|
|
|
Methods
Our approach is geared to specific client needs and best practices.
Depending on requirements, we employ on-site (training, coaching,
workshops, interviews, etc.) and/or off-site techniques, using recognized
methods and standards such as the following:
General methods and conceptual tools
- HERMES (management and execution of projects in Information
and Communication Technologies (ICT))
- SWOT analysis
- Cost/benefit analysis
- Use value analysis
Methods and standards used in IT security / IT risk management
- ISO/IEC 27001 (BS 7799) and ISO/IEC
27002 (ISO/IEC 17799:2005)
- BSI IT Grundschutz (Baseline Protection) Manual (GSHB)
- OSSTMM
- BIT recommendations
- BS 25999-1:2006 (successor of PAS 56:2003)
OSSTMM - Open Source Security Testing Methodology Manual
In technical security
audits at the penetration
test quality level, we carry out the test in accordance with
the Open Source Security Testing Methodology Manual (OSSTMM). OneConsult is ISECOM
Licensed Auditor (ILA), Gold Level and ISECOM Partner (Accredited Trainer). Certification trainings for OPST, OPSA, OPSE and OWSE complete our education portfolio. Our Security Consultants
successfully completed far over a hundred of projects in accordance
with OSSTMM since 2002 - making OneConsult an OSSTMM pioneer and leading company
in the German language region.
 |
The Open Source Security Testing Methodology Manual (OSSTMM)
is a globally recognized methodology for planning and carrying
out security audits, evaluating and documenting the results,
and is continuously reviewed and expanded by experts. It was
developed by the Institute for Security and Open Methodologies
(ISECOM), which also coordinates its ongoing development.
Thanks to its comprehensive approach, the OSSTMM is increasingly
widely used and recognized.
|
The methodology is divided up into six parts (channels, sections)
covering the following areas:
- Information security
- Process security
- Internet technology security
- Communications security
- Wireless security
- Physical security
The OSSTMM defines:
- What needs to be tested, and how
- What needs to be done before, during and after tests
- How the results are to be evaluated and documented
The methodology is continually amended in line with international
best practices, legislation and ethical principles. The tests are
compatible with the passages in the common security standards and
regulations that relate to remote security testing (ISO/IEC 17799,
ISO/IEC 27001 (BS 7799), the IT Grundschutz (Basic Protection) Manual
(IT GSHB), the Sarbanes-Oxley Act (SOX), Basle II, ITIL, SET, etc.).
Members of our staff regularly publish articles on the OSSTMM
in the specialist media and gives lectures introducing
the OSSTMM. Specialist articles and presentations are available
as free downloads in our publications
area. Further information on the OSSTMM can also be found on
the ISECOM website.
Most projects involve documentation, which we compile in accordance
with our clients' wishes and requirements. If the context permits,
we use the OneConsult® Toolbox,
which also includes suitable reporting templates.
If you're interested in OneConsult and you'd like a no-obligation
consultation or more information, please contact
us.
Further information
|
 |
