OSSTMMPerimeter ..?

Just a note; was struck by the OSSTMM approach towards the structure of infrastructure. [Disclaimer] though I am quite a fan of the OSSTMM approach (and do want to write up tons of whitepapers linking it with my ideas for moving forward in the InfoSec field without having to revert to #ditchcyber bla), I feel there’s a snag in it:
The analysis part seems to still take a perimetered, though onion, approach. The Defense in Breath is there, for sure, but still the main (sic) focus is on the primary axis of the access path(s). Does this still work with the clouds out there and all, focused as they are on principalled agnostics on where your data and ‘systems’ might hang out?

OK yes now I will go study the OSSTMM materials in depth to see whether this is just my impression and I’m proven horribly wrong, or …

So i’ll leave you with:
DSCN3689
[Hardly a street, next to Yonge]

Advertisements

About maverisk

Maverisk Consultancy, IS Audit and Advisory services: Wikinomics meets governance and audit; otherwise, see my personal LinkedIn profile
This entry was posted in ERM, GRC, Information Risk Management, Information Security, Innovation (technologicallly driven) and tagged , , , , , . Bookmark the permalink.

2 Responses to OSSTMMPerimeter ..?

  1. pete herzog says:

    I’d be happy to put you on the OSSTMM research list where you can ask in-depth things like this or suggest new things 🙂 Drop me an e-mail!

    • maverisk says:

      I’d be happy to contribute! Would be with fits and starts, but am interested to advocate OSSTMM as *the* tool for bottom-up InfoSec in stead of the mehhhh of ISO27k1 (although the new version is an improvement, ‘upward’ in the business hierarchy), CObIT et al., that in my opinion are bureacrats’ busywork [disclaimer: I am (was!?) one…]. When at the shop floor, things are done right (e.e., with help of OSSTMM), who needs heaps and stacks of processprocedureworkflowmicromanagers ..?

Your comments are welcomed!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s