Module 1 Flashcards
OSSTMM
Open Source Security Testing Methodology Manual. Maintained by ISECOM.
ISECOM
Institute for Security and Open Methodologies
OSSTMM Legislative Compliance
Deals with government regulations (Such as SOX and HIPAA)
OSSTMM Contractual Compliance
Deals with industry / group requirement (Such as PCI DSS)
OSSTMM Standards Based Compliance
Deals with practices that must be followed by members of a given group/organization
OSSTMM Class A - Interactive Controls
Authentication - Provides for identification and authorization based on credentials
Indemnification - Provided contractual protection against loss or damages
Subjugation - Ensures that interactions occur according to processes defined by the asset owner
Continuity - Maintains interactivity with assets if corruption of failure occurs
Resilience - Protects assets from corruption and failure
OSSTMM Class B - Process Controls
Non-repudiation - Prevents participants from denying its actions
Confidentiality - Ensures that only participants know of an asset
Privacy - Ensures that only participants have access to the asset
Integrity - Ensures that only participants know when assets and processes change
Alarm - Notifies participants when interactions occur