MRL WikiMain Page | About | Help | FAQ | Special pages | Log in


Printable version | Disclaimers | Privacy policy

OSSTMM

From MRL Wiki


Open Source Security Testing Methodology Manual (OSSTMM) is a security evaluation methodology geared toward the needs of auditors and penetration testers. It provides a clear methodology for calculating security metrics (Risk Assessment Values) to illustrate the state of security.

Contents

[edit] Security Map

OSSTMM defines The Security Map which is a visual representation of six different types of security tests distinguished in the methodology. The six sections are:

[edit] Sections

Each section is further subdivided into modules representing the flow of the methodology from one security presence point to the other. For example, section Physical Security contains the following modules:

[edit] Modules

Each module contains specific tasks that should be performed to evaluate the security of each individual module. According to the methodology, all modules have input (information used in performing each task) and output (intelligence gathered). However, under certain conditions modules may not produce any output at all such as the case where the module is not applicable. For example, module Perimeter Review contains the following tasks:

[edit] Security Metrics

The metrics themselves are collected during the testing process where various variables are recorded and later used in the final calculation of Actual Security Risk Assessment Value (RAV) which is the overall security score.

Scope is defined as the number of items that need to be tested from a given vantage point.

There are three different classes of variables used in calculation of Actual Security RAV:

[edit] Operational Security

Operational Security (OPSEC) is the measurement of visibility, trust and access from the scope:

[edit] Controls

[edit] Limitations

[edit] Actual Security

[edit] See Also

[edit] External Links

Retrieved from "http://midnightresearch.com/wiki/index.php/OSSTMM"

This page has been accessed 3,781 times. This page was last modified on 21 June 2007, at 21:48.


Find

Browse
Main Page
Community portal
Current events
Recent changes
Random page
Help
Edit
Edit this page
Editing help
This page
Discuss this page
New section
Printable version
Context
Page history
What links here
Related changes
My pages
Log in / create account
Special pages
New pages
File list
Statistics
Moreā€¦