OSSTMM (Open Source Security Testing Methodology Manual) is a scientific security testing methodology that quantitatively measures risk and provides objective metrics for operational security.
OSSTMM is developed by ISECOM (Institute for Security and Open Methodologies) and represents the most rigorous security testing methodology. Unlike other frameworks, OSSTMM is based on scientific principles and provides quantitative metrics: RAV (Risk Assessment Values), operational security score, protection grades. OSSTMM tests 5 channels: Human Security, Physical Security, Wireless Security, Telecommunications Security, Data Networks Security.
MICAN.ro uses OSSTMM for comprehensive security audits that require quantitative metrics for risk management. We test all 5 channels according to OSSTMM methodology and calculate RAV (Risk Assessment Values) for each channel. We deliver operational security score that can be compared over time (re-testing) or industry benchmarking. OSSTMM is recommended for companies in Romania wanting a scientific approach and objective metrics for security.
OSSTMM is the only methodology that provides scientific and repeatable metrics for security. Companies in Romania can use OSSTMM scores for: competitor benchmarking, justifying security investments to the board, measuring progress over time, compliance with standards requiring quantitative metrics. OSSTMM is recognized by professional certifications (OPST, OPSA) and international auditors.