Краткое описание

The number of information attacks on company information systems has now increased significantly. The unintended consequences of such attacks are both financial and reputational losses. To increase the effectiveness of information protection, a sound analysis of the level of information system security is necessary. Purpose: To justify the need and describe the information security audit procedure for a manufacturing company. Results: We have analyzed business operations of a certain company and collected the necessary information for an information system security audit. Having analyzed the approaches to threat identification and countermeasure techniques, as well as the specifics of the company in question, we have chosen a combined approach. The study of different risk analysis methods has allowed to substantiate the choice of FRAP methodology. As a result of the audit procedure the compliance of the information system to the information security standards has been assessed. Practical relevance: Recommendations for reducing risks associated with threats to information security have been developed. The implementation of the developed countermeasures to eliminate information security vulnerabilities will allow the company to avoid possible financial losses and avert the damage to the company’s reputation.