TECHNICAL AUDIT OF SECURITY OF INFORMATION - TELECOMMUNICATION SYSTEMS OF ENTERPRISES

Authors

DOI:

https://doi.org/10.28925/2663-4023.2023.20.4561

Keywords:

information security, infrastructure, enterprise, information and telecommunication system, testing, vulnerabilit

Abstract

The content of the audit and vulnerability testing of the information and telecommunication system (ITS) of any enterprise is considered. Based on the results of the information security audit, the overall security of the company's ITS is assessed. It is proposed to assess the security of IT using penetration testing in the following areas: penetration testing from outside and inside the information infrastructure, social engineering testing of the company's personnel and testing for resistance to DDoS attacks; assessment of the security of the mobile application, web resource and wireless networks. The proposed general algorithm for IT infrastructure penetration testing (analysis of vulnerabilities and security of information resources) in the form of stages: initialization, passive and active intelligence, operation and post-exploitation, systematization and presentation of the results of security assessment, risk and vulnerability assessment, recommendations regarding them elimination. In stages

all operations are carried out without causing real damage to the ITS.

The purpose of a technical audit is shown, which covers the components of the ITS and can be considered as an independent examination or a procedure for their investigation in order to assess the condition and identify reserves. Technical audit as a result of checking the software and technical part of the resource provides an opportunity to form a list of key problems and get comprehensive recommendations for their elimination. It is noted that in accordance with modern requirements, technical audit can be used as an audit in the form of remote technical support, and information security audit can be considered as a variant of technical audit. Conducting an information security audit includes: analysis of risks associated with the possibility of information security threats to resources; assessment of the current level of ITS security; localization of "bottlenecks" in the ITS protection system; assessment of ITS compliance with existing standards in the field of security; providing recommendations on the implementation of new and improving the effectiveness of existing ITS security mechanisms. The content of the detailed report of the technical audit of the enterprise's ITS security has been revealed.

Downloads

Download data is not yet available.

References

Nemchenko, A., Nazarkina, V., Gubsky, S., Chernukha, V., Korzh, Yu. Sapsai, R. (2012). Audit Study guide for students of higher educational institutions. 10.13140/RG.2.1.1857.4561.

Information security audit. ProNET. https://www.pronet.ua/audit-informaczijnoi-bezpeki/

Korchenko, O. Hnatyuk, S., Kazmirchuk, S., Panchenko, V. Melnyk, S. (2014). Audit and management of information security incidents. Center of educational and scientific and scientific and practical publications of the National Academy of the Security of Ukraine. (The original was published in 2014).

Roy, Y. V., Mazur, N. P., Skladannyi, P. M. (2018). Information security audit is the basis of effective enterprise protection. Electronic specialized scientific publication "Cybersecurity: education, science, technology", 1(1), 86–93. https://doi.org/10.28925/2663-4023.2018.1.8693 .

Burlan, S., Rudenko, N. (2017). Audit organization and methodology. Mykolaiv: Publishing House of the ChNU named after Peter's Tomb.

7 good reasons for conducting a technological audit of the enterprise. https://aimarketing.info/uk/blog/technichal-audit/7-vagomyh-prychyn-provedennya-tehnologichnogo-audytu-pidpryemstva.

Zachek O., Senyk V., Magerovska, T. (2022). Information Technology. Tutorial. Lviv: Lviv State University of Internal Affairs. http://dspace.lvduvs.edu.ua/handle/1234567890/4778

Matyukha, M. (2018). Computer audit. SE "Personal Publishing House". https://maup.com.ua/assets/files/lib/book/komputer_audit.pdf.

Information security systems. Review. https://valtek.com.ua/ua/system-integration/security-control-system/integrated-security-systems/information-security-system-review.

Technical audit of equipment - SI BIS. SI BIS https://www.sibis.com.ua/services/technical-support-and-maintanance/technical-audit-of-equipment/

Remote technical support - SI BIS. SI BIS. https://www.sibis.com.ua/services/outsourcing/distantsijna-tehnichna-pidtrimka/

Yakymenko, Yu., Savchenko, V., Legominova, S. (2022). System analysis of information security: modern management methods. State University of Telecommunications.

Drahuntsov, R., Rabchun, D., & Brzhevska, Z. (2020). Architecture security principles of the android applications-based information system. Cybersecurity: Education, Science, Technique, 49–60. https://doi.org/10.28925/2663-4023.2020.8.4960.

Drahuntsov, R., Rabchun, D. (2021). Potential disguising attack vectors on security operation centers and siem systems. Cybersecurity: Education, Science, Technique, 2(14), 6–14. https://doi.org/10.28925/2663-4023.2021.14.614.

Pentest | IT Specialist. (b. d.). https://my-itspecialist.com/products/pentest

RESEARCH. ISECOM. https://www.isecom.org/research.html.

The Penetration Testing Execution Standard. (b. d.). The Penetration Testing Execution Standard. http://www.pentest-standard.org/index.php/Main_Page

SP 800-115, Technical Guide to Information Security Testing and Assessment | CSRC. (b. d.). NIST Computer Security Resource Center | CSRC. http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf.

OWASP Foundation, the Open Source Foundation for Application Security | OWASP Foundation. (b. d.). OWASP Foundation, the Open Source Foundation for Application Security | OWASP Foundation. https://www.owasp.org

State enterprise "Ukrainian research and training center for problems of standardization, certification and quality" (2019). Information Technology. Protection methods (DSTU ISO/IEC 27007:2018). http://online.budstandart.com/ua/catalog/doc-page?id_doc=80303 .

ISO/TMBG Technical Management Board - groups. (2018). Guidelines for auditing management systems (ISO 19011:2018). https://cdn.standards.iteh.ai/samples/70017/559078f9a2634aca84ff0a6aac1498f6/ISO-19011-2018.pdf

Downloads


Abstract views: 336

Published

2023-06-29

How to Cite

Yakymenko, Y., Rabchun, D., Muzhanova, T., Zaporozhchenko, M., & Shchavinskyі Y. (2023). TECHNICAL AUDIT OF SECURITY OF INFORMATION - TELECOMMUNICATION SYSTEMS OF ENTERPRISES. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 4(20), 45–61. https://doi.org/10.28925/2663-4023.2023.20.4561

Most read articles by the same author(s)