Abstract
This paper considers a model and method for auditing the information security of an enterprise, and specifically collecting information about the quantitative and qualitative characteristics of the information infrastructure, generating conclusions and recommendations for ensuring information security in a particular enterprise with a small staffing. Audit was conducted according to the methodology for conducting internal audit in the enterprise, which is based which is based on advanced standards and approaches in the organization, management and security of IT infrastructure, such as Cobit, ISO 17799. The methodology includes a comprehensive assessment of the effectiveness of the organization, management and IT security, in the context of four areas of IT activity (planning and organization, acquisition and implementation, operation and maintenance, monitoring and evaluation). Based on the audit, the level of IS organization was determined, which is equal to below the average indicator, and recommendations are presented to increase this level.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
