Towards Continuous Information Security Audit

Abstract. Requirement engineering calls for continuous possibility to check whether latest changes of significant requirements are met by the target systems. This review is important because the environment of the system, if impacted by changes, may lead to new exposures. Current paper reports on knowledge gained during the attempt to move towards continuous security audit by extending one business process based security requirements identification method with the elements from audit area and the automated business process analysis method for identifying the points for the attention of audit