From: Balwant Rathore (balwant@oissg.org)
Date: Wed Jan 26 2005 - 16:51:45 EST
Good morning wade,
Information Systems Security Assessment Framework Draft 0.1 has one
section on project management and things an assessor should consider
before assessment, during assessment and after assessment in
step-by-step manner. Check it out at: http://www.oissg.org/issaf direct
download http://oissg.org/issaf01/issaf0.1.zip
You can find a security assessment contract at page 1036; it’s reviewed
by a lawyer. We are including a Non Disclosure Agreement (NDA) in ISSAF
draft0.2, which you will get in your mail box right away. If any of you
need NDA, contact me.
Since you are a student and new to security assessment. I will strongly
recommend you reading Legal Aspects of Security Assessment. This section
covers various legal issues related to assessment including scanning
(with example of Moulton vs VC3 case and others), privacy and explains
various local laws.
>> In any event, if you think that you might help out a group of
students trying to break into the InfoSec world, please email me
directly, I have some preliminary project plans, the course syllabus
which outlines everything, and of course, the contact information for
our professor if you wish to contact him for validation.
==============
We help people who are involved in our projects with resource, guidance.
Our conferences are absolutely free:
http://www.oissg.org/content/view/85/88/
My best
Balwant
Balwant Rathore
Open Information Systems Security Group
www.oissg.org <http://www.oissg.org/>
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:15 EDT