Muratzhan B. Shakirov,Igor N. Karmanov

DOI: https://doi.org/10.33764/2618-981x-2020-6-2-146-151

2020-07-08

Abstract:Automated systems play a key role in supporting business processes of commercial and state enterprises. The widespread use of automated information systems for storing, processing and transmitting information makes the issues of their protection relevant, especially given the global trend towards an increase in the number of information attacks, leading to significant financial and material losses. The article demonstrates the importance of conducting an audit in the field of information security of optoelectronic instrumentation. The article discusses the stages and rules of conducting an information security audit, as well as the criteria for evaluating its results. Information security audit is one of the most efficient tools for obtaining an independent and objective assessment of the current level of enterprise security from information security threats. In addition, the audit results provide the basis for forming a development strategy for the organization’s information security system.

Pavel Zaporotskov,Rosreestr for Volgograd Region,

DOI: https://doi.org/10.15688/nbit.jvolsu.2020.4.3

2021-03-01

NBI Technologies

Abstract:Information processes, as well as information resources, manage information of varying degrees of importance for the enterprise. In this regard, the protection of such information is one of the most important procedures in the field of state security, the importance of which is growing every year. The problem of information security – the reliable provision of its safety and the established status of use – is one of the most important problems of our time. The paper considers the existing standards in the field of information security audit. The author has developed an innovative model of audit of the information security system based on the comparison of demand measures of order no. 21 of the FSTEC of Russia and ways of implementation in the subsystem of the information system of personal data protection, the recommendations for inspections of specific measures of protection and used technology audit technical means. The developed method is tested on the example of conducting an audit in “Lama” LLC company. The choice was made to establish the compliance of the organization’s personal data protection system with the requirements of order no. 21 of the FSTEC of Russia. Recommendations have been developed to eliminate the existing shortcomings and inconsistencies by re-equipping the anti-virus protection subsystem and the subsystem of inter-network shielding and protection of communication channels.

Yuriy Yakymenko,Dmytro Rabchun,Tetyana Muzhanova,Mykhailo Zaporozhchenko,Yurii Shchavinskyі

DOI: https://doi.org/10.28925/2663-4023.2023.20.4561

2023-01-01

Abstract:The content of the audit and vulnerability testing of the information and telecommunication system (ITS) of any enterprise is considered. Based on the results of the information security audit, the overall security of the company's ITS is assessed. It is proposed to assess the security of IT using penetration testing in the following areas: penetration testing from outside and inside the information infrastructure, social engineering testing of the company's personnel and testing for resistance to DDoS attacks; assessment of the security of the mobile application, web resource and wireless networks. The proposed general algorithm for IT infrastructure penetration testing (analysis of vulnerabilities and security of information resources) in the form of stages: initialization, passive and active intelligence, operation and post-exploitation, systematization and presentation of the results of security assessment, risk and vulnerability assessment, recommendations regarding them elimination. In stages all operations are carried out without causing real damage to the ITS. The purpose of a technical audit is shown, which covers the components of the ITS and can be considered as an independent examination or a procedure for their investigation in order to assess the condition and identify reserves. Technical audit as a result of checking the software and technical part of the resource provides an opportunity to form a list of key problems and get comprehensive recommendations for their elimination. It is noted that in accordance with modern requirements, technical audit can be used as an audit in the form of remote technical support, and information security audit can be considered as a variant of technical audit. Conducting an information security audit includes: analysis of risks associated with the possibility of information security threats to resources; assessment of the current level of ITS security; localization of "bottlenecks" in the ITS protection system; assessment of ITS compliance with existing standards in the field of security; providing recommendations on the implementation of new and improving the effectiveness of existing ITS security mechanisms. The content of the detailed report of the technical audit of the enterprise's ITS security has been revealed.

L. Budnyk,I. Blazhei,O. Ronska

DOI: https://doi.org/10.33108/galicianvisnyk_tntu2021.04.077

2021-01-01

Abstract:Effective management of the enterprise financial and economic activities is based primarily on the application of a set of relevant and reliable data concerning its financial status, provided by internal audit procedures. The factors arising interest in internal audit, such as: streamlining business processes; the need to obtain independent and objective information on the state of affairs; ensuring the economic security of the company are identified in this paper. In order to substantiate the tasks of internal audit for ensuring the economic security of the enterprise, the main sources of threats and objects of protection investigated in the process of internal audit are defined. It is substantiated that one of the important tendencies in the development of internal audit is the increase of its level from the tester of control procedures to the analyst of the most important risks. The functions of internal audit in ensuring the security of the company are analyzed. They include: assessment of the economic security system as a whole and providing information to the board of directors and senior management; participation in the implementation of the enterprise security process procedures. A new and important direction for internal audit development – audit of corporate culture is defined. The main tasks of internal audit in this area are to assess how effective measures are provided in the company for the purposeful formation of corporate culture; how the existing level of corporate culture is assessed. Recommendations for the organization of internal audit are given, the following three main approaches are highlighted: creation of own internal audit service; use of services of outsourcing companies; co-sourcing – the division of functions for internal audit in the company between its own service and the involvement of external experts in solving certain tasks. It is proved that the need to introduce internal audit meets the requirements of economic security of the enterprise, information and management needs of economic entities, the specific facts of the internal audit. It is substantiated that internal audit is an integral part of quality control of enterprise management processes and a component of general audit, organized in the interests of owners and regulated by regulations on compliance with the established order of economic activity, property protection and economic security.

O I Bokova,O M Bulgakov,A S Etepnev,E A Rogozin

DOI: https://doi.org/10.1088/1742-6596/1479/1/012022

2020-03-01

Journal of Physics: Conference Series

Abstract:Abstract The article completes the cycle the articles by the authors assessing reliability of information security systems from the unauthorized access to automated systems. In includes previously unpublished materials. The article discloses main directions to improve methods and procedures for assessing reliability of the information security systems from the unauthorized access to automated systems. There is modification of the traditional static method to assess the functional reliability of the information security systems from the unauthorized access to investigate their operation in the dynamic (real) functioning mode and to quantify reliability of the information security systems, including development of adequate indicators, models and algorithms. Main stages and procedures for forming the reliability assessment method were developed as a technological scheme with demonstration of the main stages to implement the proposed methods in the current normative-technical documentation.

N. Limanova,A. Anashkin

DOI: https://doi.org/10.33619/2414-2948/87/27

2023-02-15

Bulletin of Science and Practice

Abstract:The relevance of the work lies in the fact that the pace of development of the field of information security does not correspond to progress in the development of data processing methods, resulting in a serious lack of practical knowledge of the subject area, which prevents the creation of conditions for secure recording, processing and storage of data. In the process of writing the article, modern methods and principles of ensuring information security, including a mandatory approach, were studied, and a brief description of software products supporting this approach was given. The mandatory method of information protection implies granting access rights to certain actions in accordance with the user’s status. Such actions can be, for example, writing, reading and changing data. Examples of user statuses are ‘administrator’ and ‘reader’, where the administrator, as a rule, is provided with the entire list of available actions, and the reader is provided with only a minimum, sufficient for familiarization activities. In its architecture, the mandatory approach often contains tools for conducting cluster analysis. Cluster analysis can be used both to carry out work on risk analysis and assessment, and to determine the degree of protection of an object. In any case, when building a cluster, it should be taken into account that some levels of protection may be represented by more objects than others. There are software products on the information security market that allow the use of a mandatory method of ensuring information security. One of the striking examples is the PostgreSQL database management system, which has an apparatus of labels assigned according to the user’s level of rights: the higher the level of rights, the higher the access level.

V. Korzh,Olga Bunda

DOI: https://doi.org/10.33813/2224-1213.28.2022.16

2022-04-21

Problems of Innovation and Investment Development

Abstract:The purpose of the article is to study the audit procedures for fixed assets in the enterprise in modern conditions of market relations. The methodology consists in the use of the following methods: method of observation, methods of analysis and synthesis, classification, induction and deduction, comparison, method of generalization. The scientific novelty of the work is to improve the audit procedures for fixed assets, which will improve the quality of the audit of fixed assets and, consequently, increase the efficiency of accounting and internal control at the enterprise. Conclusions. The implementation of audit procedures for fixed assets involves a multi-criteria approach, when the criteria form a single system that allows to meet the requirements of the decision-making process during the audit of fixed assets and to form a rational and effective decision. The audit of fixed assets of the enterprise allows not only to influence the organization of the audit process, but also to optimize the structural and logical parts of the methodology of audit of fixed assets of the enterprise due to the use of modern information technology. Key words: audit, audit procedures, modeling, fixed assets, assets.

Business

Oleksandr Khrapkin,

DOI: https://doi.org/10.25140/2411-5215-2023-4(36)-86-94

2023-01-01

Abstract:The article deals with the peculiarities of ensuring strategic management of information security of modern enterprises. Nowadays, information security systems are designed to ensure the full function-ing of an enterprise's information infrastructure using various types of information services, automation of financial and production activities, as well as its business processes.The basic provisions of information security are formalized and enshrined in the Information Security Strategy of Ukraine. Other regulatory documents and standards of enterprises must comply with the laws and regulatory framework of Ukraine, international law, industry standards and EU and NATO directives.The article considers the need to form an information security management system, which is caused by the existence of internal and external threats, their destructive consequences for the activities and image of an enterprise. The tasks of information security are analyzed: data confidentiality, integ-rity, availability, ensuring the reliability of information, ensuring the legal significance of information, ensuring the untraceability of user actions. Information security management involves identifying po-tential risks to an enterprise, assessing the potential impact, developing and implementing strategies to eliminate problems designed to minimize risks with the available resources.The main stages of developing an information security policy are identified: complete registration of all information resources that require protection; formation of a list of possible threats to each re-source from the list; assessment of the probability of occurrence of each threat; application of actions for the effective protection of each resource. The basic principles of an information security management system for an enterprise are outlined: ease of use, full control, open architecture, access limits, least privileges, sufficient stability, and minimization of duplication. It is also about storing and processing significant amounts of information of varying degrees of confidentiality, so the issue of protecting im-portant enterprise information data from various internal and external threats is relevant

Nataliya Kuznetsova,Tatyana Karlova,Aleksandr Bekmeshov

DOI: https://doi.org/10.30987/2658-6436-2023-3-13-22

2023-09-30

Automation and modeling in design and management

Abstract:The aim of the scientific work is to create a methodology for designing an auxiliary automated management decision making system based on analysing information security level of intellectual resources of a large industrial enterprise. The methodology is based on the principle of comprehensive information security. The article is devoted to solving the problem of creating a convenient auxiliary tool for auditing information security events. The novelty of the work is the proposed creative concept of using the maximum amount of data on information security events to make a management decision (including a personnel management decision). The study results are recommendations for building an auxiliary automated system for auditing and analysing the information security level of intellectual resources of a large industrial enterprise.

Alexander Barabanov,Maxim Grishin,Alexey Markov

DOI: https://doi.org/10.48550/arXiv.1306.1955

2013-06-08

Cryptography and Security

Abstract:An approach to the development of security test procedures for information security controls is presented. The recommendations for optimizing the test procedure are obtained

Igor Kotenko,Igor Saenko,Roman Zakharchenko,Dmitry Velichko,,,,

DOI: https://doi.org/10.21681/2311-3456-2023-1-13-27

2023-01-01

Voprosy kiberbezopasnosti

Abstract:The purpose of the article: conducting a system analysis of the requirements for the subsystem for preventing computer attacks on critical information infrastructure in order to substantiate the directions for further improved scientific and methodological apparatus for the full functioning of the subsystem for preventing computer attacks. Research method: theoretical and systematic analysis of the requirements of legal acts, scientific publications, protection technologies and means of their implementation in departmental systems for detecting and counteringcomputer attacks.The result obtained: the rationale for the need to build mechanisms for preventing computer attacks on critical information infrastructure objects and the requirements for the subsystem for preventing computer attacks was carried out, an approach was proposed to prevent computer attacks at the stages of reconnaissance by an attacker of critical information infrastructure objects, based on the introduction of a security event correlation mechanism with automatic adaptation to the analyzed information infrastructure and the functions it performs at the current time and a detailed specification of the correlation rules.Scope of the proposed approach: a subsystem for preventing computer attacks of departmental systems for detecting and countering computer attacks, which should identify and prevent attempts to conduct computer attacks on critical information infrastructure objects in advance.The scientific novelty consists in a comprehensive analysis of the need to build mechanisms for preventing computer attacks on critical information infrastructure objects, an analysis of the requirements for the computer attack prevention subsystem, its functions and means of implementation. It is shown that the functions of preventing computer attacks in domestic technical solutions are not fully implemented, and that there is a substitution of the concept of “subsystem for preventing computer attacks” by the concept of “control and technical measures”. It is substantiated that for the implementation of the functions of preventing computer attacks, there is a technological backlog in the form of a ready-made technology based on the technology for building SIEM systems. It is shown that there is a need to refine the scientific and methodological apparatus for implementing computer warning functions based on artificial intelligence methods and big data technologies.Contribution: Kotenko I.V. - analysis of the functionality of the subsystem for preventing computer attacks, setting the task and proposals for developing the functionality of the subsystem for preventing computer attacks on critical information infrastructure objects; Saenko I.B. - analysis of the subsystem for preventing computer attacks in the general context of the theory of information security, substantiation of the implementation of the functions of preventing computer attacks based on the technology of building SIEM systems and big data; Zakharchenko R.I. - analysis of technical solutions that ensure the implementation of the subsystem for preventing computer attacks, Velichko D.V. - an approach to detecting computer attacks at the stages of reconnaissance by an attacker of objects of critical information infrastructure. All authors participated in the writing of the article.

Oleksandr Sherstiuk,

DOI: https://doi.org/10.33146/2307-9878-2022-1(95)-141-147

2022-01-01

Oblik i finansi

Abstract:The volume of financial assets, their structure and dynamics directly impact the enterprise's ability to ensure the implementation of operating, financial and investment goals. In this regard, an essential task for managers is to ensure proper disclosure in the financial statements of data on financial instruments involved in the enterprise's activities. At the same time, stakeholders must receive the confidence that information in financial instruments reporting has sufficient confidence to be used in making, justifying, implementing and assessing the consequences of relevant economic decisions. The article aims to improve the method for auditing the adequacy of disclosure of data on financial instruments in financial reporting forms. It was established that the basis of the audit of disclosure of information about financial assets is the application of statements of management personnel, which include existence, rights and obligations, completeness, accuracy, measurement and distribution, classification and presentation. Verification of these assertions is carried out using audit procedures such as inspection of records and assets, observation, external confirmation, recalculation, re-execution, analytical procedures and inquiry. The auditor determines these procedures based on the materiality of information regarding financial assets, the costs of the procedures and their results. The results of applying the procedures help users of financial statements to obtain the necessary level of confidence in the information based on which economic decisions are made. The study results are the theoretical basis for substantiating approaches to improving the audit methodology and its praxeological component.

DOI: https://doi.org/10.35945/gb.2018.05.042

2018-07-14

Globalization and Business

Abstract:The paper deals with the main objective of the audit activity which is expressed in determining compliance with the normative acts of financial and economic operations carried out by the economic entity. The main goals of financial reporting are: Confirmation of reporting credentials; During the inspection period the reporting the enterprise’s activities, checking the completeness, accuracy and accuracy of the revenue and the financial results; Equity, liabilities, assets, reflecting the methodology of evaluation, and reporting laws and normative documents regulating the protection of control; Identify and utilize reserve funds, financial reserves and loan sources of their own. The achievement of the financial statements audit requires a segment of audit that can be carried out in the international practice through the subjective and cyclical approaches. In the audit process it is also important to assess the audit’s risk correctly, which is carried out by the following three components: the risk of risk, the risk of control and the risk of invisibility The official certificate presented by the management of the audit object is as follows: “In total, the financial statements are presented in accordance with the basis of the fair presentation of the fair financial statements”, in fact the existence of certain the evidence in the financial statements. The auditor uses the assertions to evaluate risk assessment by considering the potential inaccuracies that may be allowed to work and develop audit procedures that will assess the risk assessment. The components of financial reporting have different risks, which are essential for auditing. Consequently, when considering a component, the auditor should be able to determine which claim is predominant. For example: the evidence of the existence on assets is more important than completeness. The completeness of earnings in turn is more important than determining whether this operation was implemented or not. This may be individual for each audit taking into consideration the relevant specific risk.

Vera Shumilina,Alexander Kim

DOI: https://doi.org/10.26526/2307-9401-2022-3-96-100

2022-08-30

Science & World

Abstract:This article examines the concept of information security, how it is implemented and enforced. It analyses the essence of information, what it is for, what processes are studied with its help. The basic criteria of information security, which guarantee reliable protection for information, are given, and popular and malicious software, which destabilize and destroy the work of the information system, are discussed

YU Zhi-wei,TANG Ren-zhong

DOI: https://doi.org/10.3785/j.issn.1008-973x.2007.11.026

2007-01-01

Abstract:In order to overcome the shortcomings of the existing information system models,an information system security model was proposed to protect business activities and describe information systems from security view.Through analyzing the characteristic and security of information systems,this work presented the fundamental elements and their operation relationships,and the need,permit,can security constraints between the elements.The security relationships of the fundamental elements were described with formal method.The security model substantially reflects the security relationship between the assets of information systems,explicitly posts the essence that the information system supports the business operation,and clarities the relationship between business activities and the assets of information systems.Finally a case of security model of a manufacturing enterprise information system was given.

Nadiia Davydenko,Alina Buriak

DOI: https://doi.org/10.59295/sum2(11)2023_05

2024-04-01

Abstract:In modern conditions, the information security of an enterprise is an important component of its financial security, since information is an integral part of the context of enterprise modernization with a view to competing in the market. Neglecting the processes of information risk management may cause the enterprise to lose intangible assets, which will lead to destabilization of financial security at the enterprise and the inability to maintain its own competitiveness in the future. The aim of the article is to find approaches to prevent information risks, determine the algorithm of actions for diversifying information risks at different levels of information support, and develop a set of measures to protect the information system for the financial security of an enterprise. The research is based on general scientific methods. In particular, the systematic approach was used to describe the essence of financial security as an economic category; methods of scientific abstraction and synthesis were used to determine the directions of the potential impact of information risks; and generalization was used to draw conclusions. The information base consists of the research papers of Ukrainian and international scholars. The article studies information support of an enterprise. The measures to prevent information risks in the system of enterprise financial security are considered. The scheme of information support of enterprise financial security has been developed.

Наталия Гришина,Nataliya Grishina

DOI: https://doi.org/10.12737/textbook_5cf8ce075a0298.77906820

2019-06-06

Abstract:The textbook discusses the basic concepts, definitions, provisions and methodological approaches to the organization of an integrated information security system. Special attention is paid to the problem of the human factor. Complies with the requirements of the Federal State Educational Standard of Higher Education of the last generation in the bachelor program 10.03.01 “Information Security”. The manual is intended for students, graduate students, teachers of higher educational institutions engaged in the protection of information.

Я.І. Мулик,А.О. Пірняк,К.В. Шейко,Yaroslavna Mulyk,,Amina Pirniak,Kateryna Sheiko,,

DOI: https://doi.org/10.32782/2224-6282/190-9

2024-01-01

Economic scope

Abstract:The article examines issues of the state and directions of IT audit development. The relevance of the topic lies in the fact that the conditions of the digital economy are characterized by the rapid pace of changes in the field of information technologies, which requires IT audit to constantly develop and adapt to new challenges. The purpose of the article is to generalize views on the interpretation of the essence of IT audit, to characterize the tasks, types, standards in the field of IT audit, to justify the main stages of IT audit, to generalize the tools of IT audit, to determine the main directions of the development of IT audit in the conditions of the digital economy. Methodical approaches to the essence of IT audit by scientists and practitioners are analyzed in the article. Studies have shown that some specialists define IT audit as a type of audit, others propose to understand and apply it only as an intermediate stage of financial audit, and some - as a separate IT consulting service. The tasks of IT audit, its types and standards are described. The main types of audit evidence, methods and tools, as well as sources of information that can be used when conducting an IT audit are analyzed. The main stages of an IT audit are highlighted: preliminary research of the IT audit object and internal audit planning; IT audit and analysis; reporting on IT audit results; tracking the results of implementation of audit recommendations. The recommended process of organizing an internal IT audit at the enterprise. The IT audit toolkit is summarized, namely: IT audit goals; the necessity of its implementation; objects of IT audit; equipment and software used in IT audit, etc. Based on the conducted research, the advantages of conducting an IT audit are summarized. The following areas of IT audit development in the conditions of the digital economy have been determined: digital transformation; cyber security; data analytics; cloud technologies; automation; regulatory requirements. The development of IT audit is aimed at improving its methods and approaches, which would meet the modern requirements of business and technology, ensuring the reliability and efficiency of information systems of enterprises.

Svitlana Levytska,Nataliia Ostapiuk,Olena Tsiatkovska,Maryna Resler,Olena Mykhalska

DOI: https://doi.org/10.57111/econ/2.2024.57

2024-05-06

Economics of Development

Abstract:The aim of the study was to determine optimal strategies and methods for improving audit activities in the field of management of non-financial assets of public institutions. Audit reports, financial statements of state institutions, the legal framework for audit activities and information on asset management strategies were used in the study. The study results demonstrate that effective and objective control over assets ensures financial discipline, optimises costs and complies with legal requirements. The study discusses the traditional, risk-based and integrated approaches to asset auditing, as well as the importance of an integrated audit approach that considers not only financial indicators but also non-financial aspects that affect the performance of an institution. The real situation in Ukraine is addressed and compared with other countries, namely the United States, the United Kingdom, India, Brazil and Hungary. The study noted that the development of the audit of non-financial assets of public institutions is a complex and dynamic process that occurs on constant changes in legislation and requirements of international standards. In addition, the challenges and problems faced by auditors auditing non-financial assets of government agencies are highlighted. It is proposed to expand the concept of audit effectiveness from the “3E” to the “9E”, which provides a deeper assessment of performance, covering various factors. Based on the study, the key areas of the strategy for auditing non-financial assets of public institutions, including improving the audit system, identifying and managing risks and introducing modern technologies, were formulated. These findings are valuable for auditors, financial managers, civil servants and resource management experts as they provide practical recommendations for improving audit performance and the efficient use of non-financial assets

Lyudmyla Matviychuk

DOI: https://doi.org/10.35774/econa2020.01.01.231

2020-01-01

Economic Analysis

Abstract:Introduction. An important condition for the development of the agricultural sector is the timely receipt of reliable and complete accounting information on the availability and condition of fixed assets for the purposes of managing their use. To a large extent, the effectiveness of this type of assets is determined by the quality of management decisions. Given this, there is a need to use methods of analysis, as one of the most important management functions in the audit of fixed assets, which will properly assess and control their use. The use of analysis as a tool for evaluating the internal audit system fully meets the objectives of creating effective management of fixed assets and will allow their rational use through timely detection and elimination of negative impacts on the internal audit system and its effectiveness. Purpose. The purpose of writing this article is to assess the existing principles of audit of fixed assets in the agricultural sector of the economy and justify on their basis the organizational scheme of internal audit in agricultural enterprises. Results. Based on the substantiation of the principles of audit activity, the directions of activity of the internal audit service of agricultural enterprises are determined. The study of the formation of goals and functions of the internal audit unit at enterprises made it possible to develop a scheme for the organization of internal audit in the agricultural sector. On this basis, the method of internal audit of fixed assets in the basic areas, as well as the stages of its implementation. The peculiarity of the internal audit at agricultural enterprises is established, which provides for a systematic assessment and control of its quality.