[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    OSSTMM 2.1 Released
From:       "Robert E. Lee" <robert () isecom ! org>
Date:       2003-08-25 0:59:06
[Download RAW message or body]

Barcelona, Spain - 25th August 2003 - The Institute for Security and Open
Methodologies (ISECOM) unveils the much anticipated 2.1 release of the Open
Source Security Testing Methodology Manual (OSSTMM).

About the OSSTMM
The Open Source Security Testing Methodology Manual (OSSTMM) is an open
standard method for performing security tests. Since it's inception in
January 2001, the OSSTMM has become the most widely used, peer-reviewed,
comprehensive security testing methodology in existence. While other
methodologies and "best practices" attack security testing from a 50,000
foot view, the OSSTMM focuses on the technical details of exactly which
items need to be tested, what to do during a security test, and when
different types of security tests should be performed. The OSSTMM provides
testing methodologies for the following six security areas: Information
Security, Process Security, Internet Technology Security, Communications
Security, Wireless Security, and Physical Security.

To quote Pete Herzog, OSSTMM creator, "The primary goal of the OSSTMM is to
provide transparency. It provides transparency of those who have inadequate
security configurations and policies. It provides transparency of those who
perform inadequate security and penetration tests. It provides transparency
of the unscrupulous security vendors vying to sponge up every last cent of
their prey's already meager security budget; those who would side-step
business values with over-hyped threats of legal compliancy,
cyber-terrorism, and hackers.

The OSSTMM is everyone's free, thorough tool to measure security
inadequacies. For added value we include the ethical guidelines to separate
professional security testers from those who are looking to just make some
money. The OSSTMM exists because over 600 security volunteers worldwide
cared enough to be involved in making practical, affordable security less of
a lottery prize and more of a daily reality."

ISECOM is successful at achieving its goals with the OSSTMM do to the open
development environment from which it was created. When you use an internal
testing methodology, you leverage the brain trust of a handful of security
experts. The OSSTMM is powerful because it provides the collective best
practices, legal, and ethical concerns of the global security testing
community.

What's New in the 2.1 Release
In the 2.1, ISECOM has overhauled the document structure and has updated
tests in all six sections. New laws and best practices have been introduced
and analyzed for security testing implications. The concept of Risk
Assessment Values (RAVs) has been expanded. The security testing Rules of
Engagement and Project Planning sections help the tester prepare for and
manage a test. The 2.1 now also includes the much needed "Rules of
Engagement" ethical context required to be a security testing professional.

About the Institute for Security and Open Methodologies (ISECOM)
ISECOM is a nonprofit organization that exists to increase the
professionalism and legitimacy of the security testing industry. ISECOM
achieves this through the open development of standardized methodologies,
practical and ability measured education programs, and accessible
communication forums. Founded and lead by Pete Herzog, ISECOM has
established itself as a global leader for providing practical and relevant
security methodologies accessible to all.

ISECOM's education courses feature training based on ISECOM's Open Source
Security Testing Methodology Manual (OSSTMM). The courses offered include
the OSSTMM Professional Security Tester (OPST), and the OSSTMM Professional
Security Analyst (OPSA). These certifications measure a student's ability to
perform or analyze a security test performed using the OSSTMM. To sign up
for a course, consult the ISECOM training schedule:
http://www.isecom.org/schedule.htm, or contact your nearest ISECOM training
partner: http://www.isecom.org/partners.htm

To download your free copy of the OSSTMM, visit http://www.osstmm.org
For more information about ISECOM and other open-methodology projects,
please visit http://www.isecom.org


[prev in list] [next in list] [prev in thread] [next in thread]