A security analyst is tasked with using a methodology for testing the security of an organization's network as part of incident response preparation. This framework should provide the analyst with a comprehensive set of guidelines for ensuring transparency, reducing testing errors, and delivering actionable metrics. Which framework should the analyst apply?
MITRE ATT&CK framework
Diamond Model of Intrusion Analysis
OWASP Testing Guide
Open Source Security Testing Methodology Manual (OSSTMM)
The Open Source Security Testing Methodology Manual (OSSTMM) provides a comprehensive framework for security testing that emphasizes transparency, replicable results, and actionable metrics. It has been peer-reviewed and is widely recognized in the industry for those purposes. The other options do not serve the specific purpose of security testing methodology in the context of incident response as directly as the OSSTMM.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does OSSTMM stand for, and what are its key components?
Open an interactive chat with Bash
How does the OSSTMM ensure transparency and reduce testing errors?
Open an interactive chat with Bash
How does the OSSTMM differ from the MITRE ATT&CK framework?