METHOD OF AUDITING THE PROTECTION OF AUTOMATED SYSTEMS
V.L. Tokarev, A.A. Sychugov
The analysis of the currently existing regulatory framework and methods for analyzing the protection of information resources was carried out. It is noted that the basis of the methods is the use of technical methods of analysis, which involve the use of both active and passive testing of the information protection system. Another existing solution to this problem is the use of expert assessments. However, both approaches are laborious and often subjective. On the basis of the theory of fuzzy sets, a mathematical model is proposed for auditing the security of automated systems on the basis of which an appropriate method has been proposed. Fuzzy models are considered as a tool for auditing automated systems that process confidential information. As an example of the use of the proposed method, an assessment of one of the information security aspects is considered – the security of access to confidential information in an automated system. The proposed method will make it possible to effectively use the obtained estimates for solving the problem of ensuring the security of information in automated systems. The main advantage of the method is that it does not require complex testing procedures, calculating probabilities, attracting and selecting experts, etc., and can be used to evaluate most various aspects of information security.
Keywords: :information security, access security, evaluation.