Abstract
The security audit is the process of checking compliance of the IT systems with information security managements system policy. The IT audit process according to full ISO 27002 standard is very complex issue. In this article we introduce the guidelines that point out which parts of ISO 27002 are selected for creating role based questionnaires which are used to check web application standard compliance. We present the process of formal questionnaire ordering method for web application security audit. The presented process scales security issues depending on the asset character.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Web Application Security Trends Report Q1-Q2 (2009), http://www.cenzic.com/downloads/Cenzic_AppSecTrends_Q1-Q2-2009.pdf
Chau, J.: Application security – it all starts from here. In: Computer Fraud and Security, pp.7–9 (June 2006)
Morgan, D.: Network Network security and custom Web applications. Security 2000(4), 15–17 (2004)
Ritchie, P: The security risks of AJAX/web 2.0 applications. Network and Security (March 2007)
Ollmann, G.: Application Security – A Serious Pitfall. Network Security 9, 7 (2002)
White, L.: Internet security is the killer application for campus cards. Card Technology Today, 13–14 (November/December 2001)
ISO/IEC 27002 Information technology – Security techniques – Code of practice for information security management (2005)
IT Governance Institute Control Objectives for Information and related Technology (COBIT 4.0) (2005)
Kenning, M.J.: Security management standard – ISO 17799/BS 7799. BT Technol. J. 19(3) (July 2001)
von Solms, B.: Information Security – A Multidimensional Discipline. Computers and Security 20, 504–508 (2001)
Coles, L.: Kemp Information Security management: An entangled reasearch challenge. Information Security Technical Report 14, pp. 181–185. Elsevier, Amsterdam (2009)
Eloff, J.H.P., Eloff, M.M.: Information Security Architecture. Information Security Technical Report 14, pp. 181–185. Elsevier, Amsterdam (2009)
Johnson, E.C.: Security awareness: switch to a better programme (2006)
Ksiezopolski, B., Kotulski, Z.: Adaptable security mechanism for the dynamic environments. Computers & Security 26, 246–255 (2007)
von Solms, B.: Information Security governance: COBIT or ISO 17799 or both? Computers and Security 24, 99–104 (2005)
Information technology - Security techniques (ISO/IEC JTC 1/SC 27) (2003)
King, S.: Applying application security standards. Computers and Security 23, 17–21 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bylica, W., Ksiezopolski, B. (2011). On Scalable Security Audit for Web Application According to ISO 27002. In: Kwiecień, A., Gaj, P., Stera, P. (eds) Computer Networks. CN 2011. Communications in Computer and Information Science, vol 160. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21771-5_31
Download citation
DOI: https://doi.org/10.1007/978-3-642-21771-5_31
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21770-8
Online ISBN: 978-3-642-21771-5
eBook Packages: Computer ScienceComputer Science (R0)