Member Avatar for publicsource

Hey guys,

I'm working on an interesting project at uni and to give you a quick run down the idea is to search the internet for information about a certain company which could then be put together in a series of theoretical attacks against their IT systems. They could be social or technical and before you ask yes the company is aware i'm doing this so there's no legal issues haha! They want a report on my results so its basically an audit. I'll be looking for things like what software is used and version numbers, hardware specs, network details if i can find any etc.. Currently i'm designing a database to house all the information found from the searches.

What i'm struggling with at the moment is how to classify the data into categories. I want to be able to maximize the usefulness of the database and make it easy to recall information. Do you guys have any suggestions on classifications? Or where i can look for similar projects to see how others have done it? Any input would be greatly appreciated!

  • 2 Contributors
  • 1 Reply
  • 107 Views
  • 6 Days Discussion Span
  • Latest Post Latest Post by davidchilders
Member Avatar for davidchilders

The only document that I am familiar with is the PCI data audit guide. It's supposed to relate to cardholder data, but the audit covers really good basic security details.

Maybe you could look at the organization of the audit elements to help focus your organization of the data you're gathering.

Hope this helps.

https://www.pcisecuritystandards.org/pdfs/pci_audit_procedures_v1-1.pdf

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.