Security Assessment is widely used to audit the security protection of web applications. However, it is often performed by outside security experts or third party that has been appointed by the company. The problem appears when the assessment involves highly confidential areas that might impact company’s privacy data which directly reveal the important information to the third party. Even though they might have signed an agreement of non-disclosure information, but as they have already had the information on the infrastructure and architecture regardless of the confidential data, it has to be considered as a high risk. It is important to keep the information within the project members to protect the confidential data used by the system. Therefore, due to confidentiality level of the system, we proposed Self- Assessment framework to conduct security assessment internally to ensure the safety of all the assets of the organization. The main objective of this paper is to discuss the activities and processes involve in conducting security assessment.
展开▼
