{"title":"企业信息安全的审计方法","authors":"Mukatay Gulzira, Bekmanova Gulmira, Sharipbay Altynbek, Omarbekova Assel","doi":"10.1145/3410352.3410761","DOIUrl":null,"url":null,"abstract":"This paper considers a model and method for auditing the information security of an enterprise, and specifically collecting information about the quantitative and qualitative characteristics of the information infrastructure, generating conclusions and recommendations for ensuring information security in a particular enterprise with a small staffing. Audit was conducted according to the methodology for conducting internal audit in the enterprise, which is based which is based on advanced standards and approaches in the organization, management and security of IT infrastructure, such as Cobit, ISO 17799. The methodology includes a comprehensive assessment of the effectiveness of the organization, management and IT security, in the context of four areas of IT activity (planning and organization, acquisition and implementation, operation and maintenance, monitoring and evaluation). Based on the audit, the level of IS organization was determined, which is equal to below the average indicator, and recommendations are presented to increase this level.","PeriodicalId":178037,"journal":{"name":"Proceedings of the 6th International Conference on Engineering & MIS 2020","volume":"40 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-09-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"The audit method of enterprise's Information security\",\"authors\":\"Mukatay Gulzira, Bekmanova Gulmira, Sharipbay Altynbek, Omarbekova Assel\",\"doi\":\"10.1145/3410352.3410761\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper considers a model and method for auditing the information security of an enterprise, and specifically collecting information about the quantitative and qualitative characteristics of the information infrastructure, generating conclusions and recommendations for ensuring information security in a particular enterprise with a small staffing. Audit was conducted according to the methodology for conducting internal audit in the enterprise, which is based which is based on advanced standards and approaches in the organization, management and security of IT infrastructure, such as Cobit, ISO 17799. The methodology includes a comprehensive assessment of the effectiveness of the organization, management and IT security, in the context of four areas of IT activity (planning and organization, acquisition and implementation, operation and maintenance, monitoring and evaluation). Based on the audit, the level of IS organization was determined, which is equal to below the average indicator, and recommendations are presented to increase this level.\",\"PeriodicalId\":178037,\"journal\":{\"name\":\"Proceedings of the 6th International Conference on Engineering & MIS 2020\",\"volume\":\"40 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-09-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 6th International Conference on Engineering & MIS 2020\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3410352.3410761\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 6th International Conference on Engineering & MIS 2020","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3410352.3410761","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
摘要
本文考虑了一种审计企业信息安全的模型和方法,特别是收集有关信息基础设施的定量和定性特征的信息,得出结论和建议,以确保特定企业的信息安全人员较少。审计是根据企业内部审计的方法进行的,该方法基于IT基础设施的组织,管理和安全方面的先进标准和方法,如Cobit, ISO 17799。该方法包括在IT活动的四个领域(计划和组织、获取和实施、操作和维护、监测和评估)的背景下,对组织、管理和IT安全的有效性进行全面评估。在审计的基础上,确定了IS组织的水平,等于低于平均指标,并提出了提高该水平的建议。
The audit method of enterprise's Information security
This paper considers a model and method for auditing the information security of an enterprise, and specifically collecting information about the quantitative and qualitative characteristics of the information infrastructure, generating conclusions and recommendations for ensuring information security in a particular enterprise with a small staffing. Audit was conducted according to the methodology for conducting internal audit in the enterprise, which is based which is based on advanced standards and approaches in the organization, management and security of IT infrastructure, such as Cobit, ISO 17799. The methodology includes a comprehensive assessment of the effectiveness of the organization, management and IT security, in the context of four areas of IT activity (planning and organization, acquisition and implementation, operation and maintenance, monitoring and evaluation). Based on the audit, the level of IS organization was determined, which is equal to below the average indicator, and recommendations are presented to increase this level.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
