THE MODERN PRACTICES OF IMPLEMENTATION OF THE INFORMATION SECURITY AUDIT SYSTEM ON THE CRITICAL INFRASTRUCTURE OBJECTS

Abstract

An integrated approach to the justification and implementation of the system of domestic and international standards, as well as regulatory and legal aspects of the formation of the information security audit system at critical infrastructure facilities and in the systems of state information resources is presented. It is determined that the information security management system is part of the overall management system of the enterprise and is designed to improve the state of information security. System "processing" and "risk-oriented" approach, which means that the main idea and the main task of the information security management system are the processes of analysis and management of information risks in the creation, implementation, operation, monitoring and support of the state of security of information resources of the company. The European approach to the audit system is based on a comparative analysis of the current state of the information system and ensuring the desired level of its effectiveness. In our country, is determined by the analysis and control of the information security management system of the enterprise on the model requirements of ISO 27001 \ ISO 270xx and a set of state standards of Ukraine ISO / IEC. Thus, a variety of standards in the field of information technology and information security management provides organizations with the opportunity to choose the methodology, the approach that best suits the features of business processes and the service market. Current criteria of quality assessment, as a set of requirements assessment of the effectiveness of the security features information; the methods and models of assessing the effectiveness of security features information as well as the presentation of the results of the processes of audit and control of information security are defined the methodology of the system of processing and analysis of information audit of information security in the critical infrastructure and treatment systems of the state information resources.