METHOD OF AUDITING THE PROTECTION OF AUTOMATED SYSTEMS

The analysis of the currently existing regulatory framework and methods for analyzing the protection of information resources was carried out. It is noted that the basis of the methods is the use of technical methods of analysis, which involve the use of both active and passive testing of the information protection system. Another existing solution to this problem is the use of expert assessments. However, both approaches are laborious and often subjective. On the basis of the theory of fuzzy sets, a mathematical model is proposed for auditing the security of automated systems on the basis of which an appropriate method has been proposed. Fuzzy models are considered as a tool for auditing automated systems that process confidential information. As an example of the use of the proposed method, an assessment of one of the information security aspects is considered - the security of access to confidential information in an automated system. The proposed method will make it possible to effectively use the obtained estimates for solving the problem of ensuring the security of information in automated systems. The main advantage of the method is that it does not require complex testing procedures, calculating probabilities, attracting and selecting experts, etc., and can be used to evaluate most various aspects of information security.

1. Astakhov, A. Analysis of corporate systems security / A. Astakhov // Open systems, 2002. - № 7 - 8

2. International standard ISO/IEC 15408:1999, “Information technology – Security techniques –Evaluation criteria for IT security – Part 1- Part 3”.

3. International standard ISO/IEC 17799:1999, “Information technology – Code of practice for information security management”.

4. S. Lydyn. Penetration testing with Rapid7 Metasploit:- https://www.antimalware.ru/practice/methods/penetration-testing-using-rapid7-metasploit

5. Zakharov, A. P. Methodology for assessing information security of a protection profile / A. P. Zakharov. – http://beda.stup.ac.ru/rv-conf/.

6. Dimov E.M. Information security management of a corporation using risk and expected utility criteria, Maslov ON, Rakov A.S .; Information Technology. 2016. Vol. 22. No. 8. P. 620-627.

7. Development of methods and algorithms for testing the operation of an enterprise from the point of view of information security of its operation. Ostroukh E.N., Chernyshev Yu.O., Mukhtarov S.A., Bogdanova N.Y .; Engineering herald Don. 2016. V. 41. No. 2 (41). S. 31.

8. Borisov V.V. Fuzzy models and networks. / V.V. Borisov, V.V. Kruglov, A.S. Fedulov. - M: Hotline - Telecom, 2007. - 284 p