From: Brahman (TPG Account) (btlingham@tpg.com.au)
Date: Sat Mar 06 2004 - 02:40:30 EST
I would also reccomend reviewing AS/NZS 7799.2:2003 in addition to ISO/IEC
17799:2000. These standards are available at http://www.sai-global.com
Regards
Brahman
Acting Program Manager
Information Security Management Systems
btlingham@sai-global.com
----- Original Message -----
From: "Rafael Ausejo Prieto" <rafael@ausejo.net>
To: <thomas.kerbl@fh-hagenberg.at>
Cc: <pen-test@securityfocus.com>
Sent: Friday, March 05, 2004 9:08 AM
Subject: RE: Standards for penetration testing
> > * OSSTMM - Open Source Security Testing Methodology Manual
> > * Durchfuehrungskonzept fuer Penetrationstests (BSI - Germany)
> > * NIST Guideline on Network Security Testing (special publ. 800-42)
> >> Can anyone point me to other standards for penetration testing?
>
> ISACA (Information Systems Audit and Control Association)
> released this month an exposure draft:
>
> "IS AUDITING PROCEDURE PENETRATION TESTING AND VULNERABILITY ANALYSIS
> DOCUMENT"
> This material was issued on 1 February 2004. Exposure period closes 31
March
> 2004.
>
> I suppose it's not yet publicy available (just for ISACA members review);
> but it could be in the near future...
>
>
> Rafael Ausejo Prieto
> rafael@ausejo.net
> http://www.ausejo.net/
>
>
> --------------------------------------------------------------------------
-
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or
less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the
skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> --------------------------------------------------------------------------
-- > > --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:49 EDT