From: Brahman (TPG) (btlingham@tpg.com.au)
Date: Thu Mar 04 2004 - 23:32:39 EST
Hi Thomas,
in addition to reading ISO/IEC 17799 I would also like to
point you to AS/NZS 7799.2:2003. This is a standard which is used to certify
an organisation's information security maangeemnt system and I think is well
worht reading as it allows a managed approach to informations ecurity ratehr
than an adhoc approach taken by many organsiations. I am happy to discuss
this further with you if you wish.
You can find more information about this by visiting
http://www.sai-global.com
Regards
Brahman
----- Original Message -----
From: "Thomas Kerbl" <thomas.kerbl@fh-hagenberg.at>
To: <pen-test@securityfocus.com>
Sent: Friday, March 05, 2004 5:08 AM
Subject: Standards for penetration testing
> Hello list,
>
> I'm currently doing some research for my thesis on penetration testing
> methods. Therefor I'm looking for widely used standards in this area.
>
> Here a collection of what I've already found:
>
> * OSSTMM - Open Source Security Testing Methodology Manual
> * Durchfuehrungskonzept fuer Penetrationstests (BSI - Germany)
> * NIST Guideline on Network Security Testing (special publ. 800-42)
>
> I tried (additional to google search) to find further standards in RFC
> repositories, the IEEE publication database, CERT, the ITIL website and
> of course the securityfocus archive. I couldn't find much usefull
> information on the penetration-test topic. Of course there are many
> great security ressources, but not exactly the information I was looking
> for.
>
> Can anyone point me to other standards for penetration testing? If there
> are any other "must-read" papers (like ISO17799 for example) out there,
> they are also welcome. I can make use of english and german documents.
>
> tia,
> Thomas Kerbl
>
> --
> ~ FH-Hagenberg: Computer & Media Security
> ~ http://cms.fh-hagenberg.at
> ~ my GPG key ID: 0x924042D1
>
> --------------------------------------------------------------------------
-
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or
less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the
skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> --------------------------------------------------------------------------
-- > > ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:53 EDT