|
MAIN PAGE
> Back to contents
Trends and management
Reference:
Shultz V. L., Kulba V. V., Shelkov A. B.
Information security audit of automated control systems
// Trends and management.
2014. № 4.
P. 319-334.
URL: https://en.nbpublish.com/library_read_article.php?id=65509
Shultz V. L., Kulba V. V., Shelkov A. B. Information security audit of automated control systems
Abstract:
This work focuses on analyzing technologies and development of models and methods for increasing the
efficiency of information security audit of automated systems. The authors list the methods for information security
audit, as well as describe the major stages of information security control system audit, including comprehensive
examination of the system, analysis of existing risks and developing recommendations list for improving information
resource security systems. The authors raised and solved the problem of increasing efficiency of organizing information
security audit while minimizing audit risks. The audit process is presented as a set of audit procedures, interrelated
via time and information. To analyze and evaluate audit risk, the authors introduce the definition of “standard pattern
of audit data processing”, according to which the audit data processing is divided into processing itself, error
control and correction, or, failing that, requesting additional base information necessary for the completion of the
audit. The article’s methodology basis consists of the systematic method, the structural and functional method, the
comparative approach, analysis, synthesis, induction, deduction, modeling and observation approaches. The task
of optimizing the audit process involves making the right choices regarding information processing technologies
for audit data, which would ensure minimal errors in results. The authors offer models and methods of efficiency
analysis, substantiation and choice for design solutions to enhance information security, using vector stratification
to pick the right solution out of the multitude of alternatives.
Keywords:
information security, automated system, audit, audit risk, standard pattern, control, design solution, comprehensive evaluation, targeted selection, vector stratification
This article can be downloaded freely in PDF format for reading. Download article
This article written in Russian. You can find original text of the article here
.
References
1. Levintal' A.B. i dr. Kompleksnoe otsenivanie i planirovanie razvitiya regiona. – M.: 2006.
2. Pavel'ev V.V. Formirovanie sistemy kriterial'nykh svoystv pri kompleksnoy otsenke slozhnykh ob'ektov / V kn.: Mekhanizmy funktsionirovaniya organizatsionnykh sistem. Vyp. 29. – M.: IPU RAN, 1982.
3. Lopukhin M.M. PATTERN-metod planirovaniya i prognozirovaniya nauchnykh rabot. – M.: Sov. Radio, 1981.
4. Glotov V.A., Pavel'ev V.V. Vektornaya stratifikatsiya. – M.: Nauka, 1984.
5. Podinovskiy V.V., Nogin V D. Pareto-optimal'nye resheniya mnogokriterial'nykh zadach. – M.: Nauka, 1992.
6. Saati T. Prinyatie resheniy. Metod analiza ierarkhiy.-M.: Radio i svyaz'. 1993.
7. Macecrimmon K.P. Improving the system design and evaluation process by the use of trade of information: an application fourth last corridor transporta-tion planning RM 5877 – Dot // The Rand corporation. Cal.: Santa Monica. 1969.
8. Ayzerman M.A., Malishevskiy A.V. Problemy logicheskogo obosnovaniya v obshchey teorii vybora. Obshchaya teoriya vybora i ego klassichesko-ratsional'noe osnovanie. – M.: IPU RAN, 1980.
9. Upravlenie riskami: obzor upotrebitel'nykh podkhodov. Chast' II // «Jet Info», №12 (163), 2006.
10. Upravlenie riskami: obzor upotrebitel'nykh podkhodov. Chast' I. // «Jet Info», №11 (162), 2006.
11. Gladkov Yu.M., Mikrin E.A., Shelkov A.B. Analiz i sintez mekhanizmov minimizatsii auditorskogo riska // Problemy upravleniya, № 2, 2007.
12. Sheremet A.D., Suyts V.P. Audit. – M.: Infra-M, 2005.
13. Astakhov A. Analiz zashchishchennosti korporativnykh sistem. // Otkrytye sistemy, №07-08, 2002.
14. Kalashnikov A.O., Kotukhov M.M., Lichmanov I.A. Prakticheskie voprosy audita sostoyaniya informatsionnoy bezopasnosti korporativnykh informatsionnykh sistem. // Information Security, №3, 2004.
15. Pavel'ev S.V. Metody i kriterii kompleksnoy otsenki integral'nogo urovnya bezopasnosti informatsionnykh aktivov kompanii. // Trudy XI Mezhdunarodnoy konferentsii po problemam upravleniya bezopasnost'yu slozhnykh sistem. Chast' 1.-M.: IPU RAN, 2003.
16. Galatenko V. Standarty informatsionnoy bezopasnosti.-M.: Intuit.Ru, 2004.
17. Informatsionnaya bezopasnost' sistem organizatsionnogo upravleniya. Teoreticheskie osnovy: v 2 t. // pod red. N.A. Kuznetsova, V.V. Kul'by. – M.: Nauka 2006.
18. Domarev V.V. Bezopasnost' informatsionnykh tekhnologiy. Metodologiya sozdaniya sistem zashchity.-M.: OOO «TID «DS»», 2002.
19. Kul'ba V.V., Kovalevskiy S.S., Shelkov A.B. Dostovernost' i sokhrannost' informatsii v ASU. Izdanie vtoroe. Seriya «Informatsionnye tekhnologii». – M.: SINTEG, 2003.
Link to this article
You can simply select and copy link from below text field.
|
|