Module 1 Flashcards

1
Q

OSSTMM

A

Open Source Security Testing Methodology Manual. Maintained by ISECOM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

ISECOM

A

Institute for Security and Open Methodologies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

OSSTMM Legislative Compliance

A

Deals with government regulations (Such as SOX and HIPAA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

OSSTMM Contractual Compliance

A

Deals with industry / group requirement (Such as PCI DSS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

OSSTMM Standards Based Compliance

A

Deals with practices that must be followed by members of a given group/organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

OSSTMM Class A - Interactive Controls

A

Authentication - Provides for identification and authorization based on credentials
Indemnification - Provided contractual protection against loss or damages
Subjugation - Ensures that interactions occur according to processes defined by the asset owner
Continuity - Maintains interactivity with assets if corruption of failure occurs
Resilience - Protects assets from corruption and failure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

OSSTMM Class B - Process Controls

A

Non-repudiation - Prevents participants from denying its actions
Confidentiality - Ensures that only participants know of an asset
Privacy - Ensures that only participants have access to the asset
Integrity - Ensures that only participants know when assets and processes change
Alarm - Notifies participants when interactions occur

How well did you know this?
1
Not at all
2
3
4
5
Perfectly