Formation of the Instantaneous Information Security Audit Concept

Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 678)

Abstract

This publication covers the problem of formation the concept of the instantaneous information security (IT-Security) audits, including protection against zero-day threats. Various recent materials are presented to the actual problem of counter zero-day threats notes that “any process-driven people, is unreliable. In this situation it is proposed to use not only a technical methods to counter zero-day threats, but to offer a combined method based on the concept of instantaneous IT-Security audits. Methodological basis of this concept for instantaneous audits defined both ISO 27001 and ISO 19011 standards, which extended with the set of IT-security metrics for quantify the object protection level. In the example for one variable was demonstrated an increase in the rate of growth of the ISMS level variables with known IT-Security audits process.

Keywords

Audit Information security Integrated management system Information security management system Risk management Function Standard 

References

  1. 1.
    ISO/IEC 27001:2013. Information technology. Security techniques. Information security management systems. Requirements, International Organization for Standardization, 23 p. (2013)Google Scholar
  2. 2.
    ISO/IEC 27000:2014. Information technology. Security techniques. Information security management systems. Overview and vocabulary, International Organization for Standardization, 31 p. (2014)Google Scholar
  3. 3.
    ISO/IEC 27004:2009. Information technology. Security techniques. Information security management systems. Measurement, International Organization for Standardization, 55 p. (2009)Google Scholar
  4. 4.
    ISO 19011:2011. Guidelines for auditing management systems, 44 p. (2011)Google Scholar
  5. 5.
    ISO 17021:2015. Conformity assessment – Requirements for bodies providing audit and certification of management systems, 48 p. (2015)Google Scholar
  6. 6.
    ISO 55000:2014. Asset management – Overview, principles and terminology. International Organization for Standardization, 19 p. (2014)Google Scholar
  7. 7.
    ISO 55001:2014. Asset management – Management systems – Requirements. International Organization for Standardization, 14 p. (2014)Google Scholar
  8. 8.
    ISO 55002:2014. Asset management – Management systems – Guidelines for the application of ISO 55001. International Organization for Standardization, 32 p. (2014)Google Scholar
  9. 9.
    PAS-99:2012. Specification of common management system requirements as a framework for integration, 36 p. (2012)Google Scholar
  10. 10.
    Livshitz, I.: Joint problem solving information security audit and ensure the availability of information systems based on the requirements of international standards BSI/ISO M. Informatisatia i Svyaz 6, 67–62 (2013)Google Scholar
  11. 11.
    Livshitz, I.: Practical purpose methods for ISMS evaluation. M. Quality Manage. 1, 22–34 (2013)Google Scholar
  12. 12.
    Livshitz, I.: The Application of ISMS models to evaluate the security of Integrated Management Systems. In: Proceedings of SPIIRAS, vol. 8, pp. 147–162 (2013)Google Scholar
  13. 13.
    Livshits, I., Polishchuk, V.: A practical evaluation of ISMS effectiveness in accordance with the requirements of the various systems of standardization – ISO 27001 and STO Gazprom. In: Proceedings of SPIIRAS, vol. 3, pp. 33–44 (2015)Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • I. I. Livshitz
    • 2
  • D. V. Yurkin
    • 1
  • A. A. Minyaev
    • 2
  1. 1.Department of Secure Communication Systems, Federal State Budget-Financed Educational Institution of Higher EducationThe Bonch-Bruevich Saint - Petersburg State University of TelecommunicationsSt. PetersburgRussia
  2. 2.Research Department of Information Security IssuesFederal State Budgetary Institution of Science of St. Petersburg Institute for Informatics and Automation of the Russian Academy of SciencesSt. PetersburgRussia

Personalised recommendations