Penetration Testing mailing list archives
RE: Security Audit
From: "Ogle Ron (Rennes)" <OgleR () thmulti com>
Date: Mon, 10 Sep 2001 11:11:00 +0200
I've seen all of those sources, and I understand that everyone has one. The sources are info only. What I'm saying is that the security business needs to define more standardized solutions. What is being asked by a lot of people, is the same for audits by accountants. There are standard well recognized practices that are followed in the accounting area but not in the security area. The security area is very much a buyer's be ware strategy with neophyte security companies providing a lousy service. Maybe under the auspices of the ISC2 for CISSPs, a standardization of terms and expectations can be created for all in the security area to follow. Of course, each security company can then state that they provide additional services, but at least there is a minimum expectation. At least part of the ethics code that must be signed by CISSPs provides for some level of professionalism which is really what is needed here for the audits. Ron Ogle Thomson multimedia Rennes, France
-----Original Message----- From: Aleksander Czarnowski [mailto:alekc () avet com pl] Sent: Friday, September 07, 2001 5:23 PM To: 'pen-test () securityfocus com' Cc: 'OgleR () thmulti com' Subject: RE: Security Audit There is already one freely available and it is called Open Source Security Testing Methodology (http://uk.osstmm.org/osstmm.htm). In RFCs you will find Site Security Handbook (it's not on pen-test, but I guess it can be useful anyway).
.......... Price is also based on resources and time needed to
create such methodology. And please remember that after creating your methodology should be research further to keep up with the rest of the world. Regards, Aleksander Czarnowski AVET INS -------------------------------------------------------------- -------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- RE: Security Audit, (continued)
- RE: Security Audit Wertheimer, Ishai (Sep 06)
- Re: Security Audit Erik Tayler (Sep 06)
- Re: Security Audit Renaud Deraison (Sep 07)
- Re: Security Audit Justin Stanford (Sep 07)
- Re: Security Audit bacano (Sep 10)
- RE: Security Audit Wertheimer, Ishai (Sep 06)
- RE: Security Audit Roberts, Kevin S (Sep 06)
- RE: Security Audit Ogle Ron (Rennes) (Sep 06)
- Re: Security Audit bluefur0r bluefur0r (Sep 06)
- Re: Security Audit Rob J Meijer (Sep 07)
- RE: Security Audit Aleksander Czarnowski (Sep 07)
- RE: Security Audit Ogle Ron (Rennes) (Sep 10)
- Re: Security Audit H Carvey (Sep 10)
- Re: Security Audit bacano (Sep 10)
- How to discover FW-1 management module or GUI? Carmelo Floridia (Sep 12)
- Re: How to discover FW-1 management module or GUI? Sheik Abdulla (Sep 13)
- Re: How to discover FW-1 management module or GUI? Alex Butcher (Sep 13)
- Re: How to discover FW-1 management module or GUI? Michael Batchelder (Sep 14)
- Re: How to discover FW-1 management module or GUI? Gareth Bromley (Sep 23)
- Re: How to discover FW-1 management module or GUI? The Crocodile (Sep 16)
- Re: How to discover FW-1 management module or GUI? Penetration Testing (Sep 16)
- Re: Security Audit bacano (Sep 10)