ODESSA
What is odessa? It's an acronym for "Open Digital Evidence Search and Seizure Architecture"
The intent of this project is to provide a completely open and extensible suite of tools for performing digital evidence analysis as well as a means of generating a usable report detailing the analysis and any findings. The odessa tool suite currently represents more than 7 man years of labor, and consists of 3 highly modular cross-platform tools for the acquisition, analysis, and documentation of digital evidence.
Friday, May 30, 2003
Tuesday, May 27, 2003
Conducting a Security Audit: An Introductory Overview
The word "audit" can send shivers down the spine of the most battle-hardened executive. It means that an outside organization is going to conduct a formal written examination of one or more crucial components of the organization. Financial audits are the most common examinations a business manager encounters. This is a familiar area for most executives: they know that financial auditors are going to examine the financial records and how those records are used. They may even be familiar with physical security audits. However, they are unlikely to be acquainted with information security audits; that is, an audit of how the confidentiality, availability and integrity of an organization's information is assured. They should be. An information security audit is one of the best ways to determine the security of an organization's information without incurring the cost and other associated damages of a security incident.
The word "audit" can send shivers down the spine of the most battle-hardened executive. It means that an outside organization is going to conduct a formal written examination of one or more crucial components of the organization. Financial audits are the most common examinations a business manager encounters. This is a familiar area for most executives: they know that financial auditors are going to examine the financial records and how those records are used. They may even be familiar with physical security audits. However, they are unlikely to be acquainted with information security audits; that is, an audit of how the confidentiality, availability and integrity of an organization's information is assured. They should be. An information security audit is one of the best ways to determine the security of an organization's information without incurring the cost and other associated damages of a security incident.
ISECOM - Institute for Security and Open Methodologies
Security Testing
OSSTMM - Open Source Security Testing Methodology Manual
OSSTMM Shortcuts
Internal Security Testing
BSTA Workbook - Business Security Testing and Analysis Workbook
Application Security
SPSMM - Secure Programming Standards Methodology Manual
Theses
Security Tools
Operational Tools
Development
Open Protocol Resource
Security Training
JACK - Jack of all Trades Security Testing Training Supplement
OPST - OSSTMM Professional Security Tester Certification
OPSA - OSSTMM Professional Security Analyst Certification
OPSS - OSSTMM Professional Security Series
Hacker High School
Incident Handling
SIPES - Security Incident Pollicy Enforcement System
Business Integrity Testing
Software Quality Testing
STICK - Software Testing Checklist
Security Testing
OSSTMM - Open Source Security Testing Methodology Manual
OSSTMM Shortcuts
Internal Security Testing
BSTA Workbook - Business Security Testing and Analysis Workbook
Application Security
SPSMM - Secure Programming Standards Methodology Manual
Theses
Security Tools
Operational Tools
Development
Open Protocol Resource
Security Training
JACK - Jack of all Trades Security Testing Training Supplement
OPST - OSSTMM Professional Security Tester Certification
OPSA - OSSTMM Professional Security Analyst Certification
OPSS - OSSTMM Professional Security Series
Hacker High School
Incident Handling
SIPES - Security Incident Pollicy Enforcement System
Business Integrity Testing
Software Quality Testing
STICK - Software Testing Checklist
Subscribe to:
Posts (Atom)