Re: [fw-wiz] tunnel vs open a hole

From: Magosányi Árpád (mag@bunuel.tii.matav.hu)
Date: 04/11/03

  • Next message: Gary Flynn: "Re: [fw-wiz] tunnel vs open a hole"
    To: George Capehart <capegeo@opengroup.org>
    From: mag@bunuel.tii.matav.hu (Magosányi Árpád)
    Date: Fri, 11 Apr 2003 06:11:32 +0000
    

    A levelezőm azt hiszi, hogy George Capehart a következőeket írta:
    > professionals. There *does* exist a well-defined IT governance model:
    > see http://www.isaca.org/cobit.htm. There is also a model for
    > accountability that I personally like (but at which everyone would like
    > to duck and run for cover) . . . see
    > http://csrc.nist.gov/sec-cert/SP-800-37-v1.0.pdf (the certification and

    My favourite mania recently!

    Add BS7799-2:2002 (not to be confused with ISO17799, which is a crap), and you have the whole
    IT security covered. Just realize that which methodology is the best for
    which area (CC: technical controls and requirements, Cobit: processes,
    roles, and responsibilities, BS7799-2: process control modell) and
    understand that IT security is a continually enhancing and changing process
    which should be handled in an integrated way with other process control
    modells: ISO900x, IT strategy, etc.
    All of these methodologies (maybe with the exception of CC) try to cover
    all areas of security, but they all have _one_ area where they are
    useable. And of course a methodology is just a methodology. To make
    it useful, you have to use your brain and common sense.

    -- 
    GNU GPL: csak tiszta forrásból
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Gary Flynn: "Re: [fw-wiz] tunnel vs open a hole"

    Relevant Pages

    • RE: Penetration testing scope/outline
      ... person doesn't come right out and say they are new to Security, ... Subject: Penetration testing scope/outline ... methodology is modified to that particular type of test. ... of you who don't have the manual handy, that page says INCOMPLETE ...
      (Pen-Test)
    • Re: Penetration testing scope/outline
      ... > Security Testing. ... methodology is modified to that particular type of test. ... of you who don't have the manual handy, that page says INCOMPLETE ... useful for anyone except a fairly experienced tester. ...
      (Pen-Test)
    • RE: Is there any way to measure IT Security??
      ... It's a good methodology useful for evaluting critical systems and data. ... security community and embraded by the federal government. ... FREE WHITE PAPER - Wireless LAN Security: ... Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. ...
      (Pen-Test)
    • RE: Another opinion on using extreme programming for security
      ... > methodology. ... Another opinion on using extreme programming for security ... Software development requirements are always at the whim of the ...
      (SecProg)
    • better late than never.... (was Re: Penetration testing scope/outline)
      ... I have asked repeatedly for this kind of criticism to improve the OSSTMM ... documentation and this is exactly what I needed over a year ago (albeit ... OSSTMM 3.0 has evolved even more to be a methodology for thorough ... security testing and metrics where I focus on factual security metrics ...
      (Pen-Test)