Re: Standards for penetration testing

From: Brahman (TPG Account) (btlingham_at_tpg.com.au)
Date: 03/06/04

  • Next message: Irvin Temp: "setting up security research lab"
    To: "Rafael Ausejo Prieto" <rafael@ausejo.net>, <thomas.kerbl@fh-hagenberg.at>
    Date: Sat, 6 Mar 2004 18:40:30 +1100
    
    

    I would also reccomend reviewing AS/NZS 7799.2:2003 in addition to ISO/IEC
    17799:2000. These standards are available at http://www.sai-global.com

    Regards

    Brahman
    Acting Program Manager
    Information Security Management Systems
    btlingham@sai-global.com

    ----- Original Message -----
    From: "Rafael Ausejo Prieto" <rafael@ausejo.net>
    To: <thomas.kerbl@fh-hagenberg.at>
    Cc: <pen-test@securityfocus.com>
    Sent: Friday, March 05, 2004 9:08 AM
    Subject: RE: Standards for penetration testing

    > > * OSSTMM - Open Source Security Testing Methodology Manual
    > > * Durchfuehrungskonzept fuer Penetrationstests (BSI - Germany)
    > > * NIST Guideline on Network Security Testing (special publ. 800-42)
    > >> Can anyone point me to other standards for penetration testing?
    >
    > ISACA (Information Systems Audit and Control Association)
    > released this month an exposure draft:
    >
    > "IS AUDITING PROCEDURE PENETRATION TESTING AND VULNERABILITY ANALYSIS
    > DOCUMENT"
    > This material was issued on 1 February 2004. Exposure period closes 31
    March
    > 2004.
    >
    > I suppose it's not yet publicy available (just for ISACA members review);
    > but it could be in the near future...
    >
    >
    > Rafael Ausejo Prieto
    > rafael@ausejo.net
    > http://www.ausejo.net/
    >
    >
    > --------------------------------------------------------------------------
    -
    > Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    > any course! All of our class sizes are guaranteed to be 10 students or
    less
    > to facilitate one-on-one interaction with one of our expert instructors.
    > Attend a course taught by an expert instructor with years of in-the-field
    > pen testing experience in our state of the art hacking lab. Master the
    skills
    > of an Ethical Hacker to better assess the security of your organization.
    > Visit us at:
    > http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    > --------------------------------------------------------------------------

    --
    >
    >
    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------
    

  • Next message: Irvin Temp: "setting up security research lab"