Abstract
This publication covers the problem of formation the concept of the instantaneous information security (IT-Security) audits, including protection against zero-day threats. Various recent materials are presented to the actual problem of counter zero-day threats notes that “any process-driven people, is unreliable. In this situation it is proposed to use not only a technical methods to counter zero-day threats, but to offer a combined method based on the concept of instantaneous IT-Security audits. Methodological basis of this concept for instantaneous audits defined both ISO 27001 and ISO 19011 standards, which extended with the set of IT-security metrics for quantify the object protection level. In the example for one variable was demonstrated an increase in the rate of growth of the ISMS level variables with known IT-Security audits process.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
ISO/IEC 27001:2013. Information technology. Security techniques. Information security management systems. Requirements, International Organization for Standardization, 23 p. (2013)
ISO/IEC 27000:2014. Information technology. Security techniques. Information security management systems. Overview and vocabulary, International Organization for Standardization, 31 p. (2014)
ISO/IEC 27004:2009. Information technology. Security techniques. Information security management systems. Measurement, International Organization for Standardization, 55 p. (2009)
ISO 19011:2011. Guidelines for auditing management systems, 44 p. (2011)
ISO 17021:2015. Conformity assessment – Requirements for bodies providing audit and certification of management systems, 48 p. (2015)
ISO 55000:2014. Asset management – Overview, principles and terminology. International Organization for Standardization, 19 p. (2014)
ISO 55001:2014. Asset management – Management systems – Requirements. International Organization for Standardization, 14 p. (2014)
ISO 55002:2014. Asset management – Management systems – Guidelines for the application of ISO 55001. International Organization for Standardization, 32 p. (2014)
PAS-99:2012. Specification of common management system requirements as a framework for integration, 36 p. (2012)
Livshitz, I.: Joint problem solving information security audit and ensure the availability of information systems based on the requirements of international standards BSI/ISO M. Informatisatia i Svyaz 6, 67–62 (2013)
Livshitz, I.: Practical purpose methods for ISMS evaluation. M. Quality Manage. 1, 22–34 (2013)
Livshitz, I.: The Application of ISMS models to evaluate the security of Integrated Management Systems. In: Proceedings of SPIIRAS, vol. 8, pp. 147–162 (2013)
Livshits, I., Polishchuk, V.: A practical evaluation of ISMS effectiveness in accordance with the requirements of the various systems of standardization – ISO 27001 and STO Gazprom. In: Proceedings of SPIIRAS, vol. 3, pp. 33–44 (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Livshitz, I.I., Yurkin, D.V., Minyaev, A.A. (2016). Formation of the Instantaneous Information Security Audit Concept. In: Vishnevskiy, V., Samouylov, K., Kozyrev, D. (eds) Distributed Computer and Communication Networks. DCCN 2016. Communications in Computer and Information Science, vol 678. Springer, Cham. https://doi.org/10.1007/978-3-319-51917-3_28
Download citation
DOI: https://doi.org/10.1007/978-3-319-51917-3_28
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-51916-6
Online ISBN: 978-3-319-51917-3
eBook Packages: Computer ScienceComputer Science (R0)