Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: OSSTMM how good is it?
From: rik kershaw-moore <rkm () tsiolkovsky co uk>
Date: Wed, 17 May 2006 06:45:25 +0100

On Tuesday 16 May 2006 13:01, Steve Armstrong wrote:

However, you state you are undertaking IS1&3 but not 2 why is that.  And
given the nature of IS1&3 why are you using CRAMM?

Beaucse IS2 is th building of Accreditation Document sets - which fall outside 
the remit, as does IS4 and IS5.


Finally, are you looking to use the OSSTMM as in internal testing
standard or one to level contracts against?  I ask because your
questioning alludes to a non technical level of expertise but you are
discussing a methodology to undertake technical testing.

We are looking for an internal testing methodology.  We already have an very 
technical internal testing system in place, but it is home grown and our 
accreditors wish for something more recognised.  

This accounts for why we have to use CRAMM as well as IS1.  Now IS1 is a good 
back of a fag packet stuff, useful in management meetings and the like but 
our accreditors don't trust it for some reason.  

Rik

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]