why the OSSTMM 3 is Threatening Modern Security Practices"
It covers Patching, Defense in Width, OSSTMM 3, and Security Testing among other things. From the event blurb:
"Modern security has become just a dance-off between jargon and products. Enterprises are doing what their being told by compliance requirements, books, and blogs and it's not working or it's not scaling. The problem is we are being taught to build defenses like consumers and it fails us again and again. Then most of us learn to late however that it's failed because the verification methods and security metrics provided are biased or indirect and therefore point out unmanageable and imaginary cause/effect relationships. That's why ISECOM took a different direction with the OSSTMM 3. This short seminar will explain how and why the OSSTMM 3 is nothing like security that you know. There's no Risk analysis, no threat analysis, no patching, and no security awareness yet it works efficiently and economically. The operational security metrics and trust metrics you will see in action are realistic and allow for immediate and accurate defensive changes in your tactics and overall strategy. The OSSTMM 3 will challenge what you think you know about security. Be prepared to be amazed." 

Here's the slides:

https://www.hashdays.ch/assets/files/slides/herzog_no_more_of_the_same_bad_security.pdf

Sincerely,
-pete.

--
Pete Herzog - Managing Director - pete () isecom org
ISECOM - Institute for Security and Open Methodologies
www.isecom.org - www.osstmm.org
www.hackerhighschool.org - www.badpeopleproject.org

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 
http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: