Внутрішній аудит як превентивна складова в системі кібербезпеки банку

Abstract

The financial services sector is the most attractive for cyber-attacks and cyber fraud because there is the possibility to receive the financial and non-financial benefits. In order to increase the efficiency of ensuring cybersecurity of the bank, it is necessary to strengthen the role of preventive tools, one of the main of which is internal audit. The purpose of the article is to develop the theoretical and methodical foundations of the internal audit system of a cybersecurity bank. In particular, the authors carry out the detalization of the components of internal audit system and the scientific substantiation of the principles of it operation, on the basis of which it would be possible to solve the problem of ensuring effective monitoring of cybersecurity. The essence of the bank's information assets as objects of internal audit of cybersecurity was clarified. To form a comprehensive understanding of the control environment, cybersecurity threats of the bank and ways to implement them in the context of various cybersecurity objects were systematized. The organizational and managerial subsystem for ensuring cybersecurity of the bank was disclosed. It was determined that the internal audit system of cybersecurity is a set of interrelated elements (goals and objectives, object, subject, mechanism) operating on the basis of general and special principles and allow an objective assessment of the level of security and preservation of the information assets and information infrastructure of a bank under constant impact external and / or internal threats, as well as compliance with national and international legislation. A list of tasks to be performed by the internal audit service to assess the effectiveness of the cybersecurity system of the bank was provided. The elemental composition of the internal audit system was highlighted and the principles that must be followed to achieve its goals and objectives were defined.