In conjunction with my friend Rob Slade, I’m currently researching and writing about a broad range of information security frameworks. There is no shortage of them! Right now, I’m interested in ISECOM/Pete Herzog’s OSSTMM (Open Source Security Testing Methodology Manual) and the ISM3 Consortium/Vicente Aceituno Canal’s ISM3 (Information Security Management Maturity Model) frameworks but have lucked out on both of them this morning. I respect both Pete and Vicente for the stirling work they have done but the fact is that neither framework is freely available at the moment, despite the ‘open’ banner. OSSTMM version 3 is only available to ISECOM subscribers, while ISM3 has been pulled from the web pending its imminent transfer to The Open Group.
To be fair, we have to pay to get many other security frameworks such as ISO27k (the ISO/IEC 27000 series information security standards ), but thankfully not the excellent SP800-series security standards from NIST. NIST’s Special Publications are extremely well written and comprehensive, on the whole, and the series is actively maintained, meaning that older and less popular SP800s are updated and refreshed from time to time. That they are made available at no charge is a real plus point, especially for those of us with limited security budgets.
Gary HInson CISSP
mr white cvv free credit card dumps with pin 2019