Open AccessDevelopment of a Method for Conducting an Audit of the Information Security System
Author(s) -
Pavel Zaporotskov,
Rosreestr for Volgograd Region
Publication year - 2021
Publication title -
nbi tehnologii/nbi tehnologii
Language(s) - English
Resource type - Journals
eISSN - 2713-1564
pISSN - 2658-3593
DOI - 10.15688/nbit.jvolsu.2020.4.3
Subject(s) - audit , information security audit , information security , computer security , information security management , information protection policy , information security management system , risk analysis (engineering) , information technology audit , order (exchange) , computer science , information security standards , standard of good practice , field (mathematics) , asset (computer security) , certified information security manager , business , security information and event management , internal audit , security service , cloud computing security , accounting , network security policy , joint audit , finance , cloud computing , mathematics , pure mathematics , operating system
Information processes, as well as information resources, manage information of varying degrees of importance for the enterprise. In this regard, the protection of such information is one of the most important procedures in the field of state security, the importance of which is growing every year. The problem of information security – the reliable provision of its safety and the established status of use – is one of the most important problems of our time. The paper considers the existing standards in the field of information security audit. The author has developed an innovative model of audit of the information security system based on the comparison of demand measures of order no. 21 of the FSTEC of Russia and ways of implementation in the subsystem of the information system of personal data protection, the recommendations for inspections of specific measures of protection and used technology audit technical means. The developed method is tested on the example of conducting an audit in “Lama” LLC company. The choice was made to establish the compliance of the organization’s personal data protection system with the requirements of order no. 21 of the FSTEC of Russia. Recommendations have been developed to eliminate the existing shortcomings and inconsistencies by re-equipping the anti-virus protection subsystem and the subsystem of inter-network shielding and protection of communication channels.