Blog Posts Tagged with "ISECOM"

1789975b05c7c71e14278df690cabf26

What They Don't Teach You in "Thinking Like the Enemy" Classes

March 06, 2012 Added by:Pete Herzog

The enemy is not homogenous. Just like there is not just one foreign language, there is not one type of enemy. Among those enemy attackers, not all think alike. Even those joined together under a common mission or goal, there is often division in how to accomplish that goal...

Comments  (2)

0f57a863af3b7e5bf59a94319a408ff7

Broken Trust Part 2: Applying the Approach to Dropbox

October 03, 2011 Added by:Enno Rey

After having introduced the basic elements of the concepts of trust, control and confidence in a previous post on the RSA breach, today I’ll try to strengthen your understanding of these ideas - and maybe even my own as well - by applying them to another candidate: Dropbox...

Comments  (2)

0f57a863af3b7e5bf59a94319a408ff7

Auditing: Remote Access Security in 2011

August 15, 2011 Added by:Enno Rey

When the standards were written, endpoints were supposed to be mostly company managed Windows systems. In the meantime most organizations face an unmanaged mess composed of a growing number of smartphones and tablets, some company managed, while some are predominantly free floating...

Comments  (0)

1789975b05c7c71e14278df690cabf26

The ABZs of Cybersecurity

July 09, 2011 Added by:Pete Herzog

The points made in this article reflect the research findings outlined in the OSSTMM 3: operational security controls, security and trust metrics, and the Moebius Defense security model where environmental protection precedes security awareness. You can find OSSTMM research at the ISECOM website...

Comments  (1)

3ac1b4d00e292a1a670a4df0e460892a

Understanding Trust Audit Methodology

June 21, 2011 Added by:Cor Rosielle

Approaching operational trust intuitively is similar as solving security problems intuitively. Unfortunately most of what we understand about trust is based on experience, how it makes us feel. Therefore we are often not able to quantify the amount of trust...

Comments  (0)

0f57a863af3b7e5bf59a94319a408ff7

Broken Trust Part 1: Reflections on RSA's SecurID

June 20, 2011 Added by:Enno Rey

If you have been wondering “why do my guts tell me we shouldn’t trust these guys anymore?” this post might serve as a contribution to answering this question in a structured way. Furthermore, the intent was to provide some introduction to the wonderful world of trust, control and confidence...

Comments  (0)

1789975b05c7c71e14278df690cabf26

How to Pen Test Crazy

June 20, 2011 Added by:Pete Herzog

So who verifies security operations? Not the penetration tester. Not the ethical hacker. Not anymore. Sadly, unfortunately they've been marginalized to running scanners and eliminating false positives and negatives. They have been marginalized into near extinction...

Comments  (2)

1789975b05c7c71e14278df690cabf26

The "Lots of Sex" Risk and Security Project

March 16, 2011 Added by:Pete Herzog

Routines make us predictable which, becomes our flaw. The problem with "patching" these flaws is that they are design features which are the product of being human. In addressing those flaws we will also ruin many of the good things about people which make them creative, social, and productive...

Comments  (8)

314f19f082e69886c20e31c70fe6dceb

First Annual (Possibly Semi-Annual) OSSTMM Forum

March 02, 2011 Added by:Rod MacPherson

OSSTMM is very high level, and the thing that everyone seems to be in agreement on is the need for applied OSSTMM documents outlining how it can be applied to different realms, such as web applications, computer networks, system hardening, etc...

Comments  (4)

1789975b05c7c71e14278df690cabf26

Getting Off the Patch

January 10, 2011 Added by:Pete Herzog

Patching is just one small part of the solution that includes Anti-virus, firewalls, intrusion detection systems, strong authentication, encryption, physical locks, disabling of scripting languages, reduced personal information on social networks,as part of a healthy lifestyle solution...

Comments  (13)

314f19f082e69886c20e31c70fe6dceb

OSSTMM v3 From A Client's Perspective

December 13, 2010 Added by:Rod MacPherson

I can't think of anything I dislike about the Rules of Engagement. I would be in heaven if every vendor I dealt with held to even half the Rules. I could especially do with not being fed FUD, or a list of past clients who's engagement had little in common with what I'm looking to hire the vendor for...

Comments  (0)

40567eb686e5eaad55cf6f07f6e5b317

OSSTMM 2.2 to 3 - a long trail!

December 13, 2010 Added by:Joerg Simon

Nearly every Standard who implements Security Management into Business Processes, require, that the results from security tests, as base for risk assessment, ensures to have comparable and reproducible results. How to ensure that? The OSSTMM is the perfect Guide. And the auditing department will love the results out of the OSSTMM Metric - the Risk Assessment Values (rav).

Comments  (0)

6d117b57d55f63febe392e40a478011f

Seminar to Feature ISECOM's OSSTMM v3

October 13, 2010 Added by:Anthony M. Freed

The OSSTMM is a peer-reviewed methodology for performing security tests and metrics divided into five channels: information and data controls, fraud and social engineering, computer and telecommunications networks, wireless devices, physical security access controls, and security processes...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

Implementing OSSTMM Strategies Creates Value

September 28, 2010 Added by:Infosec Island Admin

OSSTMM has been enhanced over time dramatically. Current and upcoming releases are strongly related to practical issues. I can definitely confirm that many of our clients who have to change their supplier for security policy reasons expect their future suppliers to apply the OSSTMM...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

An Introduction to OSSTMM Version 3

July 15, 2010 Added by:Infosec Island Admin

As a security consultant, I've always looked for ways to increase consistency, efficiency and value when conducting security analysis on a client's network or business. With the impending release of OSSTMMv3 I'll share my thoughts on the success of the model...

Comments  (19)

6d117b57d55f63febe392e40a478011f

An Interview with U.N. Cybersecurity Expert Raoul Chiesa

April 15, 2010 Added by:Anthony M. Freed

I recently had the pleasure of talking with Raoul Chiesa, OPST, OPSA, and ISECOM Trainer, about international perspectives on cybersecurity issues. Mr. Chiesa is a Senior Advisor on Strategic Alliances & Cybercrime Issues at the Global Crimes Unit for the United Nations Interregional Crime & Justice Research Institute, a Member of the Permanent Stakeholders Group at the European Network &a...

Comments  (0)