Draft concept of Information Security Auditing at a university
The article examines the theoretical and practical basis of auditing the information security of educational institutions. The article gives proposals on the main components of its concept, taking into account the specifics of educational organizations, the article also searches for the ways of ensu...
Gespeichert in:
Veröffentlicht in: | Učët. Analiz. Audit (Online) 2020-01, Vol.6 (6), p.24-33 |
---|---|
Hauptverfasser: | , , |
Format: | Artikel |
Sprache: | eng ; rus |
Schlagworte: | |
Online-Zugang: | Volltext |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | The article examines the theoretical and practical basis of auditing the information security of educational institutions. The article gives proposals on the main components of its concept, taking into account the specifics of educational organizations, the article also searches for the ways of ensuring the effective functioning of universities on a considered basis. Proposals have been made to develop a comprehensive concept for the auditing of the information security of the university. The project includes seven components: the objects of auditing; its goals and objectives; the subtype of auditing that takes into account the specifics of the school; how to conduct audits and how to analyze data from the auditing process; the auditing phasing; its organizational and technical foundations; the composition and content of the resulting documents. A combination of risk analysis and information security standards is recommended as a practical approach to auditing. It is recommended that an experimental examination of the object security system should beused for real verification. Among the reasons for theoretical approaches that could create the basis for auditing the information security of a higher educational institution, the most preferable are the models of evaluation and the “grey” box. Practical implementation of the proposed information security auditing concept will improve the effectiveness of monitoring the implementation of Federal Laws and Programs in the educational institutions, and it will eventually strengthen the level of information security of the organization. |
---|---|
ISSN: | 2408-9303 2619-130X |
DOI: | 10.26794/2408-9303-2019-6-6-24-3 |