Determination of the weight of audit evidence by the method of point ratings in the information security audit
( Pp. 57-62)

Information systems of high-tech enterprises that develop and produce high-tech products, including products and services based on nanotechnology, are characterized by large volumes of dynamic information flows and require protection of confidentiality, availability and integrity of information circulating in them. To protect information, an appropriate resource is allocated, which is distributed by tasks and time according to the decision of the appropriate management body. Making such a decision requires information about the current information security environment - a reliable and complete audit report. An information security audit is organized and conducted to formulate a conclusion.To study the problem, a retrospective analysis of the development of goal-setting in the management of the audit program was conducted. The appearance of the reference model of the audit object as a set of interrelated properties of the audit object was developed, and a scientific hypothesis was put forward about the expediency of taking into account the weight of each audit certificate and the cost of obtaining it, mathematical models for processing expert judgments are given. To prove the hypothesis, an experiment was planned and conducted, which resulted in data confirming the hypothesis. A practical example of using the method to determine the weight of audit evidence, taking into account their cost, is given. The direction of further research is indicated.

Voevodin V.A., Markina M.S., Markin P.V., (2020), DETERMINATION OF THE WEIGHT OF AUDIT EVIDENCE BY THE METHOD OF POINT RATINGS IN THE INFORMATION SECURITY AUDIT. Computational Nanotechnology, 1 => 57-62.

GOST R ISO/MEK 27001-2006 Informatsionnaya tekhnologiya. Metody i sredstva obespecheniya bezopasnosti. Sistemy menedzhmenta informatsionnoy bezopasnosti. Trebovaniya . Utv. i vveden v deystvie Prikazom Federal nogo agentstva po tekhnicheskomu regulirovaniyu i metrologii ot 27 dekabrya 2006 g. N 375-st. M.: Standartinform, 2019. 62 s.
GOST R ISO 19011-2018 Rukovodyashchie ukazaniya po auditu sistem menedzhmenta / per. A. Gorbunov. Nomer dlya ssylki ISO 19011:2018, 2018. 51 s.
GOST R ISO/MEK 27006-2008 Informatsionnaya tekhnologiya (IT). Metody i sredstva obespecheniya bezopasnosti. Trebovaniya k organam, osushchestvlyayushchim audit i sertifikatsiyu sistem menedzhmenta informatsionnoy bezopasnosti . Vved. 18.12.2008. № 524-st. M.: Standartinform, 2010. 35 s.
Voevodin V.A. Kontseptual naya model ob ekta audita informatsionnoy bezopasnosti // Computational Nanotechnology. 2019. T. 6. № 3. S. 92-94.
GOST R ISO/MEK 27007-2014 Informatsionnaya tekhnologiya (IT). Metody i sredstva obespecheniya bezopasnosti. Rukovodstva po auditu sistem menedzhmenta informatsionnoy bezopasnosti . Vved. 06.01.2005.
Voevodin V.A. Uchebno-metodicheskiy kompleks dlya podgotovki k prakticheskomu auditu informatsionnoy bezopasnosti // Sovremennaya nauka: aktual nye problemy teorii i praktik. Seriya: Estestvennye nauki. 2019. № 10. S. 82-88.
Korobov V.B. Teoriya i praktika ekspertnykh metodov: monografiya. M.: INFRA-M, 2019. 281 s.
Voevodin V.A., Zabolotnyy A.S., Nastinov E.O. Model ob ekta audita informatsionnoy bezopasnosti // Vestnik Syktyvkarskogo universiteta. Seriya 1: Matematika. Mekhanika. Informatika: sbornik. Vyp. 4 (29). Syktyvkar: Izd-vo SGU im. Pitirima Sorokina, 2018. 98 s.
Voevodin V.A. Etalonnaya model ob ekta audita informatsionnoy bezopasnosti // Sovremennaya nauka: aktual nye problemy teorii i praktik. Seriya: Estestvennye nauki. 2019. № 9. S. 56 - 61.

audit, information security, audit certificate, the method of score assessments.