The new aspects for the instantaneous information security audit

2016 IEEE Conference on Quality Management, Transport and Information Security, Information Technologies (IT&MQ&IS) Pub Date : 2016-10-01 DOI:10.1109/ITMQIS.2016.7751920

I. Livshitz, Kseniya A. Nikiforova, P. Lontsikh, S. N. Karasev

{"title":"The new aspects for the instantaneous information security audit","authors":"I. Livshitz, Kseniya A. Nikiforova, P. Lontsikh, S. N. Karasev","doi":"10.1109/ITMQIS.2016.7751920","DOIUrl":null,"url":null,"abstract":"This publication discusses the problem concerning the concept of the instantaneous information security (IT-Security) audits directed, including providing protection against “zero-day” threats. It is noted that effective “zero-day” counteraction based on implementation a set of preventive IT-Security controls, but not limited new technical facilities installation only. A key feature of this concept of instantaneous IT-Security audits is to assess how the left limit of the protection level in the process of IT-Security audits performing. Methodological basis of the concept of instantaneous IT-Security audits are ISO 27001 and 19011 standards series, supplemented by many (expandable) IT-Security metrics to quantify the object protection level. The obtained results can find application in create of models and methods of IT-Security audits performing and continuous improvement of an object protection under the influence of IT-Security violation threats.","PeriodicalId":330739,"journal":{"name":"2016 IEEE Conference on Quality Management, Transport and Information Security, Information Technologies (IT&MQ&IS)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE Conference on Quality Management, Transport and Information Security, Information Technologies (IT&MQ&IS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ITMQIS.2016.7751920","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

This publication discusses the problem concerning the concept of the instantaneous information security (IT-Security) audits directed, including providing protection against “zero-day” threats. It is noted that effective “zero-day” counteraction based on implementation a set of preventive IT-Security controls, but not limited new technical facilities installation only. A key feature of this concept of instantaneous IT-Security audits is to assess how the left limit of the protection level in the process of IT-Security audits performing. Methodological basis of the concept of instantaneous IT-Security audits are ISO 27001 and 19011 standards series, supplemented by many (expandable) IT-Security metrics to quantify the object protection level. The obtained results can find application in create of models and methods of IT-Security audits performing and continuous improvement of an object protection under the influence of IT-Security violation threats.

查看原文本刊更多论文

为即时信息安全审计提供了新的方面

本出版物讨论了有关直接的即时信息安全(IT-Security)审计概念的问题，包括提供针对“零日”威胁的保护。值得注意的是，有效的“零日”应对措施是基于实施一套预防性的It安全控制措施，而不仅仅局限于安装新的技术设施。这种即时IT-Security审计概念的一个关键特征是评估IT-Security审计执行过程中保护级别的极限。即时IT-Security审计概念的方法基础是ISO 27001和19011系列标准，并辅以许多(可扩展的)IT-Security度量来量化对象保护级别。所得结果可用于创建it安全审计的模型和方法，在it安全违规威胁的影响下执行和持续改进对象保护。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2016 IEEE Conference on Quality Management, Transport and Information Security, Information Technologies (IT&MQ&IS)

自引率

0.00%

发文量