On Scalable Security Audit for Web Application According to ISO 27002

被引:0
|
作者
Bylica, Wojciech [1 ]
Ksiezopolski, Bogdan [1 ]
机构
[1] Marie Curie Sklodowska Univ, Inst Comp Sci, PL-20031 Lublin, Poland
来源
COMPUTER NETWORKS | 2011年 / 160卷
关键词
web application security; security audit; security standards; audit methodology; INFORMATION SECURITY;
D O I
暂无
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
The security audit is the process of checking compliance of the IT systems with information security managements system policy. The IT audit process according to full ISO 27002 standard is very complex issue. In this article we introduce the guidelines that point out which parts of ISO 27002 are selected for creating role based questionnaires which are used to check web application standard compliance. We present the process of formal questionnaire ordering method for web application security audit. The presented process scales security issues depending on the asset character.
引用
收藏
页码:289 / 297
页数:9
相关论文
共 50 条
  • [1] A Comparative Review of Cloud Security Proposals with ISO/IEC 27002
    Rebollo, Oscar
    Mellado, Daniel
    Fernandez-Medina, Eduardo
    [J]. WOSIS 2011: SECURITY IN INFORMATION SYSTEMS, 2011, : 3 - 12
  • [2] Mapping information security standard ISO 27002 to an ontological structure
    Fenz, Stefan
    Plieschnegger, Stefanie
    Hobel, Heidi
    [J]. INFORMATION AND COMPUTER SECURITY, 2016, 24 (05) : 452 - 473
  • [3] Modeling Dependencies of ISO/IEC 27002:2013 Security Controls
    Sengupta, Anirban
    [J]. SECURITY IN COMPUTING AND COMMUNICATIONS (SSCC 2015), 2015, 536 : 354 - 367
  • [4] An Expert System for Risk Assessment of Information System Security Based on ISO 27002
    Sihwi, Sari Widya
    Andriyanto, Ferry
    Anggrainingsih, Rini
    [J]. 2016 IEEE INTERNATIONAL CONFERENCE ON KNOWLEDGE ENGINEERING AND APPLICATIONS (ICKEA 2016), 2016, : 56 - 61
  • [5] Better Security Assessment Communication: Combining ISO 27002 Controls with UML Sequence Diagrams
    Fabien, Sechi
    Axel, Bjorn Gran
    Per-Arne, Jorgensen
    Oleh, Kilyukh
    [J]. 3RD INTERNATIONAL WORKSHOP ON ENGINEERING AND CYBERSECURITY OF CRITICAL SYSTEMS (ENCYCRIS 2022), 2022, : 49 - 56
  • [6] Business Model for the Security of a Large-Scale PACS, Compliance with ISO/27002:2013 Standard
    Josefina Gutiérrez-Martínez
    Marco Antonio Núñez-Gaona
    Heriberto Aguirre-Meneses
    [J]. Journal of Digital Imaging, 2015, 28 : 481 - 491
  • [7] Ontology-based information security compliance determination and control selection on the example of ISO 27002
    Fenz, Stefan
    Neubauer, Thomas
    [J]. INFORMATION AND COMPUTER SECURITY, 2018, 26 (05) : 551 - 567
  • [8] Business Model for the Security of a Large-Scale PACS, Compliance with ISO/27002:2013 Standard
    Gutierrez-Martinez, Josefina
    Antonio Nunez-Gaona, Marco
    Aguirre-Meneses, Heriberto
    [J]. JOURNAL OF DIGITAL IMAGING, 2015, 28 (04) : 481 - 491
  • [9] Toward an Effective Information Security Risk Management of Universities' Information Systems Using Multi Agent Systems, Itil, Iso 27002, Iso 27005
    Faris, S.
    Medromi, H.
    El Hasnaoui, S.
    Iguer, H.
    Sayouti, A.
    [J]. INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS, 2014, 5 (06) : 114 - 118
  • [10] An audit of laryngoscopes and application of a new ISO standard
    Baker, Paul A.
    McQuoid, Shane
    Thompson, John M. D.
    Jacobs, Robert J.
    [J]. PEDIATRIC ANESTHESIA, 2011, 21 (04) : 428 - 434
12345