Decision support system for information systems security audit (WABSI) as a component of it infrastructure management

The paper presents the concepts and implementation of application for monitoring, analysis and reporting of enterprise information systems security. The purposes of the application are: comprehensive support for IT security administrator and auditors in checking information security and systems security levels, checking security policy implementation and compliance with security standards required by certificates and other regulations. The paper presents the requirements for the system, its architecture and implementation of particular components, evaluation of application and tests executed with regard to security standards. According to the authors, it is the IT management system which many organizations and solution providers lack. It results in that the effectiveness of the management of information security in these organizations may be less than expected.