THE MODERN PRACTICES OF IMPLEMENTATION OF THE INFORMATION SECURITY AUDIT SYSTEM ON THE CRITICAL INFRASTRUCTURE OBJECTS

Authors

  • О. К. Юдін Kyiv National Taras Shevchenko University
  • Р. В. Зюбіна Kyiv National Taras Shevchenko University
  • О. В. Матвійчук-Юдіна National Aviation University

DOI:

https://doi.org/10.18372/2310-5461.41.13527

Keywords:

Information Security Management System, government information resources, standard, system’s audit, information processing system

Abstract

An integrated approach to the justification and implementation of the system of domestic and international standards, as well as regulatory and legal aspects of the formation of the information security audit system at critical infrastructure facilities and in the systems of state information resources is presented. It is determined that the information security management system is part of the overall management system of the enterprise and is designed to improve the state of information security. System "processing" and "risk-oriented" approach, which means that the main idea and the main task of the information security management system are the processes of analysis and management of information risks in the creation, implementation, operation, monitoring and support of the state of security of information resources of the company. The European approach to the audit system is based on a comparative analysis of the current state of the information system and ensuring the desired level of its effectiveness. In our country, is determined by the analysis and control of the information security management system of the enterprise on the model requirements of ISO 27001 \ ISO 270xx and a set of state standards of Ukraine ISO / IEC. Thus, a variety of standards in the field of information technology and information security management provides organizations with the opportunity to choose the methodology, the approach that best suits the features of business processes and the service market. Current criteria of quality assessment, as a set of requirements assessment of the effectiveness of the security features information; the methods and models of assessing the effectiveness of security features information as well as the presentation of the results of the processes of audit and control of information security are defined the methodology of the system of processing and analysis of information audit of information security in the critical infrastructure and treatment systems of the state information resources.

Author Biographies

О. К. Юдін, Kyiv National Taras Shevchenko University

doctor of technical sciences, professor

Р. В. Зюбіна, Kyiv National Taras Shevchenko University

candidate of technical sciences

О. В. Матвійчук-Юдіна, National Aviation University

candidate of pedagogical sciences

References

Юдін О. К., Бучик С. С. Концептуаль-ний аналіз уразливості державних інформацій-них ресурсів. Наукоємні технології. 2013. Т. 19. № 3. С. 299–304.

Юдін О. К., Бучик С. С. Аналіз загроз державним інформаційним ресурсам. Пробле-ми iнформатизацiї та управлiння. 2013. Т. 4. №. 44. С. 93–99.

Юдін О. К., Бучик С. С. Правові аспекти формування системи державних інформацій-них ресурсів. Безпека інформації. 2014. Т. 20. № 1. С. 76–82.

ISO I. IEC 27001Information technology, securityte chniques, information security management systems requirements. ISO, Geneva. 2005.

Бекетнова Ю., Крылов Г., Ларионова С. Международные основы и стандарты инфор-мационной безопасности финансово-экономичес-ких систем. Litres, 2018.

Макаренко С. И. Аудит информацион-ной безопасности: основные этапы, концепту-альные основы, классификация мероприятий. Системы управления, связи и безопасности. 2018. № 1. Методологія управління інформа-ційними технологіями [Електронний ресурс] URL: https://it60.webnode.com.ua. (дата звер-нення 20.12.2018)

Якименко Ю. М., Наконечний В. С., Толюпа С. В. Оцінка захищеності інформації в автоматизованих інформаційних системах за допомогою загальних критеріїв. Наукові запи-ски Українського науково-дослідного інсти-туту зв’язку. 2015. №6 (40). С. 27–31.

COBIT. [Електронний ресурс] URL: https://en.wikipedia.org/wiki/COBIT. (дата звер-нення 20.01.2018).

Томас Сигерс. ITIL: «за» и «против». 10 способов полюбить ITIL еще сильнее. itSFM. 2014. №1. С.4–14.

Downloads

How to Cite

Юдін, О. К., Зюбіна, Р. В., & Матвійчук-Юдіна, О. В. (2019). THE MODERN PRACTICES OF IMPLEMENTATION OF THE INFORMATION SECURITY AUDIT SYSTEM ON THE CRITICAL INFRASTRUCTURE OBJECTS. Science-Based Technologies, 41(1), 36–43. https://doi.org/10.18372/2310-5461.41.13527

Issue

Vol. 41 No. 1 (2019)

Section

Information technology, cybersecurity

License

The scientific journal adheres to the principles of Open Access and provides free, immediate, and permanent access to all published materials without financial, technical, or legal barriers for readers.

All articles are published in Open Access under the Creative Commons Attribution 4.0 International (CC BY 4.0) license.

Copyright

Authors who publish their works in the journal:

  • retain the copyright to their publications;

  • grant the journal the right of first publication of the article;

  • agree to the distribution of their materials under the CC BY 4.0 license;

  • have the right to reuse, archive, and distribute their works (including in institutional and subject repositories), provided that proper reference is made to the original publication in the journal.