Methodology and software development for auditing information security management systems

Abstract

Objectives. Classification of information systems (IS) security indicators and the creation of the method of improved software tool based on its results (in comparison with similar software tool developed earlier by the authors) for auditing information security management systems of organizations in the Republic of Belarus.Methods. During the development and improvement of the software tool using the method of systeminformation analysis and the approaches to its implementation were identified based on following capabilities: organization of questionnaires of heads of departments and services whose specialists work with IS designed to information processing not classified as state secrets or IS with limited dissemination; assessment of the level of compliance of the organization's IS information protection system with the requirements established by the legislation of the Republic of Belarus and other national regulatory legal acts; systematization of recommendations for improving the level of compliance of the organization's IS protection system with the established requirements.Results. Based on the results of the developed improved software tool approbation, it was found that the use of this tool makes it possible to reduce by 20–30 % the financing of costs for the implementation of the auditing the information security management systems of an organization.Conclusion. The developed improved software tool, compared to analogues, is characterized by reduced cost due to the following properties: ease of launch and configuration; independence from the type of operating system; the possibility of organizing both local and remote access. The developed improved software tool was tested in the branch "Long-Distance Communication Branch" of RUE "Beletelecom".