The report talks about the internal testing methods OSSTMM and PTES. The report explains that how OSSTMM and PTES play a significant role in internal testing, operational security testing, and business testing. It also explains the various penetration testing methods. Open source security methodology manual and penetration testing execution standard are the important method of penetration testing. These techniques solve various issues of the system and analyze and evaluate the data and provide an effective solution.
OSSTMM (open source security testing methodology manual) plays a vital role in internal testing. It is the method and technique to test and analyze the operational security and precautions of physical unit, individual security testing, workflow, physical security testing, telecommunication security testing, wireless security analysis, and data network security assessment and compliance rules and regulations. It is not a risk assessment methodology. It refers to the collection and analysis of data to produce enough results and outcomes for providing support to risk decisions. It measures and evaluates the state of operational security and safety so that decisions can be taken on the behalf of scientific data (Ghazouani, Faris, Medromi & Sayouti, 2014). It is also called as threat analysis technique. It also measures and evaluates the progress and development of the security operation of any association. The open source security testing methodology manual includes the following things.
PTES: Penetration testing execution standard (PTES) includes the seven phases; they are intelligence, brainpower gathering, Threat modeling, pre engagement communications and interactions, vulnerability analysis and examination, exploitation, reporting and post exploitation. Penetration testing execution standard explains and analyzes the techniques, tools, and methods of a pre engagement of penetration test (Knowles, Baron & McGarr, 2016). It includes the important questions which must be answered before a test starts. The penetration testing methods should not be a stimulating and confrontational. It should identify and analyze the business and management risk. Instead of a simple process, technique and methodology, the penetration testing execution standard also provides the recommended testing tools, techniques, and rationale of testing tools. In this way, it plays a significant role in the internal testing of the management. It is also known as hackers, white hat and ethical testing method. It provides guidelines and information to customers related the testing. The penetration testing phases are showing in below diagram.
(Source: Knowles, Baron & McGarr, 2016)
PTES provides both security and business services to services providers with an ordinary language and it also provides scope for performing dissemination and penetration. On the other hand, OSSTMM does not provide information about the business services; it is only the method of operational security testing. OSSTMM is good for general and common security testing but it does not provide a specific and explicit reference of the testing. OSSTMM also includes the security test audit report and operational security matrix but PTES does not include the operational security matrix. Now it is assumed that OSSTMM and penetration testing execution standard methodology play a significant role in the internal testing of management (Allen, Heriyanto & Ali, 2014).
Open source security testing methodology manual and penetration testing execution standard methods play a vital role in the internal testing of management. OSSTMM and PTES should improve the tools and techniques of testing. Open source security testing methodology should also include the business security testing and PTES should include the operational security matrix to analyze and identify the data and internal management of the organization. In this way, these tools and techniques will become more efficient and effective in future.
Conclusion
Now it is concluded that open source security methodology manual and penetration testing execution standard are the important tools and techniques of operational, business security matrix and internal testing of the organization. The management should more focus on these tools and techniques to resolve the problems and issues. Both the techniques should use the effective key concepts and methodologies for internal testing.
References
Allen, L., Heriyanto, T., & Ali, S. (2014). Kali Linux–Assuring Security by Penetration Testing. Packt Publishing Ltd.
Dinis, B., & Serrão, C. (2014). Using PTES and open-source tools as a way to conduct external footprinting security assessments for intelligence gathering. Journal of Internet Technology and Secured Transactions (JITST), (3/4), 271-279.
Ghazouani, M., Faris, S., Medromi, H., & Sayouti, A. (2014). Information Security Risk Assessment–A Practical Approach with a Mathematical Formulation of Risk. International Journal of Computer Applications, 103(8).
Knowles, W., Baron, A., & McGarr, T. (2016). The simulated security assessment ecosystem: Does penetration testing need standardisation?. Computers & Security, 62, 296-316.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download