FORMALIZATION OF THE ACCESS CONTROL AUDIT PROCEDURE IN THE INFORMATION SYSTEM
The article discusses current problems and tools for ensuring information security in information systems. The author analyzes the current trends in information security breaches in 2018-2019, concludes about the relevance of countering threats related to unauthorized access. The basic tools for protecting an information system from unauthorized access are many rights and rules for access control between objects and subjects. Therefore, to ensure the necessary level of security, the adequacy and consistency of the distribution of access rights is important. The methodology and conceptual scheme for conducting an audit of the access control subsystem based on ACL lists, consisting of procedures for initiating audits, collecting and analyzing audit data has been developed. The mathematically model of audit procedure is automation in the form of an audit software tool for the access control subsystem using the Windows operating system as an example. The main advantage of the proposed audit procedure is that it does not require complex testing procedures, calculation of probabilities, involvement and selection of experts. The main purpose of the program is to assess the compliance of the existing settings of the access control policy in the system with the security policy of the system under investigation.
Keywords: access rights, information protection, operating system, access control model, mathematical model, cybersecurity.