|
Home > Archive > Security+ > November 2003 > Osstmm
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| rminicuc 2003-10-30, 4:40 pm |
| does anyone have info on this certification ?
And how does it compare with CEH an CISSP ?
I would like to go for OSSTMM, is it worth it ?
Thx in advance | |
| meijin 2003-10-30, 5:52 pm |
| I had never heard of it until now (which means nothing), but a quick Google search turned up some interesting links.
Might have some promise to it...not sure how widely known or accepted it is though...
Could not find anything on testing costs. The course costs don't seem out of line for the duration and subject matter.
My .02 | |
| jdmurray 2003-10-30, 8:11 pm |
| OSSTMM (Open Source Security Testing Methodology Manual) is a security testing methodology and not an actual certification. It is freely downloadable from http://www.ideahamster.org/projects/osstmm.htm.
ISECOM has three certifications, but they all seem to be based on training provided only by La Salle University of Barcelona, Spain. | |
| meijin 2003-10-30, 8:23 pm |
| Actually, they have training all over the US and La Salle is the one certifying the certifications. | |
| jdmurray 2003-10-31, 1:40 am |
| quote:
Originally posted by meijin
Actually, they have training all over the US and La Salle is the one certifying the certifications.
But it looks like you must go through their training program in order to qualify for aquiring their certs. That's like a college offering a "certification" for taking specific classes in their IT curriculum.
Rather than being vendor-specific these certs are institution-specific? Is La Salle University a major center of computer security R&D? If not, then why would their certs be worth obtaining? | |
| rminicuc 2003-10-31, 12:13 pm |
| Not necessarily in Barcelona, that refers to the test which have been "supervised" by that University.
In Italy there is an organization which offers the training, mediaservice.net, anyway I read somewhere this kind of certifications were requested in Canada, so I guessed someone might have more details than I have. | |
| robert_e_lee 2003-11-25, 1:40 pm |
| Greetings,
As Co-Chairman of the Board for ISECOM, I'd like to shed a little bit of light here. I'll quote from our latest press release:
The Open Source Security Testing Methodology Manual (OSSTMM) is an open standard method for performing security tests. Since it’s inception in January 2001, the OSSTMM has become the most widely used, peer-reviewed, comprehensive security testing methodology in existence. While other methodologies and “best practices” attack security testing from a 50,000 foot view, the OSSTMM focuses on the technical details of exactly which items need to be tested, what to do during a security test, and when different types of security tests should be performed. The OSSTMM provides testing methodologies for the following six security areas: Information Security, Process Security, Internet Technology Security, Communications Security, Wireless Security, and Physical Security.
ISECOM’s education courses feature training based on ISECOM’s Open Source Security Testing Methodology Manual (OSSTMM). The courses offered include the OSSTMM Professional Security Tester (OPST), and the OSSTMM Professional Security Analyst (OPSA). These certifications measure a student’s ability to perform or analyze a security test performed using the OSSTMM. To sign up for a course, consult the ISECOM training schedule: http://www.isecom.org/schedule.shtml, or contact your nearest ISECOM training partner: http://www.isecom.org/partners/training.shtml
ISECOM is basically a group of really smart security professionals who volunteer their time and efforts for the good of the community. We've created a number of openly developed freely distributed methodologies. The OPST/OPSA/OPSS courses are there to help people get the most out of our OSSTMM project and are delivered through our training partner network.
We have a world wide partner network delivering these certifications. The ISECOM OPSA certification was taught at last summers Las Vegas Black Hat. We are also working to extend these certification offerings at future industry conferences.
I hope this helps clear things up a bit. If not, please come join our mailing lists http://www.isecom.org/mailing.shtml and continue to ask questions there.
Sincerely,
Robert E. Lee
Co-Chairman of the Board, ISECOM |
|
|
|
|