Abstract
The ongoing digitalization in the business world has led to a situation where information technology security forms an integral part of all enterprises. The need for comparable and measurable methods has resulted in the development of numerous standardized activities that can be undertaken in order to estimate the exposure to existing threats. In this paper, we present various approaches to the verification, evaluation and confirmation of the operational effectiveness of security controls implemented in complex IT systems. Individual techniques are represented by IT risk assessments and penetration tests. We analyze them from a theoretical perspective, and present records of case studies conducted. As a result, we are able to verify how these activities can be applied in real-world IT environments. The results of our work mean we can conduct further investigation into finding the optimal approach to the problem of ensuring sufficient security whilst preserving an acceptable risk-business trade off.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
