PETA: Methodology of Information Systems Security Penetration Testing
PETA: Methodology of Information Systems Security Penetration Testing
Author(s): Tomáš KlímaSubject(s): Business Economy / Management, ICT Information and Communications Technologies
Published by: Vysoká škola ekonomická v Praze
Keywords: IT security; Penetration testing; Methodology; IT security audit
Summary/Abstract: Current methodologies of information systems penetration testing focuses mainly on a high level and technical description of the testing process. Unfortunately, there is no methodology focused primarily on the management of these tests. It often results in a situation when the tests are badly planned, managed and the vulnerabilities found are unsystematically remediated. The goal of this article is to present new methodology called PETA which is focused mainly on the management of penetration tests. Development of this methodology was based on the comparative analysis of current methodologies. New methodology incorporates current best practices of IT governance and project management represented by COBIT and PRINCE2 principles. Presented methodology has been quantitatively evaluated.
Journal: Acta Informatica Pragensia
- Issue Year: 5/2016
- Issue No: 2
- Page Range: 98-117
- Page Count: 20
- Language: English