Skip to main content
SpringerLink
Log in

Information Security Audit Method Based on the Use of a Neuro-Fuzzy System

  • Conference paper
  • First Online:
Software Engineering Application in Informatics (CoMeSySo 2021)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 232))

Included in the following conference series:

Abstract

The article proposes measures to improve information security audit procedures (ISA) for various objects of informatization (OBI). It is shown that it is advisable to assess the level of information security (IS) for OBI based on evaluating the effectiveness of a set of criteria for the method of analysis of hierarchies (MAH). At the same time, such an assessment of the degree of IS and all associated ISA audit procedures are most effective for a multilateral assessment of IS OBI. Both standard numerical information security metrics and metrics proposed by information security experts and agreed with the OBI management can be used as assessment metrics.

A modified method for the analysis of hierarchies is proposed, based on the application of the apparatus of the theory of fuzzy sets and neural networks. This method enables management to make informed management decisions in the field of information security OBI. The solutions obtained are aimed at improving not only the OBI IS itself, but also ultimately optimize the OBI control system, reduce costs and increase the efficiency of OBI business processes as a whole. It is shown that the use of the mathematical apparatus of the Moscow Aviation Institute and the corresponding software, in particular, the developed intellectual system, makes it possible to increase the degree of reliability of the results of a comprehensive audit of IS OBI. Moreover, this statement is true for the procedures of the internal ISA OBI and the external ISA.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 139.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 179.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Lallie, H.S., et al.: Cyber security in the age of COVID-19: a timeline and analysis of cyber-crime and cyber-attacks during the pandemic. Compute. Secur. 105, 102248 (2021)

    Google Scholar 

  2. Miao, Y., Chen, C., Pan, L., Han, Q. L., Zhang, J., Xiang, Y.: Machine learning based cyber attacks targeting on controlled information: a survey. arXiv preprint arXiv:2102.07969 (2021)

  3. Yamin, M.M., Ullah, M., Ullah, H., Katt, B.: Weaponized AI for cyber attacks. J. Inf. Secur. Appl. 57, 102722 (2021)

    Google Scholar 

  4. Golyash, I., Sachenko, S., Rippa, S.: Improving the information security audit of enterprise using XML technologies. In: Proceedings of the 6th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems, vol. 2, pp. 795–798. IEEE, Sept 2011

    Google Scholar 

  5. Steinbart, P.J., Raschke, R.L., Gal, G., Dilla, W.N.: The influence of a good relationship between the internal audit and information security functions on information security outcomes. Acc. Organ. Soc. 71, 15–29 (2018)

    Article  Google Scholar 

  6. Griffiths, P.: Where next for information audit? Bus. Inf. Rev. 27(4), 216–224 (2010)

    Google Scholar 

  7. Steinbart, P.J., Raschke, R.L., Gal, G., Dilla, W.N.: The relationship between internal audit and information security: an exploratory investigation. Int. J. Account. Inf. Syst. 13(3), 228–243 (2012)

    Article  Google Scholar 

  8. Kaur, R., Singh, M.: A survey on zero-day polymorphic worm detection techniques. IEEE Commun. Surv. Tutorials 16(3), 1520–1549 (2014)

    Article  Google Scholar 

  9. Steinbart, P.J., Raschke, R.L., Gal, G., Dilla, W.N.: Information security professionals’ perceptions about the relationship between the information security and internal audit functions. J. Inf. Syst. 27(2), 65–86 (2013)

    Google Scholar 

  10. Kayworth, T., Whitten, D.: Effective information security requires a balance of social and technology factors. MIS Q. Exec. 9(3), 2012–2052 (2010)

    Google Scholar 

  11. Jarison, J., Morris, L., Wilkinson, C.: The future of cyber security in internal audit. Disponibil online la. Ashx (2018). www.crowe.com/-/media/Crowe/LLP/foliopdf/The-Future-of-Cybersecurity-in-IA-Risk-18000-002A-update

  12. Suduc, A.M., Bîzoi, M., Filip, F.G.: Audit for information systems security. Informatica Economica 14(1), 43 (2010)

    Google Scholar 

  13. Herath, H.S., Herath, T.C.: IT security auditing: a performance evaluation decision model. Decis. Support Syst. 57, 54–63 (2014)

    Article  Google Scholar 

  14. Atymtayeva, L.B., Bortsova, G.K., Inoue, A., Kozhakhmet, K.T.: Methodology and ontology of expert system for information security audit. In: The 6th International Conference on Soft Computing and Intelligent Systems, and The 13th International Symposium on Advanced Intelligence Systems, pp. 238–243. IEEE, Nov 2012

    Google Scholar 

  15. ISO/IEC 27001:2013: Information technology. Security techniques. Information security management systems. Requirements, International Organization for Standardization, p. 23 (2013)

    Google Scholar 

  16. ISO/IEC 27000:2014: Information technology. Security techniques. Information security management systems. Overview and vocabulary, International Organization for Standardization, p. 31(2014)

    Google Scholar 

  17. ISO/IEC 27004:2009: Information technology. Security techniques. Information security management systems. Measurement, International Organization for Standardization, p. 55 (2009)

    Google Scholar 

  18. ISO/IEC 27005-2011: Information technology. Security techniques. Information security management systems. International Organization for Standardization, p. 68 (2011)

    Google Scholar 

  19. ISO 19011:2011: Guidelines for auditing management systems. International Organization for Standardization, p. 44 (2011)

    Google Scholar 

  20. Voevodin, V.A.: Etalonnaya model’ ob"ekta audita informacionnoj bezopasnosti [Reference Model of an Information Security Audit Object]. Modern Science: actual problems of theory and practice. Ser. Nat. Tech. Sci. (9), 56–60 (2019) (in Russian)

    Google Scholar 

  21. Voevodin V.A.: Method of the study of privacy protection in information. Am. Sci. J. 2(32), 47–51 (2019) (in Russian)

    Google Scholar 

  22. Voevodin, V.A.: Conceptual model of information security auditobject. Comput. Nanotechnol. (3), 92–95 (2019). https://doi.org/10.33693/2313-223X-2019-6-3-92-95 (in Russian)

  23. Aguarón, J., Escobar, M.T., Moreno-Jiménez, J.M.: Consistency stability intervals for a judgement in AHP decision support systems. Eur. J. Oper. Res. 145(2), P.382–393 (2003)

    Google Scholar 

  24. De Wilde, P.: Neural Network Models: Theory and Projects. Springer, Heidelberg (2013). https://doi.org/10.1007/978-1-84628-614-8

Download references

Acknowledgments

The work was carried out as part of the grant study AP08855887-OT-20 “Development of an intelligent decision support system in the process of investing in cybersecurity systems.”

Author information

Authors and Affiliations

  1. Department of Computer Systems and Networks, National University of Life and Environmental Sciences of Ukraine, Kyiv, Ukraine

    V. Lakhno, A. Blozva & Y. Chasnovskyi

  2. Caspian University of Technology and Engineering named after Sh.Yessenov, 32 microregion, Aktau, Republic of Kazakhstan

    B. Akhmetov

  3. Department of Software Engineering and Cybersecurity, Kyiv National University of Trade and Economics, Kyiv, Ukraine

    V. Chubaievskyi, Alona Desiatko & K. Palaguta

Authors
  1. V. Lakhno
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. B. Akhmetov
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. V. Chubaievskyi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Alona Desiatko
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. K. Palaguta
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. A. Blozva
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Y. Chasnovskyi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Faculty of Applied Informatics, Tomas Bata University in Zlín, Zlín, Czech Republic

    Radek Silhavy

  2. Faculty of Applied Informatics, Tomas Bata University in Zlín, Zlín, Czech Republic

    Petr Silhavy

  3. Faculty of Applied Informatics, Tomas Bata University in Zlín, Zlín, Czech Republic

    Zdenka Prokopova

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Lakhno, V. et al. (2021). Information Security Audit Method Based on the Use of a Neuro-Fuzzy System. In: Silhavy, R., Silhavy, P., Prokopova, Z. (eds) Software Engineering Application in Informatics. CoMeSySo 2021. Lecture Notes in Networks and Systems, vol 232. Springer, Cham. https://doi.org/10.1007/978-3-030-90318-3_17

Download citation

Publish with us

Policies and ethics

Search

Navigation