Security Audit -- Application Layer

[Kevin Casey <CaseyK () HUSSON EDU>]

In organizing a security audit RFP, it seems that any granular look at
our ERP systems  (i.e., looking at the security of each "page," instead
of just the box upon which these apps live) would take the cost of this
audit from "somewhat challenging to sell to our Cabinet" to "you've got
to be kidding me."

 

Just looking for a reality check: is an audit that doesn't look this
deeply at the application layer only half an audit (or less), and is
this element as expensive as I fear, or have I not spoken with enough
firms?

 

I would expect responses (hopefully) somewhere between, "Yes, you really
need to do this and spend the money, or tell upper management that the
job's only half done," and "While it would be nice, it is wicked
expensive,  so it's rare to go that deep; risks will remain if you don'
t do this, but these should be minimal if you adequately mitigate issues
at the other layers, and in other areas."

 

 

Thanks for your time and opinons,

 

Kevin

 

__________________________________________
Kevin Casey 
Executive Director
Information Resources 

Phone:  (207) 941-7123

Fax:  (207) 941-7988

caseyk () husson edu <mailto:caseyk () husson edu> 

        
        

 

 Husson University

 www.husson.edu <http://www.husson.edu/>