Open AccessInformation Security Audit and Main Findings in Czech and Slovak Companies
Author(s) -
Petr Doucek,
Martina Kuncová,
Luděk Novák,
Lea Nedomová
Publication year - 2020
Language(s) - English
Resource type - Conference proceedings
DOI - 10.18690/978-961-286-388-3.10
Subject(s) - audit , accounting , information security audit , information technology audit , czech , slovak , joint audit , business , audit plan , internal audit , information security , independence (probability theory) , audit evidence , computer science , computer security , statistics , mathematics , security service , linguistics , philosophy , network security policy
Ensuring the security of information systems of companies is one of the important functions of the Corporate Informatics Department. One effective tool for building secured information systems is to audit their security. This article analyzes the results of 66 security audits in companies in the Czech Republic and the Slovak Republic during the years 2015-2018. The structure of the audit findings and their groups corresponds to the structure of ISO/IEC 27001: 20013. Using the data, we have formulated two hypotheses. The first hypothesis was about the dependence of the audit results on the size of the company; the second hypothesis examined the dependence of the audit results on the year of its performance. We used Pearson’s chisquare independence test to verify these hypotheses. We have grouped the detailed audit results to provide clear proof. Based on the achieved results, we can say that the analyzed audit results showed the dependence of the audit results on the size of the company as well as on the year the audit was performed. The discussion then explains the reasons for the identified dependencies.