[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-Disclosure] Information System Security Assessment Framework
From: "admoore () phreaker ! net" <admoore () phreaker ! net>
Date: 2004-12-30 16:37:52
Message-ID: 20041230162637.00B3BC908F8 () smtp-2 ! hotpop ! com
[Download RAW message or body]
Dear Colleague,
Today, the evaluation of Information Systems (IS) security in accordance with business \
requirements is a vital component of any organizations business strategy. While there are a few \
information security assessment standards, methodologies and frameworks that talk about what \
areas of security must be considered, they do not contain specifics on HOW and WHY existing \
security measures should be assessed, nor do they recommend controls to safeguard them.
The Information System Security Assessment Framework (ISSAF) is a peer reviewed structured \
framework that categorizes information system security assessment into various domains & \
details specific evaluation or testing criteria for each of these domains. It aims to provide \
field inputs on security assessment that reflect real life scenarios. ISSAF should primarily be \
used to fulfill an organization’s security assessment requirements and may additionally be used \
as a reference for meeting other information security needs. ISSAF includes the crucial facet \
of security processes and, their assessment and hardening to get a complete picture of the \
vulnerabilities that might exists.
The information in ISSAF is organized into well defined evaluation criteria, each of which has \
been reviewed by subject matter experts in that domain. These evaluation criteria include: • A \
description of the evaluation criteria. • Its aims & objectives
• The pre-requisites for conducting the evaluations
• The process for the evaluation
• Displays the expected results
• Recommended countermeasures
• References to external documents
A draft version of this framework is available at OISSG website at:
http://oissg.org/issaf01/issaf0.1.zip (5.59 MB) or http://oissg.org/issaf01/issaf0.1.pdf (12.6 \
MB)
The Information System Security Assessment Framework (ISSAF) is an evolving document that will \
be expanded, amended and updated in future. To improve the usefulness of the future release of \
ISSAF, please take a moment to evaluate it. Your feedback is invaluable to OISSG's efforts to \
fully serve the profession and future ISSAF releases. The feedback form is given at the end of \
ISSAF; please email your feedback at feedback@oissg.org. We will get back to you ASAP.
Best regards,
A.D. Moore
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic