Determination of the weight of audit evidence by the method of point ratings in the information security audit
( Pp. 57-62)
More about authors
Voevodin Vladislav A.
kandidat tehnicheskih nauk; docent kafedry informacionnaya bezopasnost
National Research University of Electronic Technology (MIET) Markina Maria S. student kafedry informacionnaya bezopasnost
National Research University of Electronic Technology (MIET) Markin Pavel V. student kafedry informacionnaya bezopasnost
National Research University of Electronic Technology (MIET)
National Research University of Electronic Technology (MIET) Markina Maria S. student kafedry informacionnaya bezopasnost
National Research University of Electronic Technology (MIET) Markin Pavel V. student kafedry informacionnaya bezopasnost
National Research University of Electronic Technology (MIET)
Abstract:
Information systems of high-tech enterprises that develop and produce high-tech products, including products and services based on nanotechnology, are characterized by large volumes of dynamic information flows and require protection of confidentiality, availability and integrity of information circulating in them. To protect information, an appropriate resource is allocated, which is distributed by tasks and time according to the decision of the appropriate management body. Making such a decision requires information about the current information security environment - a reliable and complete audit report. An information security audit is organized and conducted to formulate a conclusion.To study the problem, a retrospective analysis of the development of goal-setting in the management of the audit program was conducted. The appearance of the reference model of the audit object as a set of interrelated properties of the audit object was developed, and a scientific hypothesis was put forward about the expediency of taking into account the weight of each audit certificate and the cost of obtaining it, mathematical models for processing expert judgments are given. To prove the hypothesis, an experiment was planned and conducted, which resulted in data confirming the hypothesis. A practical example of using the method to determine the weight of audit evidence, taking into account their cost, is given. The direction of further research is indicated.
How to Cite:
Voevodin V.A., Markina M.S., Markin P.V., (2020), DETERMINATION OF THE WEIGHT OF AUDIT EVIDENCE BY THE METHOD OF POINT RATINGS IN THE INFORMATION SECURITY AUDIT. Computational Nanotechnology, 1 => 57-62.
Reference list:
GOST R ISO/MEK 27001-2006 Informatsionnaya tekhnologiya. Metody i sredstva obespecheniya bezopasnosti. Sistemy menedzhmenta informatsionnoy bezopasnosti. Trebovaniya . Utv. i vveden v deystvie Prikazom Federal nogo agentstva po tekhnicheskomu regulirovaniyu i metrologii ot 27 dekabrya 2006 g. N 375-st. M.: Standartinform, 2019. 62 s.
GOST R ISO 19011-2018 Rukovodyashchie ukazaniya po auditu sistem menedzhmenta / per. A. Gorbunov. Nomer dlya ssylki ISO 19011:2018, 2018. 51 s.
GOST R ISO/MEK 27006-2008 Informatsionnaya tekhnologiya (IT). Metody i sredstva obespecheniya bezopasnosti. Trebovaniya k organam, osushchestvlyayushchim audit i sertifikatsiyu sistem menedzhmenta informatsionnoy bezopasnosti . Vved. 18.12.2008. № 524-st. M.: Standartinform, 2010. 35 s.
Voevodin V.A. Kontseptual naya model ob ekta audita informatsionnoy bezopasnosti // Computational Nanotechnology. 2019. T. 6. № 3. S. 92-94.
GOST R ISO/MEK 27007-2014 Informatsionnaya tekhnologiya (IT). Metody i sredstva obespecheniya bezopasnosti. Rukovodstva po auditu sistem menedzhmenta informatsionnoy bezopasnosti . Vved. 06.01.2005.
Voevodin V.A. Uchebno-metodicheskiy kompleks dlya podgotovki k prakticheskomu auditu informatsionnoy bezopasnosti // Sovremennaya nauka: aktual nye problemy teorii i praktik. Seriya: Estestvennye nauki. 2019. № 10. S. 82-88.
Korobov V.B. Teoriya i praktika ekspertnykh metodov: monografiya. M.: INFRA-M, 2019. 281 s.
Voevodin V.A., Zabolotnyy A.S., Nastinov E.O. Model ob ekta audita informatsionnoy bezopasnosti // Vestnik Syktyvkarskogo universiteta. Seriya 1: Matematika. Mekhanika. Informatika: sbornik. Vyp. 4 (29). Syktyvkar: Izd-vo SGU im. Pitirima Sorokina, 2018. 98 s.
Voevodin V.A. Etalonnaya model ob ekta audita informatsionnoy bezopasnosti // Sovremennaya nauka: aktual nye problemy teorii i praktik. Seriya: Estestvennye nauki. 2019. № 9. S. 56 - 61.
GOST R ISO 19011-2018 Rukovodyashchie ukazaniya po auditu sistem menedzhmenta / per. A. Gorbunov. Nomer dlya ssylki ISO 19011:2018, 2018. 51 s.
GOST R ISO/MEK 27006-2008 Informatsionnaya tekhnologiya (IT). Metody i sredstva obespecheniya bezopasnosti. Trebovaniya k organam, osushchestvlyayushchim audit i sertifikatsiyu sistem menedzhmenta informatsionnoy bezopasnosti . Vved. 18.12.2008. № 524-st. M.: Standartinform, 2010. 35 s.
Voevodin V.A. Kontseptual naya model ob ekta audita informatsionnoy bezopasnosti // Computational Nanotechnology. 2019. T. 6. № 3. S. 92-94.
GOST R ISO/MEK 27007-2014 Informatsionnaya tekhnologiya (IT). Metody i sredstva obespecheniya bezopasnosti. Rukovodstva po auditu sistem menedzhmenta informatsionnoy bezopasnosti . Vved. 06.01.2005.
Voevodin V.A. Uchebno-metodicheskiy kompleks dlya podgotovki k prakticheskomu auditu informatsionnoy bezopasnosti // Sovremennaya nauka: aktual nye problemy teorii i praktik. Seriya: Estestvennye nauki. 2019. № 10. S. 82-88.
Korobov V.B. Teoriya i praktika ekspertnykh metodov: monografiya. M.: INFRA-M, 2019. 281 s.
Voevodin V.A., Zabolotnyy A.S., Nastinov E.O. Model ob ekta audita informatsionnoy bezopasnosti // Vestnik Syktyvkarskogo universiteta. Seriya 1: Matematika. Mekhanika. Informatika: sbornik. Vyp. 4 (29). Syktyvkar: Izd-vo SGU im. Pitirima Sorokina, 2018. 98 s.
Voevodin V.A. Etalonnaya model ob ekta audita informatsionnoy bezopasnosti // Sovremennaya nauka: aktual nye problemy teorii i praktik. Seriya: Estestvennye nauki. 2019. № 9. S. 56 - 61.
Keywords:
audit, information security, audit certificate, the method of score assessments.
Related Articles
Multiscale Modeling for Information Control and Processing Pages: 11-20 DOI: 10.33693/2313-223X-2022-9-1-11-20 Issue №20643
A Refined Method for Analytical Modeling of the Processes of Spreading Virus Software to Assess the Security of Informatization Objects
virus software
Information system
Information Security
security threat modeling
information security risk assessment
Show more
8. Judicial, prosecutorial, human rights and law enforcement activities Pages: 158-162 Issue №6252
INFORMATION SECURITY OF ADVOCATE’S ACTIVITY: THE MAIN NOTIONS
lawyer
advocacy
information
information security
information security activities of a lawyer
Show more
5. CIVIL LAW, BUSINESS LAW, FAMILY LAW; PRIVATE INTERNATIONAL LAW 12.00.03 Pages: 165-171 Issue №17852
Features and prospects of the reform of the Russian legislation in the sphere of digitalization
digitalization
information and analytical systems
legal regulation
personal data protection
information security
Show more
6. PUBLIC LAW (STATE LAW) (5.1.2.) Pages: 139-144 Issue №20974
The Concept of Monitoring Threats to Information Security in Organizations of the Fuel and Energy Complex
fuel and energy complex
Ministry of Energy of Russia
protected information
possible channels of information leakage
threat monitoring system
Show more
GENERAL THEORETICAL, CRIMINAL-LEGAL AND OTHER PROBLEMS OF COUNTERING EXTREMISM AND TERRORISM. PROBLEMS OF PREVENTING EXTREMISM AND TERRORISM Pages: 156-160 Issue №23752
Ensuring the Security of the Digital Space from Cyberterrorist Threats
cybercrime
cyberterrorism
malicious computer programs
telecommunication technologies
information security
Show more
9. Administrative law; Administrative process, Information Law Pages: 116-120 Issue №5518
THE MODEL OF LEGAL REGULATION OF THE ACTIVITY OF MASS MEDIA IN THE СONTEXT OF INFORMATIONAL SECURITY
Legal model
the mechanism of legal regulation
subsystem
system communication
Media
Show more
4. CRIMINAL - LEGAL, CRIMINOLOGICAL, ADMINISTRATIVE AND OTHER MEASURES FOR COUNTERING CRIME IN CONTEMPORARY CONDITIONS Pages: 166-170 Issue №19590
Information Support of Services and Units of the MIA of Russia as an Aspect of Effectiveness of Countering Crime
information resource
data banks
crime prevention
operational environment
categorized machine-readable medium
Show more
2. SCIENTIFIC SCHOOL OF DOCTOR OF SCIENCE, PROFESSOR ShHAGAPSOEV Z.L. Pages: 139-141 Issue №7907
INFORMATIONAL TERRORISM AS THE RUSSIAN FEDERATION NATIONAL SECURITY THREAT
information terrorism
the threat of information
national security
information security
the global information space
Show more
12. CRIME IN THE FIELD OF INFORMATION TECHNOLOGY AND CYBER CRIME Pages: 146-148 Issue №10327
ABOUT SOME METHODS OF INFORMATION SECURITY IN THE WORLD WIDE WEB
information security
the threat of information
national security
the global information space
the Internet
Show more
8. INFORMATION LAW (12.00.13) Pages: 197-201 Issue №17728
Information terrorism is a threat to national security in the context of digitalization
information terrorism
national security
information security
cybercrime
government regulation
Show more