The audit method of enterprise's Information security

The audit method of enterprise's Information security

연구 분야: Safety

학회: ICEMIS'20: Proceedings of the 6th International Conference on Engineering & MIS 2020

This paper considers a model and method for auditing the information security of an enterprise, and specifically collecting information about the quantitative and qualitative characteristics of the information infrastructure, generating conclusions and recommendations for ensuring information security in a particular enterprise with a small staffing. Audit was conducted according to the methodology for conducting internal audit in the enterprise, which is based which is based on advanced standards and approaches in the organization, management and security of IT infrastructure, such as Cobit, ISO 17799. The methodology includes a comprehensive assessment of the effectiveness of the organization, management and IT security, in the context of four areas of IT activity (planning and organization, acquisition and implementation, operation and maintenance, monitoring and evaluation). Based on the audit, the level of IS organization was determined, which is equal to below the average indicator, and recommendations are presented to increase this level.