Zaporotskov P.A. Development of a method for conducting an audit of the information security system

DEVELOPMENT OFA METHOD FOR CONDUCTING AN AUDIT
OF THE INFORMATION SECURITY SYSTEM


Pavel A. Zaporotskov
Candidate of Sciences (Physics and Mathematics), Deputy Head of the
Department of Operation of Information Systems, Technical Means and Communication Channels,
Department of Rosreestr for Volgograd Region
This email address is being protected from spambots. You need JavaScript enabled to view it.
Kalinina St, 4, 400001 Volgograd, Russian Federation


Abstract. Information processes, as well as information resources, manage information
of varying degrees of importance for the enterprise. In this regard, the protection of such
information is one of the most important procedures in the field of state security, the importance
of which is growing every year. The problem of information security – the reliable provision of
its safety and the established status of use – is one of the most important problems of our time.
The paper considers the existing standards in the field of information security audit. The
author has developed an innovative model of audit of the information security system based
on the comparison of demand measures of order no. 21 of the FSTEC of Russia and ways of
implementation in the subsystem of the information system of personal data protection, the recommendations for inspections of specific measures of protection and used technology audit technical means. The developed method is tested on the example of conducting an audit
in “Lama” LLC company. The choice was made to establish the compliance of the
organization’s personal data protection system with the requirements of order no. 21 of the
FSTEC of Russia. Recommendations have been developed to eliminate the existing
shortcomings and inconsistencies by re-equipping the anti-virus protection subsystem and the
subsystem of inter-network shielding and protection of communication channels.


Key words: information security, audit of the information security system, technical
means of audit, protection of communication channels, anti-virus protection.

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

Attachments:
Download this file (3_Zaporockov.pmd.pdf) 3_Zaporockov.pmd.pdf
URL: https://ti.jvolsu.com/index.php/en/component/attachments/download/746
259 DownloadsUpdate this file (3_Zaporockov.pmd.pdf)