Abstract:This publication discusses the problem concerning the concept of the instantaneous information security (IT-Security) audits directed, including providing protection against “zero-day” threats. It is noted that effective counter-threats "zero-day" refers to the type of proactive defense, which implements a set of active preventive IT-Security controls, but not limited only constant installation of new technical facilities. A key feature of this concept of instantaneous IT-Security audits is to assess how the left limit of the protection level in the process of IT-Security audits performing. Methodological basis of the concept of instantaneous IT-Security audits is ISO 27001 standards series, supplemented by many (expandable) IT-Security metrics to quantify the object protection level. The obtained results can find application in create of models and methods of IT-Security audits performing and continuous object protection under the influence of IT-Security violation threats.
Keywords:Information security; Information Security Management System (ISMS); audir; risk management; threats; vulnerabilities; Standards.
Fulltext:
PDF file (961 kB)