Requirements for Development of an Assessment System for IT&C Security Audit


  • Marius Popa Bucharest Academy of Economic Studies, Romania


assessment system, security audit, information security management


IT&C security audit processes are carried out to implement information security management. The audit processes are included in an audit program as decision of the management staff to establish the organization situation against to the planned or expected one. The audit processes require evidence to highlight the above issues. The evidences are gathered by audit team and some automation processes to increase the productivity and accuracy of the audit are needed. The paper presents some issues of the requirements for development of an assessment system with some considerations for IT&C security audit. The emphasized issues are grouped in the following sections: IT&C security audit processes, characteristics of the indicators development process and implementation issues of an assessment system.

Author Biography

Marius Popa, Bucharest Academy of Economic Studies, Romania

Faculty of Cybernetics, Statistics and Economic Informatics

Department of IT&C Technologies


S. Capisizu, Models and Techniques for Development the Economic Information Audit, ASE Bucharest, 2006, PhD Thesis

S. Capisizu, G. Noşca and M. Popa, Informatics Audit, The 37th International Scientific Symposium of METRA, Military Equipment and Technologies Research Agency, Bucharest, May 25 – 26, 2006

M. Popa, C. Toma and C. Amancei, Characteristics of the Audit Processes for Distributed Informatics Systems, Informatica Economică, vol. 13, no. 3, 2009, pp. 165 – 178

Barclay Simpson Recruitment Consultant, An Introduction to Computer Auditing, London,

International Standard ISO/IEC 17799, Information Technology – Security Techniques – Code of Practice for Information Security Management, Second Edition, 2005

W. Goethert and W. Hayes, Experiences in Implementing Measurement Programs, Software Engineering Measurement and Analysis Initiative, Carnegie Mellon University, Technical Note, November 2001

T. Augustine and C. Schroeder, An Effective Metrics Process Model, The Journal of Defense Software Engineering, vol. 12, no. 6, 1999, pp. 4 – 7

M. Popa, Characteristics for Development of an Assessment System for Security Audit Processes, Economy Informatics, vol. 9, no. 1, 2009, pp. 55 – 62

IT Governance Institute, COBIT 4.1, 2007

T. Perkins, R. Peterson and L. Smith, Back to the Basics: Measurement and Metrics, The Journal of Defense Software Engineering, vol. 16, no. 12, 2003, pp. 9 – 12

S. Payne, A Guide to Security Metrics, SANS Institute, Whitepaper, June 2006

G. Braunton, B.A.S.E. – A Security Assessment Methodology, SANS Institute, Whitepaper, September 2004




How to Cite

Popa, M. (2010). Requirements for Development of an Assessment System for IT&C Security Audit. Journal of Mobile, Embedded and Distributed Systems, 2(2), 56-64. Retrieved from