. 1. There are THREE methods of evaluating risks, please STATE them and briefly describe each method giving pros and cons of each.
2. The Information Systems Security Assessment Framework is broken down into ‘phases’.
Please state the title of these Phases and describe what is required at each phase.
3. The Open Source Security Testing Methodology Manual (OSSTMM) is another framework broken into ‘Phases’ or ‘Modules’.
Please state and describe (in your own words) each section of this frame work.
4. Arguably the most important step in any penetration test, information gathering is broken down into TWO methods.
Please state and describe (in your own words WITH examples) the two methods of information gathering used today.