The security controls defined by OWISAM are all those technical checks should be carried out to analyze the security risk of an organization through the use of Wi-Fi infrastructure.
The absence of a defined and deployed corporate network does not exempt from the risk, because the presence of devices with Wi-Fi capabilities is sufficient by itself to create potential security holes.
The security controls have been structured in 10 well differentiated sections:
|1||OWISAM-DI||Discovering devices||Gathering information about Wi-Fi networks|
|2||OWISAM-FP||Fingerprinting||Analysis of the functionality of communication devices.|
|3||OWISAM-AU||Tests over authentication||Analysis of the authentication mechanisms|
|4||OWISAM-CP||Encrypting communications||Analysis of the mechanisms of information cryptographic.|
|5||OWISAM-CF||Platform configuration||Verifying the network configuration|
|6||OWISAM-IF||Tests the infrastructure||Security controls on Wi-Fi Infrastructure|
|7||OWISAM-DS||Denial of Service Testing||Controls designed to verify the availability of the environment|
|8||OWISAM-GD||Tests on directives and regulations||Analysis of regulatory issues that apply to the use of Wi-Fi networks|
|9||OWISAM-CT||Tests on Wi-Fi clients||Attacks on Wi-Fi clients|
|10||OWISAM-HS||Tests on hostspots and captive portals||Weaknesses affecting the use of captive portals.|
Both controls and contents are likely to be modified over time, depending on the Wi-Fi risks evolution.