Re: [Full-disclosure] Patterns and Security Measurement

[Sol Invictus <sol@xxxxxxxxxxxxxxxxxxxxx>]

I would say take a look at the OSSTMM.  www.isecom.org/osstmm.  There is 
also a tool  from CIOView that will help you determine your Risk 
Assessment Values using the OSSTMM.  www.cioview.com.

Hope that helps!

Sol.

Nguyen Pham wrote:

> Hi list,
>
> Actually, I am trying to measure security (and then security 
> assurance) level of a complex telecommunication network. I am looking 
> for a method/approach/product using sets of predefined, standard 
> entities (station, server, firewall, router, ...) and relations 
> (forming "patterns" like pipe, cluster, bus, gateway, ..., 
> architectures) which have already been measured to simplify the 
> process of system security measurement. An aggregation algorithm is 
> then needed to arrive at an overall system security value.
>
> Any recommendation of academic or industrial solutions would be welcome.
>
> Other suggestions for solving the problem (security measurement of 
> complex network) are also greatly appreciated.
>
> Many thanks,
> Nguyen Pham.
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/