NSA IAM… Security Assessment Methodology
This Tuesday and Wednesday I’ll be attending a training session (held at my school) on the NSA’s Infosec Assessment Methodology taught by Russ Rogers and Greg Miles of Security Horizon. The IAM is a vunerability assessment of an organization’s security posture, and NOT a risk/threat assessmen. The IEM (Infosec Evaluation Methodology) and Red Teaming cover the actual penetration testing…� the good stuff.� But we’ll see how this goes. I’ve read a couple chapters from Greg and Russ’ book and already learned a lot about the contracting and pre-assessment phases.� Should be interesting, I’ll keep you all posted.
[…] This semester, I am taking the IEM as part of a class that will be assigned to evaluate my university’s network security. Last semester, I was a team leader in an IAM, an assessment of my school’s organizational information security. The IAM is two full days, as well as the IEM. I am taking classes through Security Horizon, co-founded by Russ Rogers and Greg Miles, who wrote the books on NSA IAM and NSA IEM. […]