Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current Restore this Version View Page History

Version 1 Next »

Objective:

The objectives of this security audit are to:

  • Identify any security vulnerabilities present in the data ETL and visualisation layer of the application

  • Assess the effectiveness of existing security controls

  • Provide recommendations for improving the overall security of the data ETL and visualisation application

Scope:

The scope of the audit includes:

  • Reviewing the data ETL and visualisation application's data processing and storage components

  • Testing for common vulnerabilities, such as SQL injection and cross-site scripting (XSS)

  • Assessing the security of the application's data sources and data integrations

  • Reviewing the configuration of the application's hosting environment and infrastructure

  • Assessing the effectiveness of existing security controls, such as access controls, encryption, and logging

The following are outside the scope of this audit:

  • Penetration testing of any systems other than the data ETL and visualisation application itself

  • Physical security of the hosting environment

Methodology:

The audit will be conducted using the following methodology:

  • A combination of automated and manual testing techniques will be employed

  • Industry-standard testing frameworks and tools will be used

  • The OWASP Top 10 security risks will be used as a guide for testing scenarios

  • SANS TOP 25 Most Dangerous Software Errors could be as additional guidelines

  • Additional testing scenarios will be developed to assess the specific security risks associated with data ETL and visualisation applications, such as data leakage and data corruption

Deliverables:

The following deliverables will be provided upon completion of the audit:

  • A detailed report of findings, including a prioritized list of vulnerabilities and recommended remediation steps

  • An executive summary of the findings and recommendations

  • A debrief session to review the findings and recommendations with the development team and stakeholders

Roles and Responsibilities:

The following roles and responsibilities have been established for the audit:

  • The audit team will be responsible for conducting the audit and producing the deliverables

  • The data ETL, visualisation and application development team will be responsible for providing access to the application and its components, as well as providing any necessary assistance during the audit

  • Stakeholders from the organization will be responsible for reviewing the findings and recommendations and implementing any necessary remediation steps