Draft concept of Information Security Auditing at a university

The article examines the theoretical and practical basis of auditing the information security of educational institutions. The article gives proposals on the main components of its concept, taking into account the specifics of educational organizations, the article also searches for the ways of ensuring the effective functioning of universities on a considered basis. Proposals have been made to develop a comprehensive concept for the auditing of the information security of the university. The project includes seven components: the objects of auditing; its goals and objectives; the subtype of auditing that takes into account the specifics of the school; how to conduct audits and how to analyze data from the auditing process; the auditing phasing; its organizational and technical foundations; the composition and content of the resulting documents. A combination of risk analysis and information security standards is recommended as a practical approach to auditing. It is recommended that an experimental examination of the object security system should beused for real verification. Among the reasons for theoretical approaches that could create the basis for auditing the information security of a higher educational institution, the most preferable are the models of evaluation and the “grey” box. Practical implementation of the proposed information security auditing concept will improve the effectiveness of monitoring the implementation of Federal Laws and Programs in the educational institutions, and it will eventually strengthen the level of information security of the organization.

1. Zavgorognii V. I. Comprehensive protection of information in computer systems. Moscow: Logos; 2001. 264 p. (In Russ.).

2. Bezzubov A. F., Sinitsyn I. V. The use of computer systems of domestic production as a means of improving a University information security. Vestnik Rossiiskoi tamozhennoi akademii = The Russian Customs Academy Messenger. 2017;(2):106–110. (In Russ.).

3. Kozachok A. I., Levitskaya Yu. A. Methods of assessing information risks in networks for educational purposes. Metodicheskie voprosy prepodavaniya infokommunikatsyi v vyschei schkole = Methodical Questions of Teaching of Information and Communication in High School. 2012;1(4):27–29. (In Russ.).

4. Stukalova O. V., Boyakova E. V., Yudushkina O. V. A systematic approach to ensuring information security in educational organizations (on the example of universities). Vestnik NTsBZhD = Journal of the Scientific Center for Life Safety. 2017;32(2):104–109. (In Russ.).

5. Tyumenev A. V., Panov N. N. Comprehensive information security at the university. Ekstremal’naya deyatel’nost’ cheloveka = Extreme Human Activity. 2018;47(1):65–68. (In Russ.).

6. Shabanov A. A. Preconditions of formation of system of information security in universities. Konkurentosposobnost’ v global’nom mire: ekonomika, nauka, tekhnologii = Competitiveness in a Global World: Economics, Science, Technology. 2017;5–2(44):177–180. (In Russ.).

7. Sitnov A. A. The Organization of Auditing of Information Security. Uchet. Analiz. Audit = Accounting. Analysis. Auditing. 2016;3(6):102–110. (In Russ.).

8. Kurilo A. P., Zefirov S. L., Golovanov V. B. et al. Audit of information security. Moscow: BDTs-press; 2006. 304 p. (In Russ.).

9. Koz’minykh S.I., Koz’minykh P. S. Information security auditing. Vestnik Moskovskogo universiteta MVD Rossii = Bulletin of the Moscow University of the Ministry of Internal Affairs of the Russian Federation. 2016;(1):181–186. (In Russ.).

10. Goryunov A. G. Internal auditing of the information security of the company. Vestnik Moskovskogo universiteta MVD Rossii = Bulletin of the Moscow University of the Ministry of Internal Affairs of the Russian Federation. 2012;(8):227–231. (In Russ.).

11. Makarenko S. I. Audit of information security: The main stages, conceptual framework, classification of types. Sistemy upravleniya, svyazi i bezopasnosti = Systems of Control, Communication and Security. 2018;(1):1–29. (In Russ.).

12. Mahfuth A., Bakar A. A., Yussof S., Ali N. A systematic literature review: Information security culture. In: 2017 International Conference on Research and Innovation in Information Systems (ICRIIS). DOI: 10.1109/ ICRIIS.2017.8002442