|
Information Security
Formation of the instantaneous Information Security Audit concept
I. Livshitz LLC "Gasinformservice"
Abstract:
This publication discusses the problem concerning the concept of the instantaneous information security (IT-Security) audits directed, including providing protection against “zero-day” threats. It is noted that effective counter-threats "zero-day" refers to the type of proactive defense, which implements a set of active preventive IT-Security controls, but not limited only constant installation of new technical facilities. A key feature of this concept of instantaneous IT-Security audits is to assess how the left limit of the protection level in the process of IT-Security audits performing. Methodological basis of the concept of instantaneous IT-Security audits is ISO 27001 standards series, supplemented by many (expandable) IT-Security metrics to quantify the object protection level. The obtained results can find application in create of models and methods of IT-Security audits performing and continuous object protection under the influence of IT-Security violation threats.
Keywords:
Information security; Information Security Management System (ISMS); audir; risk management; threats; vulnerabilities; Standards.
Citation:
I. Livshitz, “Formation of the instantaneous Information Security Audit concept”, Tr. SPIIRAN, 43 (2015), 253–270
Linking options:
https://www.mathnet.ru/eng/trspy850 https://www.mathnet.ru/eng/trspy/v43/p253
|
Statistics & downloads: |
Abstract page: | 147 | Full-text PDF : | 61 |
|