Determination of the weight of audit evidence by the method of point ratings in the information security audit

Information systems of high-tech enterprises that develop and produce high-tech products, including products and services based on nanotechnology, are characterized by large volumes of dynamic information flows and require protection of confidentiality, availability and integrity of information circulating in them. To protect information, an appropriate resource is allocated, which is distributed by tasks and time according to the decision of the appropriate management body. Making such a decision requires information about the current information security environment - a reliable and complete audit report. An information security audit is organized and conducted to formulate a conclusion.To study the problem, a retrospective analysis of the development of goal-setting in the management of the audit program was conducted. The appearance of the reference model of the audit object as a set of interrelated properties of the audit object was developed, and a scientific hypothesis was put forward about the expediency of taking into account the weight of each audit certificate and the cost of obtaining it, mathematical models for processing expert judgments are given. To prove the hypothesis, an experiment was planned and conducted, which resulted in data confirming the hypothesis. A practical example of using the method to determine the weight of audit evidence, taking into account their cost, is given. The direction of further research is indicated.