OSSTMM is a methodology for testing and measuring operational information security.
The OSSTMM is developed by the Institute for Security and Open Methodologies - ISECOM, whose co-director is Pete Herzog. Pete’s mission as creator and writer of the OSSTMM - as I understand it - is to bring a more scientific approach to infosec.
In a security test (or penetration test) you don’t want to evaluate the ingeniousness of the tester (whitehat hacker) but rather the security of your information technology infrastructure. You don’t want to deal with biased terms like “risk” but rather measure factual operational security.
Risk is not something to measure but something you decide for yourself.
It’s biased. A tester should not give me a biased view but rather a reproducible and comprehensive view of factual operational security.
I have these and those systems that run services x,y,z of which some might have vulnerabilities or not and I have security controls in place or not. Maybe the controls themselves have limitations (weaknesses or concerns) that reduce their effect, or not. The OSSTMMv3 takes into account all of these aspects.
Whether or not the remaining risk is acceptable for my own business is not something that a penetration tester or consultant could decide for me.
I have not yet read the whole manual in the current version but there are certainly many points that need further discussion or clarification.
But one thing is sure: the OSSTMM version 3 is the best, most complete, least biased security testing methodology we have today and since the ISO apparently considers the OSSTMM for a new ISO standard, this methodology will most probably be here to stay and evolve.
34 comments:
Numerous appreciate it a fantastic deal.
Thanks for the help, I learned a lot. If anyone else is truggling I found these
Php Tutorials to be very useful.
File covered your home by using responsibility making sure that you are able to the blog website!
once more specialist dispersed surf via. Love experienced footballer dispersion.I favor them.
I want to The following particular Infomation.
You're culpability a fabulous striking blog post onto your webpage, chap. I display happened to be for all time a bookworm on your web page.
For that reason fascinating! Appreciate it.
boa noite examinei imenso a tua página, estás de parabéns!
Continua o bom trabalho
Once the other furnished by the particular dudes is incredibly very helpful on behalf of united states, Thanks to assist you to alllllll ….
truly this valuable is truly a decent internet best wishes cheers management great post super messege
We give rise to appearance on behalf of this type of report regarding your endured age group, credit rating a share.
Fairly valuable uninterruptedly in addition to whenever i cause discovered the software about the component of one's different continuous days credit scores some sort of fantastic bargain associated with.
When i i never thought I would trust the following opinion but yet We're beginning to determine points different.
Bom dia, visualizei a tua web page e simpatizei tanto,acho que estás a trabalhar muito bem!
Parabéns com o bom trabalho!
Fiquem bem
Thanks for this useful publish! Please continue to keep it coming. Regards.
I’ve turn out to be a devoted admirer of the website for some time but not actually supplied just one thing back, I hope to alter that within the future with more conversation.Thanks for another new addition to the internet website.
With thanks for an excellent submit
Sounds like a great product. It would probably be a great gift for grandma at Christmas time
Cool post! How much stuff did you have to look up in order to write this one? I can tell you put some work in.
Many thanks for the article. I will have a link back to this information from our fresh blog. Thanks again.
Took me time to read all the comments, but I really enjoyed the article. It proved to be Very helpful to me and I am sure to all the commenters here! It’s always nice when you can not only be informed, but also entertained! I’m sure you had fun writing this article.
We're a message probability. Consumer credit score!
Great article, lots of smart tips. I am going to show my buddies and ask them what they think.
Someone I work with visits your blog frequently and recommended it to me to read too. The writing style is great and the content is top-notch. Thanks for the insight you provide the readers!
Many thanks for the article. I will have a link back to this information from our fresh blog. Thanks again.
An unusually inspiring write-up. Bar-b-que. Rather motivating!! Go off to be of assistance approach
Especially heat write-up in which personal may presume re also.
Hey…thanks for that. Fantastic content. I’ll be coming back soon for more news. Cheers!
I just truly recognize the value of everything you document.
Exceptionally comfy write-up which individuals may expect re.
I am looking forward to looked over way more of your current well written articles, have a pleasant day!
Truly great put up!
Hey, I attempted to email you about this article that i’ve a few inquires, but can’t seem to reach you. Please email me when have a minute. Thanks.
Thanks to all of you you can reach me at abhishekanand1984@gmail.com or can give me a call at +91-7738598477..
Thanks once more
Post a Comment