The security audit is the process of checking compliance of the IT systems with information security managements system policy. The IT audit process according to full ISO 27002 standard is very complex issue. In this article we introduce the guidelines that point out which parts of ISO 27002 are selected for creating role based questionnaires which are used to check web application standard compliance. We present the process of formal questionnaire ordering method for web application security audit. The presented process scales security issues depending on the asset character. © 2011 Springer-Verlag.
CITATION STYLE
Bylica, W., & Ksiezopolski, B. (2011). On scalable security audit for web application according to ISO 27002. In Communications in Computer and Information Science (Vol. 160 CCIS, pp. 289–297). https://doi.org/10.1007/978-3-642-21771-5_31
Mendeley helps you to discover research relevant for your work.