[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-Disclosure] Information System Security Assessment Framework
From:       "admoore () phreaker ! net" <admoore () phreaker ! net>
Date:       2004-12-30 16:37:52
Message-ID: 20041230162637.00B3BC908F8 () smtp-2 ! hotpop ! com
[Download RAW message or body]


Dear Colleague,

Today, the evaluation of Information Systems (IS) security in accordance with business \
requirements is a vital component of any organizations business strategy. While there are a few \
information security assessment standards, methodologies and frameworks that talk about what \
areas of security must be considered, they do not contain specifics on HOW and WHY existing \
security measures should be assessed, nor do they recommend controls to safeguard them.

The Information System Security Assessment Framework (ISSAF) is a peer reviewed structured \
framework that categorizes information system security assessment into various domains & \
details specific evaluation or testing criteria for each of these domains. It aims to provide \
field inputs on security assessment that reflect real life scenarios. ISSAF should primarily be \
used to fulfill an organization’s security assessment requirements and may additionally be used \
as a reference for meeting other information security needs. ISSAF includes the crucial facet \
of security processes and, their assessment and hardening to get a complete picture of the \
vulnerabilities that might exists.

The information in ISSAF is organized into well defined evaluation criteria, each of which has \
been reviewed by subject matter experts in that domain. These evaluation criteria include: •	A \
description of the evaluation criteria. •	Its aims & objectives
•	The pre-requisites for conducting the evaluations
•	The process for the evaluation
•	Displays the expected results
•	Recommended countermeasures
•	References to external documents

A draft version of this framework is available at OISSG website at:
http://oissg.org/issaf01/issaf0.1.zip (5.59 MB) or http://oissg.org/issaf01/issaf0.1.pdf (12.6 \
MB)

The Information System Security Assessment Framework (ISSAF) is an evolving document that will \
be expanded, amended and updated in future. To improve the usefulness of the future release of \
ISSAF, please take a moment to evaluate it. Your feedback is invaluable to OISSG's efforts to \
fully serve the profession and future ISSAF releases. The feedback form is given at the end of \
ISSAF; please email your feedback at feedback@oissg.org. We will get back to you ASAP.

Best regards,
A.D. Moore

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


[prev in list] [next in list] [prev in thread] [next in thread]