Blog Posts Tagged with "OSSTMM"


OSSTMM 2.2 to 3 - a long trail!

December 13, 2010 Added by:Joerg Simon

Nearly every Standard who implements Security Management into Business Processes, require, that the results from security tests, as base for risk assessment, ensures to have comparable and reproducible results. How to ensure that? The OSSTMM is the perfect Guide. And the auditing department will love the results out of the OSSTMM Metric - the Risk Assessment Values (rav).

Comments  (0)


Tiempos de Cambio: OSSTMM 3 - Una Introducción

December 13, 2010 Added by:Infosec Island Admin

Algunos días atrás, recordaba gratamente cuando allá por el 2000, comenzaba a interesarme por las tarea de un reducido numero de personas, quienes bajo el nombre de Ideahamster (Nickname con el que suele referirse a aquellas personas que dan vueltas alrededor de nuevas ideas, tal como un hamster lo hace con su rueda), planeaban llevar adelante un conjunto de proyectos relacionados con seguridad...

Comments  (0)


Information Based Enterprise Plagued by Fraud

October 27, 2010 Added by:Thomas Fox

According to the 2010 Kroll survey, 88% of companies have been victims of fraud in the past year. Information-based industries reported the highest incidence of theft of data over the past 12 months - these include financial and professional services, technology, media and telecoms...

Comments  (0)


Essential Trust Analysis

October 26, 2010 Added by:Pete Herzog

In operational trust analysis, you learn to use logic and reason to make a trust decision. It is a new practice developed by ISECOM to explore operational trust in Trusted Computing as part of the EU's Open Trusted Computing (OpenTC) project...

Comments  (8)


Methodologies: Cleaning the Mental Gutters

October 25, 2010 Added by:Bill Wildprett, CISSP, CISA

My challenge and task is to apply this modality of critical thinking to the domains of information security, along with that of the OSSTMM. Like more physical exercise will clean the arterial plaque from your personal system, it’s important to floss your brain and defrag your mind...

Comments  (1)


Why Cyber Civil Defense Will Never Work

October 17, 2010 Added by:J. Oquendo

There seems to be some form of confusion. While the approach to defending the homeland may sound like a great idea, the actuality of it coming to light presents many issues and challenges that too many advocates are overlooking and do not fully understand...

Comments  (4)


Seminar to Feature ISECOM's OSSTMM v3

October 13, 2010 Added by:Anthony M. Freed

The OSSTMM is a peer-reviewed methodology for performing security tests and metrics divided into five channels: information and data controls, fraud and social engineering, computer and telecommunications networks, wireless devices, physical security access controls, and security processes...

Comments  (1)


Implementing OSSTMM Strategies Creates Value

September 28, 2010 Added by:Infosec Island Admin

OSSTMM has been enhanced over time dramatically. Current and upcoming releases are strongly related to practical issues. I can definitely confirm that many of our clients who have to change their supplier for security policy reasons expect their future suppliers to apply the OSSTMM...

Comments  (0)


Better Security Through Sacrificing Maidens

September 15, 2010 Added by:Pete Herzog

Now we all see people who say that security is about the process and we see them fighting a losing battle. The problem is we are being taught to build defenses like consumers and it isn't working...

Comments  (25)


Strategies for Choosing the Right Pen Test

August 08, 2010 Added by:Ron Lepofsky

Pen tests may seem like a security test panacea. However they have been known to go terribly wrong and become vastly expensive. Here’s what you need to know to make sure you get the results you want at the price you expect...

Comments  (1)


Getting Physical: Hot Summer Security

July 16, 2010 Added by:Pete Herzog

OSSTMM 3 requires that you don't look to the threat to prepare your security plan because it's too easy to only make changes which affect a small portion of the threats. That's especially true when you consider how unpredictable human behavior can be...

Comments  (10)


An Introduction to OSSTMM Version 3

July 15, 2010 Added by:Infosec Island Admin

As a security consultant, I've always looked for ways to increase consistency, efficiency and value when conducting security analysis on a client's network or business. With the impending release of OSSTMMv3 I'll share my thoughts on the success of the model...

Comments  (19)


Ending the Security Business of Guessing

July 13, 2010 Added by:Pete Herzog

In the research for factual security metrics, factual trust metrics, and reliable, repeatable ways for verifying security, including concretely defining security, we found that the practice of guessing forecasting risk was not only non-factual but also backwards...

Comments  (16)


Hackers May Be Giants with Sharp Teeth

July 06, 2010 Added by:Pete Herzog

Interestingly, the point of a risk assessment is to determine vulnerabilities, assets, and threats. So why does a 9-year-old know what so many security professionals don't? Why does she realize that imagining what the threat looks like is just an exercise in creativity, not prediction?

Comments  (3)


An Interview with U.N. Cybersecurity Expert Raoul Chiesa

April 15, 2010 Added by:Anthony M. Freed

I recently had the pleasure of talking with Raoul Chiesa, OPST, OPSA, and ISECOM Trainer, about international perspectives on cybersecurity issues. Mr. Chiesa is a Senior Advisor on Strategic Alliances & Cybercrime Issues at the Global Crimes Unit for the United Nations Interregional Crime & Justice Research Institute, a Member of the Permanent Stakeholders Group at the European Network &a...

Comments  (0)

Page « < 1 - 2 > »