This is a methodology to test the operational security of physical locations, human interactions, and all forms of communications such as wireless, wired, analog, and digital. Those who want to jump right into testing while using it may find the following quick-start information helpful.
Quick Start
To start making an OSSTMM test you will need to track what you test (the targets), how you test them (the parts of the targets tested and not the tools or techniques used), the types of controls discovered, and what you did not test (targets and parts of the targets). Then you may conduct the test as you are accustomed to with the objective of being able to answer the questions in the Security Test Audit Report (STAR) available at the end of this manual or as its own document. The STAR gives the specific test information on the state of the scope for the benefits of having a clear statement of the security metrics and details for comparisons with previous security tests or industry test averages. More details on the required information for the STAR is available throughout this manual and can be referenced as needed. As you may see, taking this approach means that very little time is required in addition to a standard test and the formalization of the report. It has been reported that this methodology actually reduces testing and reporting time due to the efficiencies introduced into the process. There should be no time or financial reason to avoid using the OSSTMM and no unreasonable restrictions are made to the tester.
Views: 16
