Determination of the weight of audit evidence by the method of point ratings in the information security audit
( Pp. 57-62)

More about authors
Voevodin Vladislav A. kandidat tehnicheskih nauk; docent kafedry informacionnaya bezopasnost
National Research University of Electronic Technology (MIET) Markina Maria S. student kafedry informacionnaya bezopasnost
National Research University of Electronic Technology (MIET) Markin Pavel V. student kafedry informacionnaya bezopasnost
National Research University of Electronic Technology (MIET)
For read the full article, please, register or log in
Abstract:
Information systems of high-tech enterprises that develop and produce high-tech products, including products and services based on nanotechnology, are characterized by large volumes of dynamic information flows and require protection of confidentiality, availability and integrity of information circulating in them. To protect information, an appropriate resource is allocated, which is distributed by tasks and time according to the decision of the appropriate management body. Making such a decision requires information about the current information security environment - a reliable and complete audit report. An information security audit is organized and conducted to formulate a conclusion.To study the problem, a retrospective analysis of the development of goal-setting in the management of the audit program was conducted. The appearance of the reference model of the audit object as a set of interrelated properties of the audit object was developed, and a scientific hypothesis was put forward about the expediency of taking into account the weight of each audit certificate and the cost of obtaining it, mathematical models for processing expert judgments are given. To prove the hypothesis, an experiment was planned and conducted, which resulted in data confirming the hypothesis. A practical example of using the method to determine the weight of audit evidence, taking into account their cost, is given. The direction of further research is indicated.
How to Cite:
Voevodin V.A., Markina M.S., Markin P.V., (2020), DETERMINATION OF THE WEIGHT OF AUDIT EVIDENCE BY THE METHOD OF POINT RATINGS IN THE INFORMATION SECURITY AUDIT. Computational Nanotechnology, 1 => 57-62. DOI: 10.33693/2313-223X-2020-7-1-57-62
Reference list:
GOST R ISO/MEK 27001-2006 Informatsionnaya tekhnologiya. Metody i sredstva obespecheniya bezopasnosti. Sistemy menedzhmenta informatsionnoy bezopasnosti. Trebovaniya . Utv. i vveden v deystvie Prikazom Federal nogo agentstva po tekhnicheskomu regulirovaniyu i metrologii ot 27 dekabrya 2006 g. N 375-st. M.: Standartinform, 2019. 62 s.
GOST R ISO 19011-2018 Rukovodyashchie ukazaniya po auditu sistem menedzhmenta / per. A. Gorbunov. Nomer dlya ssylki ISO 19011:2018, 2018. 51 s.
GOST R ISO/MEK 27006-2008 Informatsionnaya tekhnologiya (IT). Metody i sredstva obespecheniya bezopasnosti. Trebovaniya k organam, osushchestvlyayushchim audit i sertifikatsiyu sistem menedzhmenta informatsionnoy bezopasnosti . Vved. 18.12.2008. № 524-st. M.: Standartinform, 2010. 35 s.
Voevodin V.A. Kontseptual naya model ob ekta audita informatsionnoy bezopasnosti // Computational Nanotechnology. 2019. T. 6. № 3. S. 92-94.
GOST R ISO/MEK 27007-2014 Informatsionnaya tekhnologiya (IT). Metody i sredstva obespecheniya bezopasnosti. Rukovodstva po auditu sistem menedzhmenta informatsionnoy bezopasnosti . Vved. 06.01.2005.
Voevodin V.A. Uchebno-metodicheskiy kompleks dlya podgotovki k prakticheskomu auditu informatsionnoy bezopasnosti // Sovremennaya nauka: aktual nye problemy teorii i praktik. Seriya: Estestvennye nauki. 2019. № 10. S. 82-88.
Korobov V.B. Teoriya i praktika ekspertnykh metodov: monografiya. M.: INFRA-M, 2019. 281 s.
Voevodin V.A., Zabolotnyy A.S., Nastinov E.O. Model ob ekta audita informatsionnoy bezopasnosti // Vestnik Syktyvkarskogo universiteta. Seriya 1: Matematika. Mekhanika. Informatika: sbornik. Vyp. 4 (29). Syktyvkar: Izd-vo SGU im. Pitirima Sorokina, 2018. 98 s.
Voevodin V.A. Etalonnaya model ob ekta audita informatsionnoy bezopasnosti // Sovremennaya nauka: aktual nye problemy teorii i praktik. Seriya: Estestvennye nauki. 2019. № 9. S. 56 - 61.
Keywords:
audit, information security, audit certificate, the method of score assessments.


Related Articles

Issue №20643
A Refined Method for Analytical Modeling of the Processes of Spreading Virus Software to Assess the Security of Informatization Objects
virus software Information system Information Security security threat modeling information security risk assessment
Show more
Issue №18588
The modeling of information security system design processes in state information systems
modeling of information security processes information security information security management graphical modeling methodology of functional graphical modeling
Show more
Issue №21224
The Modeling of Processes of Design of Information Protection Systems in Critical Information Infrastructures
modeling of information security processes information security information security management graphical modeling methodology of functional graphical modeling
Show more
Issue №19821
Prospects for the Development of Industry 4.0 in the Context of Digitalization of the Russian Economy
digital economy Industry 4.0 cybersecurity digital technologies data protection
Show more
Issue №19520
Cybersecurity and its Legal Regulation (Foreign and Russian Experience)
cybersecurity information security international security cyberspace virtual space
Show more
Issue №10025
IMPORTANCE OF STANDARDIZATION OF SEPARATE STAGES OF AUDITOR ACTIVITY IN THE RUSSIAN FEDERATION
intrafirm standards audit audit organization audit
Show more
Issue №20643
Modeling Information Security Threats and Determination of Their Relevance for Information Systems of Informatization Objects of Federal Executive Authorities
Information Security qualitative and quantitative risk assessment unauthorized access Security policy information security risk
Show more
Issue №16112
Determination of the weight of audit evidence by the method of point ratings in the information security audit
audit information security audit certificate the method of score assessments
Show more
Issue №16112
Conceptual model of choice of hardware and software protection
information security security tools information security hardware and software protection
Show more
Issue №10621
ON COERCIVE MEASURES ACCORDING TO THE RESULTS OF FINANCIAL CONTROL
efficiency audit financial control revision check examination
Show more