Open Source Security Testing Methodology Manual (OSSTMM)

A video walk-through and explanation of the new security testing
methodology, OSSTMM 3, is now available online. It was film during
Pete's presentation at the University of Bern. The video was produced
and created by Dreamlab (www.dreamlab.net <http://www.dreamlab.net/>
).

The video covers a walk-through of the most important factors of
OSSTMM 3 and a little bit about aluminum foil hats. So if you are
interested in the new methodology, completely re-written and
re-structured from the ground up, check out the video.

The full OSSTMM 3 will still be released publicly and for free as
soon as we can get it out but all development has completed for this
version and only editing of the document is left. We hope to make
this the easiest and most beneficial OSSTMM to use for everyone. We
want a manual professionals can use but also to give to their clients
as something very readable and informative.

See all the details at:

http://www.cccure.org/modules.php?name=News&file=article&sid=1241

Security University NSA CNSS Certified Training Programs

The NSA's (IACE) Committee has certified Security University's
classes CNSS approved (Committee on National Security Systems) for
4011 and 4016.

Only Security University provides NSA CNSS approved Q/ISP, QSA/ QPTL,
QSH, QEP, QFE, Q/WAD, Q/SSE, and CWNA, CWSP classes. Making the SU
Qualified Credentials top of the list to satisfy the 8570 workforce
training and continuing education C1.4.4.13 requirement.

The Information Assurance Courseware Evaluation (IACE) Program
implements a process to systematically assess the degree to which the
courseware from commercial, government, and academic sources maps to
the national standards
<http://www.nsa.gov/ia/academia/cnsstesstandards.cfm>
 set by the Committee on National Security Systems (CNSS)
<http://www.cnss.gov/>
.

The IACE Program is currently managed by the National Information
Assurance Education and Training Program Office within the
Information Assurance Directorate at NSA. The goal of the IACE
Program is to expand the use of national standards in information
assurance education and training throughout the nation. These
standards were developed for the government, but have been kept
unclassified to share with the greater IA community.

 Public classes are listed at SecurityUniversity.net
<http://www.securityuniversity.net/>

IACE information

What is"CNSS"?

The Information Assurance Courseware Evaluation (IACE) Program
implements a process to systematically assess the degree to which the
courseware from commercial, government, and academic sources maps to
the national standards set by the Committee on National Security
Systems (CNSS) .

The IACE Program is currently managed by the National Information
Assurance Education and Training Program Office within the
Information Assurance Directorate at NSA. The goal of the IACE
Program is to expand the use of national standards in information
assurance education and training throughout the nation. These
standards were developed for the government, but have been kept
unclassified to share with the greater IA community.

The National Centers of Academic Excellence in Information Assurance
Education Program is an outreach program designed and operated
initially by the National Security Agency (NSA) in the spirit of
Presidential Decision Directive 63, (
http://www.usdoj.gov/criminal/cybercrime/white_pr.htm
 ) National Policy on Critical Infrastructure Protection, May 1998.
The program is now jointly sponsored by the NSA and the Department of
Homeland Security (DHS) in support of the President's National
Strategy to Secure Cyberspace, February 2003. The goal of the program
is to reduce vulnerability in our national information infrastructure
by promoting higher education in information assurance (IA), and
producing a growing number of professionals with IA expertise in
various disciplines. See
http://www.nsa.gov/ia/academia/acade00001.cfm
 for details on the program, criteria, and process, as well as a list
of the prestigious universities designated as National Centers of
Academic Excellence in Information Assurance Education.

Newly designated and re-designated National Centers of Academic
Excellence in Information Assurance Education are recognized in a
formal presentation during the annual Conference of the Colloquium
for Information Systems Security Education. The colloquium conference
provides a forum for key officials in government, industry, and
academia to focus on current and emerging requirements in Information
Assurance education, and to encourage the development and expansion of
curricula, especially at the graduate and undergraduate levels. The
Secretary of Defense and the Director of Central Intelligence are
responsible for developing and overseeing the implementation of
government-wide policies, principles, standards and guidelines for
the security of systems with national security information.

Public classes are listed at SecurityUniversity.net
<http://www.securityuniversity.net/>

call SU for on-site classes 203.357.7744.

Qualified Training, Qualified Results

Sondra J. Schneider
Founder & CEO, Security University
109 Weed Ave
Stamford CT 06902
work 203.357.7744
cell 203.249.8364
www.securityuniversity.net <http://www.securityuniversity.net/