PETA: Methodology of Information Systems Security Penetration Testing

Tomáš Klíma

doi:10.18267/j.aip.88

Acta Informatica Pragensia (Dec 2016)

PETA: Methodology of Information Systems Security Penetration Testing

Tomáš Klíma

Affiliations

Tomáš Klíma: University of Economics, Prague

DOI: https://doi.org/10.18267/j.aip.88
Journal volume & issue: Vol. 5, no. 2
pp. 98 – 117

Abstract

Read online

Current methodologies of information systems penetration testing focuses mainly on a high level and technical description of the testing process. Unfortunately, there is no methodology focused primarily on the management of these tests. It often results in a situation when the tests are badly planned, managed and the vulnerabilities found are unsystematically remediated. The goal of this article is to present new methodology called PETA which is focused mainly on the management of penetration tests. Development of this methodology was based on the comparative analysis of current methodologies. New methodology incorporates current best practices of IT governance and project management represented by COBIT and PRINCE2 principles. Presented methodology has been quantitatively evaluated.

Published in Acta Informatica Pragensia

ISSN: 1805-4951 (Online)
Publisher: Prague University of Economics and Business
Country of publisher: Czechia
LCC subjects: Science: Mathematics: Instruments and machines: Electronic computers. Computer science
Website: http://aip.vse.cz

About the journal

Abstract

Keywords