Abstract
The article proposes measures to improve information security audit procedures (ISA) for various objects of informatization (OBI). It is shown that it is advisable to assess the level of information security (IS) for OBI based on evaluating the effectiveness of a set of criteria for the method of analysis of hierarchies (MAH). At the same time, such an assessment of the degree of IS and all associated ISA audit procedures are most effective for a multilateral assessment of IS OBI. Both standard numerical information security metrics and metrics proposed by information security experts and agreed with the OBI management can be used as assessment metrics.
A modified method for the analysis of hierarchies is proposed, based on the application of the apparatus of the theory of fuzzy sets and neural networks. This method enables management to make informed management decisions in the field of information security OBI. The solutions obtained are aimed at improving not only the OBI IS itself, but also ultimately optimize the OBI control system, reduce costs and increase the efficiency of OBI business processes as a whole. It is shown that the use of the mathematical apparatus of the Moscow Aviation Institute and the corresponding software, in particular, the developed intellectual system, makes it possible to increase the degree of reliability of the results of a comprehensive audit of IS OBI. Moreover, this statement is true for the procedures of the internal ISA OBI and the external ISA.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Lallie, H.S., et al.: Cyber security in the age of COVID-19: a timeline and analysis of cyber-crime and cyber-attacks during the pandemic. Compute. Secur. 105, 102248 (2021)
Miao, Y., Chen, C., Pan, L., Han, Q. L., Zhang, J., Xiang, Y.: Machine learning based cyber attacks targeting on controlled information: a survey. arXiv preprint arXiv:2102.07969 (2021)
Yamin, M.M., Ullah, M., Ullah, H., Katt, B.: Weaponized AI for cyber attacks. J. Inf. Secur. Appl. 57, 102722 (2021)
Golyash, I., Sachenko, S., Rippa, S.: Improving the information security audit of enterprise using XML technologies. In: Proceedings of the 6th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems, vol. 2, pp. 795–798. IEEE, Sept 2011
Steinbart, P.J., Raschke, R.L., Gal, G., Dilla, W.N.: The influence of a good relationship between the internal audit and information security functions on information security outcomes. Acc. Organ. Soc. 71, 15–29 (2018)
Griffiths, P.: Where next for information audit? Bus. Inf. Rev. 27(4), 216–224 (2010)
Steinbart, P.J., Raschke, R.L., Gal, G., Dilla, W.N.: The relationship between internal audit and information security: an exploratory investigation. Int. J. Account. Inf. Syst. 13(3), 228–243 (2012)
Kaur, R., Singh, M.: A survey on zero-day polymorphic worm detection techniques. IEEE Commun. Surv. Tutorials 16(3), 1520–1549 (2014)
Steinbart, P.J., Raschke, R.L., Gal, G., Dilla, W.N.: Information security professionals’ perceptions about the relationship between the information security and internal audit functions. J. Inf. Syst. 27(2), 65–86 (2013)
Kayworth, T., Whitten, D.: Effective information security requires a balance of social and technology factors. MIS Q. Exec. 9(3), 2012–2052 (2010)
Jarison, J., Morris, L., Wilkinson, C.: The future of cyber security in internal audit. Disponibil online la. Ashx (2018). www.crowe.com/-/media/Crowe/LLP/foliopdf/The-Future-of-Cybersecurity-in-IA-Risk-18000-002A-update
Suduc, A.M., Bîzoi, M., Filip, F.G.: Audit for information systems security. Informatica Economica 14(1), 43 (2010)
Herath, H.S., Herath, T.C.: IT security auditing: a performance evaluation decision model. Decis. Support Syst. 57, 54–63 (2014)
Atymtayeva, L.B., Bortsova, G.K., Inoue, A., Kozhakhmet, K.T.: Methodology and ontology of expert system for information security audit. In: The 6th International Conference on Soft Computing and Intelligent Systems, and The 13th International Symposium on Advanced Intelligence Systems, pp. 238–243. IEEE, Nov 2012
ISO/IEC 27001:2013: Information technology. Security techniques. Information security management systems. Requirements, International Organization for Standardization, p. 23 (2013)
ISO/IEC 27000:2014: Information technology. Security techniques. Information security management systems. Overview and vocabulary, International Organization for Standardization, p. 31(2014)
ISO/IEC 27004:2009: Information technology. Security techniques. Information security management systems. Measurement, International Organization for Standardization, p. 55 (2009)
ISO/IEC 27005-2011: Information technology. Security techniques. Information security management systems. International Organization for Standardization, p. 68 (2011)
ISO 19011:2011: Guidelines for auditing management systems. International Organization for Standardization, p. 44 (2011)
Voevodin, V.A.: Etalonnaya model’ ob"ekta audita informacionnoj bezopasnosti [Reference Model of an Information Security Audit Object]. Modern Science: actual problems of theory and practice. Ser. Nat. Tech. Sci. (9), 56–60 (2019) (in Russian)
Voevodin V.A.: Method of the study of privacy protection in information. Am. Sci. J. 2(32), 47–51 (2019) (in Russian)
Voevodin, V.A.: Conceptual model of information security auditobject. Comput. Nanotechnol. (3), 92–95 (2019). https://doi.org/10.33693/2313-223X-2019-6-3-92-95 (in Russian)
Aguarón, J., Escobar, M.T., Moreno-Jiménez, J.M.: Consistency stability intervals for a judgement in AHP decision support systems. Eur. J. Oper. Res. 145(2), P.382–393 (2003)
De Wilde, P.: Neural Network Models: Theory and Projects. Springer, Heidelberg (2013). https://doi.org/10.1007/978-1-84628-614-8
Acknowledgments
The work was carried out as part of the grant study AP08855887-OT-20 “Development of an intelligent decision support system in the process of investing in cybersecurity systems.”
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Lakhno, V. et al. (2021). Information Security Audit Method Based on the Use of a Neuro-Fuzzy System. In: Silhavy, R., Silhavy, P., Prokopova, Z. (eds) Software Engineering Application in Informatics. CoMeSySo 2021. Lecture Notes in Networks and Systems, vol 232. Springer, Cham. https://doi.org/10.1007/978-3-030-90318-3_17
Download citation
DOI: https://doi.org/10.1007/978-3-030-90318-3_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-90317-6
Online ISBN: 978-3-030-90318-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)