JOURNAL OF THE FACULTY OF ENGINEERING AND ARCHITECTURE OF GAZI UNIVERSITY, cilt.26, sa.1, ss.89-104, 2011 (SCI-Expanded)
Diagnosing vulnerabilities in enterprise information systems and recovering them in short time are very important for enabling enterprise information security. Security tests are used to find out security vulnerabilities of the systems before having any attack to and also crucial for securing enterprise information security. Providing high level information security for enterprises, security tests need to be well known and applied to systems. These tests are achieved by security experts according to the needs of enterprises, methods and ethics. When the literature was reviewed on enterprise information security, it has been encountered that compherensive and up-to-date studies were not available, the studies presented not covering all concepts, most of the studies were delivered by commercial and nontrustworty web sites, and also only covering short desciriptions and explanations about them. In this study, security tests, standards and institutions, of which have very important roles in providing better enterprise information security, have been presented in details. As a result of this study, security awareness might be increased, security issues might be applied and managed easily, and applying the tests and suggestions proposed in this article might also help to improve the security for enterprises.