NSA IAM... Security Assessment Methodology

This Tuesday and Wednesday I'll be attending a training session (held at my school) on the NSA's Infosec Assessment Methodology taught by Russ Rogers and Greg Miles of Security Horizon. The IAM is a vunerability assessment of an organization's security posture, and NOT a risk/threat assessmen. The IEM (Infosec Evaluation Methodology) and Red Teaming cover the actual penetration testing... the good stuff. But we'll see how this goes. I've read a couple chapters from Greg and Russ' book and already learned a lot about the contracting and pre-assessment phases. Should be interesting, I'll keep you all posted.

Posted by Marcin on Sunday, September 10, 2006 in School and Security.