Vulnerablity Assessment OSSTMM (OPSA)

What is OPSA?

The OSSTMM Professional Security Analyst (OPSA) is the internationally recognized professional certification for the safety analysis, in accordance with the ISECOM methodology OSSTMM. The achievement of the certification foresees a course of theoretical approach, complete with final exam in English (closed testmultiple choice). The OPSA certification provides a multilevel specialization of analytical cut. The professional who works in the field of security IT will be able to apply the knowledge thus acquired to the analysis of results, the management of the Red Teams and the selection of supplier’s withinsecurity checks.

Who should attend?

To be able to design an overall security strategy detailing specific d efense tactics based on system information, network information, security e scans, penetration test results, and usage.

The main professional profiles are:

• IT Security Managers
• Corporate Privacy Managers
• External consultants and internal Risk Analysis and Management teams
• Security Auditor, ISO / IEC 27001 Lead Auditor
• Senior Security Tester, Senior Security Consultant
• Security Staff of NOC and SOC
• System, Network & Security Administrator.

Learning Objectivies

The OPSA certification course splits into 4 days, one of which is dedicated to the final exam. During the course the contents outlined below:

• Rules of Engagement: Understand how to apply and manage the rules of engagement.
• Assessment: Learn the techniques to analyze and correlate items during an OSSTMM security test already from the stage their demarcation.
• Logistics: Understand how to find safety information incomplete, falsified or improperly classified, based on evidence and safety reports.
• Metrics: Learn the knowledge needed to calculate and measure protection elements and countermeasures according to methodology OSSTMM.
• Correlation: Understanding techniques for correlating information e to discern those legitimately extrapolated from those identified following the search for a given sample.
• Verification: Learn the skills needed to identify elements not eligible for sample, public information not provided as such and classify the sources from which they were extrapolated.
• Application: Understand how to analyze existing countermeasures or their absence, based on services, applications and protocols on the analysis of the reports and the audit logs.
• Reporting: To learn the necessary knowledge to classify the limitations of security and to complete the official STAR (Security Testing Audit Report) report.

Prerequirements

The prerequirements are:

• Medium knowledge of the TCP / IP suite and its main protocols
• Experience with basic systems security issues NIX and Windows
• Knowledge and understanding of network architectures
• Basic knowledge of the main TCP / IP services
• Basic knowledge of network security systems: routers, firewalls, IDS (Intrusion Detection System)