I’ve been discussing the Institute for Security and Open Methodologies (http://www.isecom.org/) with my students and clients, with quite a bit of interest. Here’s a short list of links for further information.
The Open Source Security Testing Methodology Manual – http://www.isecom.org/osstmm/
This is the essential methodology handbook for ISECOM security practitioners, or from the horse’s mouth: “The OSSTMM is a formal methodology for breaking any security and attacking anything the most thorough way possible.”
An Introduction to OSSTMM Version 3, by Michael Menefee – https://www.infosecisland.com/blogview/7797-An-Introduction-to-OSSTMM-Version-3.html
Menefee, who based his security consultancy around the OSSTMM, gives us the short list of Key Concepts.
Implementing OSSTMM Strategies Creates Value, also by Michael Menefee – https://www.infosecisland.com/blogview/8340-Implementing-OSSTMM-Strategies-Creates-Value.html
Menefee’s interview with Christoph Baumgartner, CEO of OneConsult, a security firm using the OSSTMM: “Relying on the OSSTMM has been one of the most important strategic decisions of my professional life – and I have never regretted it.”
Healthcare Risk Assessment Essentials, by Jack Daniel – https://www.infosecisland.com/blogview/6937-Healthcare-Risk-Assessment-Essentials.html
The four-step process of Discovery, Assessment, Recommendation and Review.
Risk assessment tips for smaller companies, by Dejan Kosutic – https://www.infosecisland.com/blogview/4499-Risk-assessment-tips-for-smaller-companies.html
An interesting summary of four basic steps in assessment.
This is an excellent in-depth look at cyber hacking and security resources: http://www.cybersecurityeducation.org/resources/ by David Parker | CyberSecurityEducation.org