Re: Standards for penetration testing

From: Brahman (TPG Account) (btlingham@tpg.com.au)
Date: Sat Mar 06 2004 - 02:40:30 EST

• Next message: Irvin Temp: "setting up security research lab"
• Previous message: Bowden, Sean: "RE: Exhange 2003"
• In reply to: Rafael Ausejo Prieto: "RE: Standards for penetration testing"
• Next in thread: Karsten Johansson: "Re: Standards for penetration testing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I would also reccomend reviewing AS/NZS 7799.2:2003 in addition to ISO/IEC
17799:2000. These standards are available at http://www.sai-global.com

Regards

Brahman
Acting Program Manager
Information Security Management Systems
btlingham@sai-global.com

----- Original Message -----
From: "Rafael Ausejo Prieto" <rafael@ausejo.net>
To: <thomas.kerbl@fh-hagenberg.at>
Cc: <pen-test@securityfocus.com>
Sent: Friday, March 05, 2004 9:08 AM
Subject: RE: Standards for penetration testing

> > * OSSTMM - Open Source Security Testing Methodology Manual
> > * Durchfuehrungskonzept fuer Penetrationstests (BSI - Germany)
> > * NIST Guideline on Network Security Testing (special publ. 800-42)
> >> Can anyone point me to other standards for penetration testing?
>
> ISACA (Information Systems Audit and Control Association)
> released this month an exposure draft:
>
> "IS AUDITING PROCEDURE PENETRATION TESTING AND VULNERABILITY ANALYSIS
> DOCUMENT"
> This material was issued on 1 February 2004. Exposure period closes 31
March
> 2004.
>
> I suppose it's not yet publicy available (just for ISACA members review);
> but it could be in the near future...
>
>
> Rafael Ausejo Prieto
> rafael@ausejo.net
> http://www.ausejo.net/
>
>
> --------------------------------------------------------------------------
-
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or
less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the
skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> --------------------------------------------------------------------------

--
>
>
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

• Next message: Irvin Temp: "setting up security research lab"
• Previous message: Bowden, Sean: "RE: Exhange 2003"
• In reply to: Rafael Ausejo Prieto: "RE: Standards for penetration testing"
• Next in thread: Karsten Johansson: "Re: Standards for penetration testing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:49 EDT