The Research on Security Audit for Information System Classified Protection

2018 ◽  
pp. 300-308
Author(s):  
Hui Lu ◽  
Xiang Cui ◽  
Le Wang ◽  
Yu Jiang ◽  
Meng Cui
Keyword(s):  
Information System ◽  
Security Audit

scholarly journals MODERN TOOLS FOR INFORMATION SECURITY SYSTEMS

2021 ◽  
Vol 335 (1) ◽  
pp. 14-18
Author(s):  
N. Baisholan ◽  
K.E. Kubayev ◽  
T.S. Baisholanov
Keyword(s):  
Information System ◽  
Risk Management ◽  
Information Systems ◽  
Information Security ◽  
Information Technologies ◽  
Business Processes ◽  
Security Audit ◽  
Security Systems ◽  
Security Models ◽  
Methods And Techniques

Efficiency of business processes in modern organizations depends on the capabilities of applied information technologies. The article describes and analyzes the role and features of audit tools and other methodological tools and models in ensuring the quality and security of information systems. The standard’s principles are reviewed, as well as the importance of meeting business needs. In order to protect virtual values in a company’s system environment, the importance of using information security models is revealed. Practical proposals in risk management and information security in information technology are analyzed through the COBIT standard. Measures for protecting the information system of an organization from accidental, deliberate or fake threats are considered. The possibility of using one of the real information security models by the information recipient or provider in accordance with the requirements of external processes is reported. Furthermore, in connection with increase in the number of attack methods and techniques and development of their new tools and vectors, the need to improve and ways to ensure information security are being considered. The essential tasks of security audit are considered, and the stages of their implementation are described. With regard to security of information systems, an analytical model is proposed for determining vulnerability’s numerical value.

scholarly journals AUDIT KEAMANAN SISTEM INFORMASI AKADEMIK DENGAN KERANGKA KERJA ISO 27001 DI PROGRAM STUDI SISTEM INFORMASI UNIKOM

2018 ◽  
Vol 16 (2) ◽  
pp. 121-131
Author(s):  
Marliana Budhiningtias Winanti ◽  
Ismail Dzulhan
Keyword(s):  
Information System ◽  
Information Systems ◽  
System Security ◽  
Primary System ◽  
Process Data ◽  
Security Audit ◽  
Information System Security ◽  
Security Controls ◽  
Academic Information ◽  
Iso 27001

Academic Information Systems Prodi UNIKOM Information System is the primary system used in the Information Systems Prodi process data and information about lectures and students. But in this system still found a lack of control of physical and logical security. To find out how your system security in organizations, information systems need security audit to determine whether security information is in accordance with the security procedures of management. Standardization used here is ISO 27001, this standards have been an international standards organization that is structured on the management of information security systems. Implementation of academic information system security audit is done by using the Audit Checklist ISO 27001: 2005. Audit results found security controls are still less well as the roles and responsibilities of employee safety, physical protection from disasters and power failures, data validation, and data backup are less regular. So the academic information system security controls is still need to be repairs in accordance with the recommendation.

scholarly journals Concerns on Information System and Security Audit

2018 ◽  
Vol 3 ◽  
pp. 127
Author(s):  
Subarna Shakya ◽  
Abhijit Gupta
Keyword(s):  
Information System ◽  
Rapid Development ◽  
Relevant Information ◽  
Vital Role ◽  
Exploratory Research ◽  
Security Audit ◽  
Degree Of Protection ◽  
Information And Communication ◽  
College Of Engineering ◽  
Effective Use

<p>Successful Information and communication technology (ICT) can cause rapid development in administrative processes. ICT strategies and ICT plans should be evaluated to align with organization visions and missions in order to achieve effective use of ICT in their organizations [1]. Efficient Software and Hardware together play a vital role giving relevant information which helps improving ways we do business, learn, communicate, entertain and work. This exposes to an environment with significant risks which are vulnerable to inside or outside attacks [2,3]. Security is a degree of protection or resistance from harm. Security can also be defined as a layer created to separate assets from threats [4]. In order to understand clearly about security, it is very important to understand important terminologies [5]. This research paper talks about important terminologies, concerns and challenges on Information System and Security Audit. This research seeks explanation from the observed phenomena, problems or behavior and thus exploratory research is used. The outcome of this research is an overview of different security concerns that must be sincerely addressed in any Information System and Security Audit.</p><p><strong>Journal of Advanced College of Engineering and Management, </strong>Vol. 2, 2016, Page:127-135</p>

scholarly journals Information System Security Audit Based on the DSS05 Framework Cobit 5 at Higher Education XX

2021 ◽  
Vol 9 (1) ◽  
pp. 35
Author(s):  
Rudolf Sinaga ◽  
Samsinar Samsinar ◽  
Renny Afriany
Keyword(s):  
Information System ◽  
System Security ◽  
Educational Institutions ◽  
Security Evaluation ◽  
Security Audit ◽  
Tertiary Institution ◽  
Information System Security ◽  
Access Rights ◽  
Commercial Organizations ◽  
To Receive

Currently, information has become a commodity or basic need, it can even be said that we are already in an "information-based social" era. It is undeniable that the ability to access and ensure the availability of information quickly and accurately has become a very essential component for an organization, whether in the form of social or commercial organizations, educational institutions such as universities, government agencies, and individuals. Various channels were created to regulate access rights to information, to prevent unauthorized people from accessing it, to minimize losses for the owner of the information. Based on the results of interviews with the research object of XX college, there are still frequent disruptions to information system security such as attacks on servers that result in server downtime, attacks on institutional e-mails that result in being unable to receive or even send e-mails, and other disturbances. This certainly harms information services at the tertiary institution, therefore an information system security audit is required. This study aims to measure the level of information system security capabilities using the Cobit 5 framework in the APO13 and DSS05 domains. Based on the results of the audit, it was found that the GAP value was 3.6 for the APO13 domain or at level 1 while 3.4 for the GAP DSS05 value or at level 2, it can be concluded that the information system security maturity level is still very low so that it needs improvement. It is recommended to make SOPs and documentation of maintenance, control, and periodic security evaluation, install an antivirus that has high and up to date protection accuracy, and make regular maintenance reports both on software and hardware.

scholarly journals MODERN TOOLS FOR INFORMATION SECURITY SYSTEMS

2021 ◽  
Vol 335 (1) ◽  
pp. 14-18
Author(s):  
N. Baisholan ◽  
K.E. Kubayev ◽  
T.S. Baisholanov
Keyword(s):  
Information System ◽  
Risk Management ◽  
Information Systems ◽  
Information Security ◽  
Information Technologies ◽  
Business Processes ◽  
Security Audit ◽  
Security Systems ◽  
Security Models ◽  
Methods And Techniques

Efficiency of business processes in modern organizations depends on the capabilities of applied information technologies. The article describes and analyzes the role and features of audit tools and other methodological tools and models in ensuring the quality and security of information systems. The standard’s principles are reviewed, as well as the importance of meeting business needs. In order to protect virtual values in a company’s system environment, the importance of using information security models is revealed. Practical proposals in risk management and information security in information technology are analyzed through the COBIT standard. Measures for protecting the information system of an organization from accidental, deliberate or fake threats are considered. The possibility of using one of the real information security models by the information recipient or provider in accordance with the requirements of external processes is reported. Furthermore, in connection with increase in the number of attack methods and techniques and development of their new tools and vectors, the need to improve and ways to ensure information security are being considered. The essential tasks of security audit are considered, and the stages of their implementation are described. With regard to security of information systems, an analytical model is proposed for determining vulnerability’s numerical value.

scholarly journals A Study on Security Audit Checking Items for the RFID-Based Information System

2012 ◽  
Vol 11 (4) ◽  
pp. 107-121
Author(s):  
Sang-Duk Jeon ◽  
Ji-Young Lim ◽  
Ki-Young Lee ◽  
Ki-Joon Han
Keyword(s):  
Information System ◽  
Security Audit
Sign in / Sign up

Export Citation Format

Share Document