lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri May  5 19:51:28 2006
From: nfobro at gmail.com (eric williams)
Subject: Patterns and Security Measurement

On 5/5/06, Nguyen Pham <nguyen.petronius@...il.com> wrote:
>
> Hi list,
>
> Actually, I am trying to measure security (and then security assurance)
> level of a complex telecommunication network. I am looking for a
> method/approach/product using sets of predefined, standard entities
> (station, server, firewall, router, ...) and relations (forming "patterns"
> like pipe, cluster, bus, gateway, ..., architectures) which have already
> been measured to simplify the process of system security measurement. An
> aggregation algorithm is then needed to arrive at an overall system security
> value.
>
> Any recommendation of academic or industrial solutions would be welcome.

Depending on your status w.r.t. US based offerings there are two NSA
sanctioned methodologies for assessment of complex information system
infrastructures and information security.  The INFOSEC Assessment
Methodology and the INFOSEC Evaluation Methodology (IAM and IEM,
respectively).

I can recommend both highly.  Given what you have posted I think the
IEM would be your best bet.  Again, accessing these methods will
depend on your status with respect to US Gov't affiliated offerings.

http://www.iatrp.com/iam.cfm
http://www.iatrp.com/iem.cfm

>
> Other suggestions for solving the problem (security measurement of complex
> network) are also greatly appreciated.
>
> Many thanks,

no problema.

-e

> Nguyen Pham.
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ