Blog Posts Tagged with "OSSTMM"

40567eb686e5eaad55cf6f07f6e5b317

OSSTMM 2.2 to 3 - a long trail!

December 13, 2010 Added by:Joerg Simon

Nearly every Standard who implements Security Management into Business Processes, require, that the results from security tests, as base for risk assessment, ensures to have comparable and reproducible results. How to ensure that? The OSSTMM is the perfect Guide. And the auditing department will love the results out of the OSSTMM Metric - the Risk Assessment Values (rav).

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Tiempos de Cambio: OSSTMM 3 - Una Introducción

December 13, 2010 Added by:Infosec Island Admin

Algunos días atrás, recordaba gratamente cuando allá por el 2000, comenzaba a interesarme por las tarea de un reducido numero de personas, quienes bajo el nombre de Ideahamster (Nickname con el que suele referirse a aquellas personas que dan vueltas alrededor de nuevas ideas, tal como un hamster lo hace con su rueda), planeaban llevar adelante un conjunto de proyectos relacionados con seguridad...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Information Based Enterprise Plagued by Fraud

October 27, 2010 Added by:Thomas Fox

According to the 2010 Kroll survey, 88% of companies have been victims of fraud in the past year. Information-based industries reported the highest incidence of theft of data over the past 12 months - these include financial and professional services, technology, media and telecoms...

Comments  (0)

1789975b05c7c71e14278df690cabf26

Essential Trust Analysis

October 26, 2010 Added by:Pete Herzog

In operational trust analysis, you learn to use logic and reason to make a trust decision. It is a new practice developed by ISECOM to explore operational trust in Trusted Computing as part of the EU's Open Trusted Computing (OpenTC) project...

Comments  (8)

0f48ebb4a6ca02dbf5141affdbfa6898

Methodologies: Cleaning the Mental Gutters

October 25, 2010 Added by:Bill Wildprett, CISSP, CISA

My challenge and task is to apply this modality of critical thinking to the domains of information security, along with that of the OSSTMM. Like more physical exercise will clean the arterial plaque from your personal system, it’s important to floss your brain and defrag your mind...

Comments  (1)

850c7a8a30fa40cf01a9db756b49155a

Why Cyber Civil Defense Will Never Work

October 17, 2010 Added by:J. Oquendo

There seems to be some form of confusion. While the approach to defending the homeland may sound like a great idea, the actuality of it coming to light presents many issues and challenges that too many advocates are overlooking and do not fully understand...

Comments  (4)

6d117b57d55f63febe392e40a478011f

Seminar to Feature ISECOM's OSSTMM v3

October 13, 2010 Added by:Anthony M. Freed

The OSSTMM is a peer-reviewed methodology for performing security tests and metrics divided into five channels: information and data controls, fraud and social engineering, computer and telecommunications networks, wireless devices, physical security access controls, and security processes...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

Implementing OSSTMM Strategies Creates Value

September 28, 2010 Added by:Infosec Island Admin

OSSTMM has been enhanced over time dramatically. Current and upcoming releases are strongly related to practical issues. I can definitely confirm that many of our clients who have to change their supplier for security policy reasons expect their future suppliers to apply the OSSTMM...

Comments  (0)

1789975b05c7c71e14278df690cabf26

Better Security Through Sacrificing Maidens

September 15, 2010 Added by:Pete Herzog

Now we all see people who say that security is about the process and we see them fighting a losing battle. The problem is we are being taught to build defenses like consumers and it isn't working...

Comments  (25)

5a432ca05467666d90425b7b869c5003

Strategies for Choosing the Right Pen Test

August 08, 2010 Added by:Ron Lepofsky

Pen tests may seem like a security test panacea. However they have been known to go terribly wrong and become vastly expensive. Here’s what you need to know to make sure you get the results you want at the price you expect...

Comments  (1)

1789975b05c7c71e14278df690cabf26

Getting Physical: Hot Summer Security

July 16, 2010 Added by:Pete Herzog

OSSTMM 3 requires that you don't look to the threat to prepare your security plan because it's too easy to only make changes which affect a small portion of the threats. That's especially true when you consider how unpredictable human behavior can be...

Comments  (10)

7fef78c47060974e0b8392e305f0daf0

An Introduction to OSSTMM Version 3

July 15, 2010 Added by:Infosec Island Admin

As a security consultant, I've always looked for ways to increase consistency, efficiency and value when conducting security analysis on a client's network or business. With the impending release of OSSTMMv3 I'll share my thoughts on the success of the model...

Comments  (19)

1789975b05c7c71e14278df690cabf26

Ending the Security Business of Guessing

July 13, 2010 Added by:Pete Herzog

In the research for factual security metrics, factual trust metrics, and reliable, repeatable ways for verifying security, including concretely defining security, we found that the practice of guessing forecasting risk was not only non-factual but also backwards...

Comments  (16)

1789975b05c7c71e14278df690cabf26

Hackers May Be Giants with Sharp Teeth

July 06, 2010 Added by:Pete Herzog

Interestingly, the point of a risk assessment is to determine vulnerabilities, assets, and threats. So why does a 9-year-old know what so many security professionals don't? Why does she realize that imagining what the threat looks like is just an exercise in creativity, not prediction?

Comments  (3)

6d117b57d55f63febe392e40a478011f

An Interview with U.N. Cybersecurity Expert Raoul Chiesa

April 15, 2010 Added by:Anthony M. Freed

I recently had the pleasure of talking with Raoul Chiesa, OPST, OPSA, and ISECOM Trainer, about international perspectives on cybersecurity issues. Mr. Chiesa is a Senior Advisor on Strategic Alliances & Cybercrime Issues at the Global Crimes Unit for the United Nations Interregional Crime & Justice Research Institute, a Member of the Permanent Stakeholders Group at the European Network &a...

Comments  (0)

Page « < 1 - 2 > »