What are the three types of compliance that the Open Source Security Testing Methodology Manual (OSSTMM) recognizes?

– by 2

What are the three types of compliance that the Open Source Security Testing Methodology Manual (OSSTMM) recognizes?
A. Legal, performance, audit
B. Audit, standards based, regulatory
C. Contractual, regulatory, industry
D. Legislative, contractual, standards based

EC-Council Certified Ethical Hacker v11

Free dumps for 312-50v11 in Printable PDF format.

High quality PDF and software. VALID exam to help you pass.

Download Printable PDF. VALID exam to help you PASS.

2 thoughts on “What are the three types of compliance that the Open Source Security Testing Methodology Manual (OSSTMM) recognizes?

  1. The OSSTMM recognizes three types of compliance:
    1. Legislative. Compliance with legislation is in accordance to the region where the legislation can be
    enforced. The strength and commitment to the legislation comes from previously successful legal
    arguments and appropriately set and just enforcement measures. Failure to comply with legislation may
    lead to criminal charges. Examples are Sarbanes-Oxley, HIPAA, and the various Data Protection and
    Privacy legislation.
    2. Contractual. Compliance to contractual requirements are in accordance to the industry or within the
    group that requires the contract and may take action to enforce compliance. Failure to comply with
    contractual requirements often leads to dismissal from the group, a loss of privileges, loss of reputation,
    civil charges, and in some cases where legislation exists to support the regulatory body, criminal charges.
    An example is the payment card industry data security standard (PCI DSS) promoted and required by
    VISA and MasterCard.
    3. Standards based. Compliance to standards is in accordance with the business or organization where
    the compliance to standards is enforced as policy. Failure to comply with standards often leads to
    dismissal from the organization, a loss of privileges, a loss of reputation or brand trust, civil charges, and in
    some cases where legislation exists to support the policy makers, criminal charges. Examples are the
    OSSTMM, ISO 27001/5, and ITIL.

    So, the answer is D

    Reply

  2. Legislative – deals with governmental regulations.
    Contractual – deals with requirements that are enforced by an industry or group. PCI-DDs is an example.
    Standards-based – deals with practices that are recommended and must be certified by and organization or group.

    2
    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.