On Scalable Security Audit for Web Application According to ISO 27002

被引:0
|
作者
Bylica, Wojciech [1 ]
Ksiezopolski, Bogdan [1 ]
机构
[1] Marie Curie Sklodowska Univ, Inst Comp Sci, PL-20031 Lublin, Poland
来源
COMPUTER NETWORKS | 2011年 / 160卷
关键词
web application security; security audit; security standards; audit methodology; INFORMATION SECURITY;
D O I
暂无
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
The security audit is the process of checking compliance of the IT systems with information security managements system policy. The IT audit process according to full ISO 27002 standard is very complex issue. In this article we introduce the guidelines that point out which parts of ISO 27002 are selected for creating role based questionnaires which are used to check web application standard compliance. We present the process of formal questionnaire ordering method for web application security audit. The presented process scales security issues depending on the asset character.
引用
收藏
页码:289 / 297
页数:9
相关论文
共 50 条
  • [21] The Internal Audit of the Management Systems according to the New Edition of ISO 19011:2011
    Voinescu, Leonardo
    [J]. QUALITY-ACCESS TO SUCCESS, 2012, 13 (130): : 91 - 92
  • [22] Information Security Practices in Zambian Copper Mines: An Investigation Into the State-of-Practice of Information Security Within Zambian Copper Mines Based on the ISO/IEC 27002 Standard
    Lukwesa, Chishala
    Upfold, Christopher
    [J]. PROCEEDINGS OF THE 2ND INTERNATIONAL CONFERENCE ON INFORMATION MANAGEMENT AND EVALUATION, 2011, : 281 - 290
  • [23] Scalable Frameworks for Application Security and Data Protection
    Kabanov, Ilya
    [J]. GLOBAL SECURITY, SAFETY AND SUSTAINABILITY: THE SECURITY CHALLENGES OF THE CONNECTED WORLD, ICGS3 2017, 2016, 630 : 82 - 95
  • [24] A Review on Application Security Management Using Web Application Security Standards
    Phanindra, A. Rakesh
    Narasimha, V. B.
    PhaniKrishna, Ch, V
    [J]. SOFTWARE ENGINEERING (CSI 2015), 2019, 731 : 477 - 486
  • [25] A Study on Web Application Security and Detecting Security Vulnerabilities
    Kumar, Sandeep
    Mahajan, Renuka
    Kumar, Naresh
    Khatri, Sunil Kumar
    [J]. 2017 6TH INTERNATIONAL CONFERENCE ON RELIABILITY, INFOCOM TECHNOLOGIES AND OPTIMIZATION (TRENDS AND FUTURE DIRECTIONS) (ICRITO), 2017, : 451 - 455
  • [26] A Proposed Methodology for Cyber Security Mechanism according to the most popular detected attacks for University Web Application
    Kassem, Abdel Karim
    Al Hajjar, Abd El Salam
    Daya, Bassam
    Chauvet, Pierre
    [J]. PROCEEDINGS OF THE 2018 SECOND WORLD CONFERENCE ON SMART TRENDS IN SYSTEMS, SECURITY AND SUSTAINABILITY (WORLDS4), 2018, : 215 - 219
  • [27] Web Application Security: A Pragmatic Expose
    Aladi, Clement C.
    [J]. DIGITAL THREATS: RESEARCH AND PRACTICE, 2024, 5 (02):
  • [28] Web application security assessment tools
    Curphey, Mark
    Araujo, Rudolph
    [J]. IEEE SECURITY & PRIVACY, 2006, 4 (04) : 32 - 41
  • [29] A Novice Approach for Web Application Security
    Doshi, Jignesh
    Trivedi, Bhushan
    [J]. PROCEEDINGS OF INTERNATIONAL CONFERENCE ON COMMUNICATION AND NETWORKS, 2017, 508 : 1 - 9
  • [30] Open Web Application Security Project
    Dirk Fox
    [J]. Datenschutz und Datensicherheit - DuD, 2006, 30 (10) : 636 - 636
12345