Penetration Testing mailing list archives

RE: Security Audit

From: "Ogle Ron (Rennes)" <OgleR () thmulti com>
Date: Mon, 10 Sep 2001 11:11:00 +0200

I've seen all of those sources, and I understand that everyone has one.  The
sources are info only.  What I'm saying is that the security business needs
to define more standardized solutions.  What is being asked by a lot of
people, is the same for audits by accountants.  There are standard well
recognized practices that are followed in the accounting area but not in the
security area.  The security area is very much a buyer's be ware strategy
with neophyte security companies providing a lousy service.

Maybe under the auspices of the ISC2 for CISSPs, a standardization of terms
and expectations can be created for all in the security area to follow.  Of
course, each security company can then state that they provide additional
services, but at least there is a minimum expectation.  At least part of the
ethics code that must be signed by CISSPs provides for some level of
professionalism which is really what is needed here for the audits.

Ron Ogle
Thomson multimedia
Rennes, France

-----Original Message-----
From: Aleksander Czarnowski [mailto:alekc () avet com pl]
Sent: Friday, September 07, 2001 5:23 PM
To: 'pen-test () securityfocus com'
Cc: 'OgleR () thmulti com'
Subject: RE: Security Audit

There is already one freely available and it is called Open 
Source Security
Testing Methodology (http://uk.osstmm.org/osstmm.htm). In 
RFCs you will find
Site Security Handbook (it's not on pen-test, but I guess it 
can be useful
anyway).

..........
 Price is also based on resources and time needed to

create such
methodology. And please remember that after creating your 
methodology should
be research further to keep up with the rest of the world.
Regards,
Aleksander Czarnowski
AVET INS

--------------------------------------------------------------
--------------
This list is provided by the SecurityFocus Security 
Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security 
vulnerabilities please see:
https://alerts.securityfocus.com/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

RE: Security Audit, (continued)
- RE: Security Audit Wertheimer, Ishai (Sep 06)
  - Re: Security Audit Erik Tayler (Sep 06)
  - Re: Security Audit Renaud Deraison (Sep 07)
    - Re: Security Audit Justin Stanford (Sep 07)
    - Re: Security Audit bacano (Sep 10)
- RE: Security Audit Roberts, Kevin S (Sep 06)
- RE: Security Audit Ogle Ron (Rennes) (Sep 06)
- Re: Security Audit bluefur0r bluefur0r (Sep 06)
  - Re: Security Audit Rob J Meijer (Sep 07)
- RE: Security Audit Aleksander Czarnowski (Sep 07)
- RE: Security Audit Ogle Ron (Rennes) (Sep 10)
- Re: Security Audit H Carvey (Sep 10)
  - Re: Security Audit bacano (Sep 10)
    - How to discover FW-1 management module or GUI? Carmelo Floridia (Sep 12)
    - Re: How to discover FW-1 management module or GUI? Sheik Abdulla (Sep 13)
    - Re: How to discover FW-1 management module or GUI? Alex Butcher (Sep 13)
    - Re: How to discover FW-1 management module or GUI? Michael Batchelder (Sep 14)
    - Re: How to discover FW-1 management module or GUI? Gareth Bromley (Sep 23)
    - Re: How to discover FW-1 management module or GUI? The Crocodile (Sep 16)
    - Re: How to discover FW-1 management module or GUI? Penetration Testing (Sep 16)
- Re: Security Audit H Carvey (Sep 12)

(Thread continues...)