Re: Where to get recognizable, 3rd party security audits?

From: Pete Herzog (lists@isecom.org)
Date: Sun Mar 05 2006 - 11:03:17 EST

• Next message: Victor Chapela: "RE: MQ Series ...."
• Previous message: Praburaajan: "HITBSecConf2006 - Malaysia: Call for Papers"
• In reply to: Craig Wright: "RE: Where to get recognizable, 3rd party security audits?"
• Next in thread: v b: "Re: Where to get recognizable, 3rd party security audits?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

Have you looked into getting an OSSTMM Audit? (Disclaimer, I work for
ISECOM.) ISECOM is an independent, non-profit organization which will
provide certification, is well known and respected, and can provide both
valid metrics and certification of those metrics. You will need to
choose an ISECOM Auditor but there are thousands of capable people who
can do an OSSTMM security test (we hi-lite those who are involved deeply
in the OSSTMM project with ISECOM at
http://www.isecom.org/auditors.shtml) but you can also find qualified
OSSTMM auditors just by requesting proof of OPST/OPSA certification from
the auditors. If you're unfamiliar with the certifications, you can read
more at www.opst.org and www.opsa.org.

It may be exactly what you're looking for.

Sincerely,
-pete.

Managing Director, ISECOM
www.isecom.org

>
> -----Original Message-----
> From: Pigeon [mailto:fredit@charter.net]
> Sent: Sat 4/03/2006 9:40 AM
> To: pen-test@securityfocus.com
> Cc:
> Subject: Where to get recognizable, 3rd party security audits?
>
>
>
> Hello, I need to find a company that will do security testing on our
> 5 or 6 servers to verify their security level. We will need a very
> well recognized certificate from them.. AKA, I couldn't do the
> security audit, and no Joe Blow (granted you might be awesome) can do
> them. The reason for this is to show VERY large corporations our
> credentials.
>
>
> So far, people have mentioned these certs:
> SAS type 2
> FISAAA
> HIPPA
> ISO7799
> COSO
>
>
> but I am unsure on these.. It appears like these could takes months
> to prepare internally and then we submit the information to an
> organization for review. Is this normal?
>
>
> thanks!

------------------------------------------------------------------------------
This List Sponsored by: Lancope

"Discover the Security Benefits of Cisco NetFlow"
Learn how Cisco NetFlow enables cost-effective security across distributed
enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA)
and Response solution, leverages Cisco NetFlow to provide scalable,
internal network security.
Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response
Systems in the Enterprise."

http://www.lancope.com/resource/
------------------------------------------------------------------------------

• Next message: Victor Chapela: "RE: MQ Series ...."
• Previous message: Praburaajan: "HITBSecConf2006 - Malaysia: Call for Papers"
• In reply to: Craig Wright: "RE: Where to get recognizable, 3rd party security audits?"
• Next in thread: v b: "Re: Where to get recognizable, 3rd party security audits?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:36 EDT