What is Our Methodology?

What is Our Methodology?
FairCo’s methodologies are partially derived from the Open Source Security Testing Methodology Manual (“OSSTMM”) which is authored by the Institute For Security and Open Methodologies (“ISECOM”). OSSTMM is quickly gaining recognition as the de facto standard for security testing throughout the greater part of the security community.
			One benefit of the OSSTMM versus other methodologies is that it focuses on the technical 
			details of exactly which items need to be tested, what to do before testing, during testing, 
			after testing, and how to measure the results. This granular approach ensures that total 
			testing coverage is achieved during a security assessment. 
		
More specifically, the OSSTMM tests are divided into five sections which jointly check: information and data controls, personnel security awareness levels, fraud and social engineering control levels, computer and telecommunications networks, wireless devices, mobile devices, physical security access controls, security processes, and physical locations such as buildings, perimeters, and military bases.
Another important benefit of the OSSTMM is that it is under constant peer-review. Not only does this peer-review prevent OSSTMM from becoming stale like many proprietary methodologies, but it also ensures that the OSSTMM stays current with international best practices, laws and regulations. Peer-review is a major advantage that the OSSTMM has over most, if not all other security testing methodologies.
How does FairCo use the OSSTMM?
FairCo uses the OSSTMM to influence its own testing methodologies and to help keep its own testing methodologies current with international best practices, laws and regulations. More specifically FairCo focuses on section C of the OSSTM which is the “Internet Technology Security” section.
FairCo exceeds the requirements identified in the OSSTMM when offering professional security services. This is because FairCo’s methodologies are not only designed to meet Industry requirements, but are also designed to exceed them by offering specialized and advanced testing modules.