Re: Assessment Methodology
robert_at_dyadsecurity.com
Date: 10/26/04
- Previous message: craig_at_server.codestorm.org: "Re: IIS Logfile"
- In reply to: Paul Ryan: "Assessment Methodology"
- Next in thread: Randy Golly: "RE: Assessment Methodology"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 25 Oct 2004 16:58:20 -0700 To: Paul Ryan <pryan@rogers.wave.ca>
Paul Ryan(pryan@rogers.wave.ca)@Mon, Oct 25, 2004 at 02:40:53PM -0400:
> I am in the process of doing an audit on various portions of our IT
> infrastructure. I wanted to know everyone's opinions on what the preferred
> metric system is. I've been researching OCTAVE - my objective is to provide
> a report with a scheme that easily reflects the status based on our current
> policy. Something like pass,fail or compliance % - just brainstorming here
We've always done tests based on what we can actually measure. We try to represent findings in terms that clearly articulate what we measured. As far as methodologies that we've seen, evaluated, and used, I have had the best practical results by using the Open Source Security Testing Methodology Manual (www.OSSTMM.org) from the Institute for Security and Open Methodologies (www.ISECOM.org).
Robert
-- Robert E. Lee CTO, Dyad Security, Inc. W - http://www.dyadsecurity.com E - robert@dyadsecurity.com M - (949) 394-2033
- Previous message: craig_at_server.codestorm.org: "Re: IIS Logfile"
- In reply to: Paul Ryan: "Assessment Methodology"
- Next in thread: Randy Golly: "RE: Assessment Methodology"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
