Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Full-disclosure] Patterns and Security Measurement
From: eric williams (nfobrogmail.com)
Date: Fri May 05 2006 - 13:51:20 CDT
On 5/5/06, Nguyen Pham <nguyen.petroniusgmail.com> wrote:
> Hi list,
> Actually, I am trying to measure security (and then security assurance)
> level of a complex telecommunication network. I am looking for a
> method/approach/product using sets of predefined, standard entities
> (station, server, firewall, router, ...) and relations (forming "patterns"
> like pipe, cluster, bus, gateway, ..., architectures) which have already
> been measured to simplify the process of system security measurement. An
> aggregation algorithm is then needed to arrive at an overall system security
> Any recommendation of academic or industrial solutions would be welcome.
Depending on your status w.r.t. US based offerings there are two NSA
sanctioned methodologies for assessment of complex information system
infrastructures and information security. The INFOSEC Assessment
Methodology and the INFOSEC Evaluation Methodology (IAM and IEM,
I can recommend both highly. Given what you have posted I think the
IEM would be your best bet. Again, accessing these methods will
depend on your status with respect to US Gov't affiliated offerings.
> Other suggestions for solving the problem (security measurement of complex
> network) are also greatly appreciated.
> Many thanks,
> Nguyen Pham.
> Full-Disclosure - We believe in it.
> Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/