A formalized model of an organization information security audit for compliance with the requirements of standards

The modern world can be characterized by a huge amount of information and computerization of all spheres of human activity. But one of the most valuable information can be considered the information that concerns financial organizations. There are incidents of information security in financial organizations that can lead not only to the violation of the interests of an individual client, but also to the crisis of the financial market of the entire country. Information security audit allows you to detect violations in the organization's information system in a timely manner, which significantly increases the security of information. Often, timely and rapid receipt of a qualitative and quantitative assessment of the level of security allows you to avoid an incident. To improve the accuracy of estimates and reduce the time of their receipt, the application "Audit57580" was developed, the relevance of which is discussed in detail in the article.

Download Full-text

Developing a procedure for conducting a security audit of a software package for predicting storage system failures

MATEC Web of Conferences ◽

10.1051/matecconf/201824510007 ◽

2018 ◽

Vol 245 ◽

pp. 10007 ◽

Cited By ~ 3

Author(s):

Marina Bolsunovskaya ◽

Svetlana Shirokova ◽

Aleksandra Loginova ◽

Mikhail Uspenskij

Keyword(s):

Information Security ◽

Data Storage ◽

Software Package ◽

Storage Systems ◽

Storage System ◽

Current Situation ◽

Security Audit ◽

System Failures ◽

Audit System ◽

Software And Hardware

The aim of the work is to develop a procedure for conducting an information security audit of the software system for predicting data storage failures in order to identify existing threats to information security, evaluate information security tools, and improve the efficiency of existing information security tools and introduce new ones. It is necessary to monitor the current situation to ensure information security in organizations where data storage systems are used. For this purpose, an audit system has been developed, including both organizational measures and software and hardware parts.

Download Full-text

MODERN TOOLS FOR INFORMATION SECURITY SYSTEMS

NEWS OF THE NATIONAL ACADEMY OF SCIENCES OF THE REPUBLIC OF KAZAKHSTAN ◽

10.32014/2021.2518-1726.2 ◽

2021 ◽

Vol 335 (1) ◽

pp. 14-18

Author(s):

N. Baisholan ◽

K.E. Kubayev ◽

T.S. Baisholanov

Keyword(s):

Information System ◽

Risk Management ◽

Information Systems ◽

Information Security ◽

Information Technologies ◽

Business Processes ◽

Security Audit ◽

Security Systems ◽

Security Models ◽

Methods And Techniques

Efficiency of business processes in modern organizations depends on the capabilities of applied information technologies. The article describes and analyzes the role and features of audit tools and other methodological tools and models in ensuring the quality and security of information systems. The standard’s principles are reviewed, as well as the importance of meeting business needs. In order to protect virtual values in a company’s system environment, the importance of using information security models is revealed. Practical proposals in risk management and information security in information technology are analyzed through the COBIT standard. Measures for protecting the information system of an organization from accidental, deliberate or fake threats are considered. The possibility of using one of the real information security models by the information recipient or provider in accordance with the requirements of external processes is reported. Furthermore, in connection with increase in the number of attack methods and techniques and development of their new tools and vectors, the need to improve and ways to ensure information security are being considered. The essential tasks of security audit are considered, and the stages of their implementation are described. With regard to security of information systems, an analytical model is proposed for determining vulnerability’s numerical value.

Download Full-text

AUDIT OF INFORMATION SECURITY IS THE BASIS OF EFFECTIVE PROTECTION OF THE ENTERPRISE

Cybersecurity Education Science Technique ◽

10.28925/2663-4023.2018.1.8693 ◽

2018 ◽

pp. 86-93 ◽

Cited By ~ 1

Author(s):

Yanina Vl. Roy ◽

Nataliia P. Mazur ◽

Pavlo M. Skladannyi

Keyword(s):

Information Security ◽

Subject Area ◽

Modern Concept ◽

Optimal Management ◽

Cycle Model ◽

Security Audit ◽

Management Decisions ◽

Effective Protection ◽

Current Information ◽

Audit Cycle

The article considers the concept of audit of information security in the organization, its types and main stages are given. In general, security audit, regardless of the form of its conduct, consists of four main stages, each of which carries out a certain range of work. The article outlines the main steps in the organization of the process of conducting information security audit within the framework of business audit as a modern concept for audit in general. The features of each of the indicated stages are disclosed, and recommendations for their implementation are given. The result of the proposed approach to the audit of information security is a comprehensive audit cycle model within the framework of business auditing, which allows carrying out studies of the specified subject area, which serves as the basis for preparing information for making optimal management decisions. Reducing the risk through additional organizational and technical means of protection, which reduce the likelihood of an attack or reduce the possible damage from it. The above information will allow you to assess the current information security of your company and make a decision to conduct an audit.

Download Full-text

Information Security Audit and Main Findings in Czech and Slovak Companies

39th International Conference on Organizational Science Development ◽

10.18690/978-961-286-388-3.10 ◽

2020 ◽

Author(s):

Petr Doucek ◽

◽

Martina Kuncova ◽

Ludek Novak ◽

Lea Nedomova ◽

...

Keyword(s):

Czech Republic ◽

Information Systems ◽

Information Security ◽

Slovak Republic ◽

Security Audit ◽

Independence Test ◽

The Czech Republic ◽

Security Audits ◽

Iec 27001

Ensuring the security of information systems of companies is one of the important functions of the Corporate Informatics Department. One effective tool for building secured information systems is to audit their security. This article analyzes the results of 66 security audits in companies in the Czech Republic and the Slovak Republic during the years 2015-2018. The structure of the audit findings and their groups corresponds to the structure of ISO/IEC 27001: 20013. Using the data, we have formulated two hypotheses. The first hypothesis was about the dependence of the audit results on the size of the company; the second hypothesis examined the dependence of the audit results on the year of its performance. We used Pearson’s chisquare independence test to verify these hypotheses. We have grouped the detailed audit results to provide clear proof. Based on the achieved results, we can say that the analyzed audit results showed the dependence of the audit results on the size of the company as well as on the year the audit was performed. The discussion then explains the reasons for the identified dependencies.

Download Full-text

Intellectual method of programs interactions visualization for information security audit of the operating system

Informatization and communication ◽

10.34219/2078-8320-2020-11-4-67-74 ◽

2020 ◽

Vol 4 ◽

pp. 67-74

Author(s):

Mikhail Buinevich ◽

◽

Gregory Ganov ◽

Konstantin Izrailov ◽

◽

...

Keyword(s):

Artificial Intelligence ◽

Operating System ◽

Information Security ◽

Data Exchange ◽

Partial Solution ◽

Security Audit ◽

Huge Number ◽

Exchange Processes ◽

Full Automation

One of the tasks of information security audit is to monitor the processes of data exchange between operating system programs. A huge number of such files as well as the heterogeneity of exchange between them do not allow an expert to perform the task manually. Full automation of the process is difficult to implement due to the weak formalization of information about exchange processes and criteria for their insecurity. This paper proposes a partial solution to the problem by visualizing the interaction of programs for an expert — in the form of an appropriate method. The expediency of using artificial intelligence as one of the stages of the method is substantiated. The developed prototype of the tool is described and its basic testing is carried out.

Download Full-text

RESEARCH ON THE USE OF DECEPTION TECHNOLOGY TO PREVENT CYBERSECURITY THREATS

CASPIAN JOURNAL Control and High Technologies ◽

10.21672/2074-1707.2020.52.4.085-098 ◽

2020 ◽

Vol 52 (4) ◽

pp. 85-98

Author(s):

MIKHAIL M PUTYATO ◽

◽

ALEKSANDR S. MAKARYAN ◽

SHAMIL M. CHICH ◽

VALENTINA K. MARKOVA ◽

...

Keyword(s):

Comparative Analysis ◽

Information Security ◽

Internet Of Things ◽

The Internet ◽

Security Audit ◽

Timely Manner ◽

Simple Operation ◽

Malicious Activity ◽

Iot Devices ◽

High Level

Internet of things (IoT) devices have become increasingly popular in recent years. IoT refers to smart refrigerators, smart locks, video nannies, and other household devices that have access to the Internet. However, the growing popularity of IoT technology is increasingly attracting the attention of hackers who are interested both in disclosing confidential enduser data and in misuse of the computing resources of the attacked devices. Unfortunately, malicious attacks often result in successful compromise of devices, with the ensuing consequences. The reasons for the high level of compromise of IoT devices are caused both by errors in the design, implementation, and relatively simple operation with the use of various information security audit tools. To identify defects in the development and implementation of devices, you need to have some idea about them, that is, to identify and eliminate them in a timely manner. This can be achieved in various ways. One of these methods is to create special traps that collect information about the activity of an attacker, called honeypot. The essence of the honeypot technology is to emulate or implement the functionality of existing devices, services, and protocols, with the accumulation of data about malicious activity of an attacker. The information obtained can be used to improve the protection of real devices, services, and protocols, as well as to develop measures to counter hackers. The article provides a comparative analysis of the existing most popular honeypot systems in order to identify the best system. The analysis identified both the weaknesses and strengths of these systems. Next, an attempt is made to adapt these same systems to function at the level of Internet of things devices.

Download Full-text