Home // SECURWARE 2015, The Ninth International Conference on Emerging Security Information, Systems and Technologies // View article

A Model for Conducting Security Assessment within an Organisation

Authors:
Nor Fatimah Awang
Azizah Abd Manaf

Keywords: Web application; vulnerability; security testing; security assessment; penetration testing

Abstract:
Security Assessment is widely used to audit security protection of web applications. However, it is often performed by outside security experts or third parties appointed by a company. The problem appears when the assessment involves highly confidential areas which might impact the company’s data privacy where important information may be accessed and revealed by the third party. Even though the company and third party might have signed a non-disclosure agreement, it is still considered a high risk since confidential information on infrastructure and architecture are already exposed. It is important to keep the confidential information within the project team members to protect the data used by the system. Therefore, this paper proposes a model to conduct internal security assessment to ensure all organisational assets are protected and secured. The main objective of this paper is to discuss the activities and processes involved in conducting the security assessment.

Pages: 92 to 97

Copyright: Copyright (c) IARIA, 2015

Publication date: August 23, 2015

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-427-5

Location: Venice, Italy

Dates: from August 23, 2015 to August 28, 2015