- About Goa'15
- Schedule
- Venue
- Speakers
- Training
- CFP
- Recreation
- Blackshield Awards
- CTF
- Sponsors
- Exhibition
- Job Fair
- CXO Track
- Bugbash
- Goa'15
- Training
- Audit +++
Trainer Name: Joerg Simon
Title: Audit +++
Duration: 2 Days
Date: 4th and 5th February 2015
Overview
When it comes down to Information - Security, have you ever felt the need to stay unbiased and to stay out of the Compliance and Risk business or vice-versa if you are a Compliance - or Risk - Manager do you really understand the technical findings that you get from your testers?
Have you ever wondered if there is a better way to measure security and trusts, other than with threat-models?
Have you ever thought that just "capture the flag" might not be enough as a Security Test Result?
Are your unsatisfied by the security - solution industry?
As a brilliant technical mind, do you want to learn how to report technical findings in a way that management understands?
As a Security Manager, do you want to learn what you should demand from future Security-Tests and how to calculate the benefits from your Security-Projects?
This Training will give you answers and fits for all types of security professionals - the Security Tester as well as the Information Security Officer. Every lesson provides two kinds of exercises you can choose from whether technical or non-technical.
Certification Exam Available
Special offer only for nullcon - ISECOM, the creators and maintainers of the OSSTMM will provide the OPSE certification exam, OSSTMM Professional Security Expert with an discount of more than 60% - Special price of $199 for anyone who takes this training.
Get more details on it at www.opse.org
Topics covered
Security Test Demands and Standards in the International Enterprise
- State of Security Test Compliance in the Enterprise
- ISO and why it does not work for Security Tests & Research
- Compliance Killer an Intro to alternate, new Methods and Standards
- Exercises to compare methods and to think out of the box
What to expect?
- You will learn what Enterprises use in their organizations, how they implement IT - Security and Compliance - Why and where they fail and where they benefit from Compliance and Standards.
- You learn where you benefit from supporting methods like the OSSTMM, OpenDeem and others to enhance the Security Management Lifecycle in your Enterprise Organizations
Fedora Security Lab (FSL) as a Security Test Platform
- Intro to the platform
- Hand on Exercises
- Fedora Security Test Bench
- Setting up the Platform (hands-on)
What to expect?
- You will learn how to handle FSL as one possible test - platform and to set up the test-environment based on Fedora Security Test Bench.
The Open Source Security Test Methodology Manual (OSSTMM)
- The OSSTMM Testing Steps
- Pre-Test(Sales & Marketing, Pre-Assessment), Contracts & Testplan, Legislation & Ethics, Testing and Limits, Report
- Lessons learned from Exercises 1 and 2
- Security Channels
- Induction - deep dive + exercises
- Inquest - deep dive + exercises
- Interaction - deep dive + exercises
- Intervention - deep dive + exercises exercise along the 4point process
- The Risk Assessment Values
- OSSTMM Risk Assessment Value vs Thread Modeling
- Deep Dive + Analysis according to the OSSTMM RAV
- Hacking Trust
- Trust-Analysis and Trust-Verification
Insider - Preview to the OSSTMM 4!
What to expect?
- This teaching get's you started with the international de - facto Standard for Security Tests, the OSSTMM. Learn your way around the most important parts of the OSSTMM and how you can use it to improve your work as a Penetration Tester and how it helps the Security - Manager as a catalyst to keep the Information Security Management going.
OpenDeem as a part of the Fedora Security Lab (this fast - track is given by the creator of Open Deem, Marcel Reifenberger)
- Introduction to Open Dynamic Efficiency Evaluation Methodology as a Method and Metric to calculate the financial value/risk of a project or any activity where financial risks is involved.
- Excersizes on the Metric
What to expect?
- Learn how to identify the maximum justified investment limit and how to quantify the efficiency of your Security - Projects.
Skill and knowledge required
Technical or non - technical Security Professional, does not really matter
- be willing to think out of the box and do some mind - twisting new stuff.
Prepare yourself with
http://www.isecom.org/research/osstmm.htmlIf you want to take the exam you might want to focus on:
http://www.isecom.org/certification/opse.htmlTechnical folks might want to visit
https://fedorahosted.org/security-spin/What not to expect?
- Pure technical hands - on training.
- The boring Standard&Guidelines Theory.
- Printed Books and Handouts.
What you will need to bring
a current Laptop which is able to boot FSL from USB - Key Pen and Paper might help as well
About the Trainer
Joerg Simon is an active contributor to various Open Source Projects. You can see results of his work as a ISECOM team - member, where he created the OSSTMM - Lab as a platform for teaching security - and within the Fedora-Project, where he works on Security Test Applications like dsniff, unicornscan or others. He maintains the official Fedora-Security - Spin and left his traces as the former FAmSCo Chair and a member of the Fedora Board. He is in charge at HIC AG on Audit - Services, Research and Development.