Business Integrity Testing Methodology Manual (BIT)
The BIT (Business Integrity Testing) is a project to combine a penetration test with a quality audit. It is designed to help you find the potential for privacy abuses, theft, corruption, fraud, embezzlement, and other deceptive, illegal, or unethical practices in all business processes including accountancy, human resources, inventory, financial securities, and sales. This gives forewarning as to which processes have exploitable holes or a perpensity for corruption so you can make or change policies regarding those processes, limit access, redefine trust deliniations, or sufficiently protect yourself with the appropriate, additional controls as per the OSSTMM. As a broad audit which is based on quality assurance (i.e. ISO 9001) , it makes security analysis more efficient and assures it aligns immediately with business goals. Quality audits effectively and accurately break down business into processes and operations and identify the responsible and chain of custody within those operations. OSSTMM analysis is then applied to identify the explicitly defined, ten security controls within those processes.
The methodology in the BIT will allow for a microscopic look at a business process as well as the big picture to tie together a multitude of processes. Once these processes are analyzed for security and safety weaknesses, levels of risk for each weakness can be financially or conceptually determined for justification measures. BIT results can also be mapped back to COBIT, ISO 17799, and CMM levels. This allows BIT to be both an efficient and practical manner for testing the security of business process and a method for enhancing current audit methodologies.
Not yet available for download.
If you are interested in helping with this project please contact us.