Press enter button on the keyboard computer Shield cyber Key lock security system abstract technology world digital link cyber security on hi tech Dark blue background, Enter password to log in. lock finger Keyboard

Open Source Security Testing Methodology Manual (OSSTMM)

What is OSSTMM?

The OSSTMM is about operational security. It is about knowing and measuring how well security works. This methodology will tell you if what you have does what you want it to do and not just what you were told it does.

What you get from utilizing OSSTMM is a deep understanding of the interconnectedness of things. The people, processes, systems, and software all have some type of relationship. This interconnectedness requires interactions. Some interactions are passive and some are not. Some interactions are symbiotic while others are parasitic. Some interactions are controlled by one side of the relationship while others are controlled by both. We may try to control what we can’t trust but even then some controls are flawed or superfluous, which is harmful to at least one side of the relationship, if not both. What we want is that our controls balance perfectly with the interactions we want or need. So when we test operations we get the big picture of all our relationships, coming and going. We get to see the interconnectedness of the operations in fine detail and we get to map out what makes us, our business, and our operations what they are and can be.

Why test operations? Unfortunately, not everything works as configured. Not everyone behaves as trained. Additionally, more and more things are built from pre-fabricated constructs of materials, or source code from pre-defined libraries, or as in the case for training people, from pre-existing experiences. The new builders are only aware of what they put together and not how the pre-fabricated parts work in a new environment with new variables and in new ways. Therefore the truth of configuration and training is in the resulting operations. Nothing can tell us more about how we can fulfill objectives or follow a strategic vision than how we do what we are doing now. And that knowledge allows us to control what interactions we want. That’s why we need to test operations.

Contact us to begin with first step

Certified OSSTMM training courses available.

If you are eager to take your expertise one step further, SSC offers the right training for you. Acquire more knowledge about OSSTMM through the training course. Find below the training that best suits you.

[tab_menu id=”OSSTMM”]