| Nowadays, information is one of the most valuable assets of any company, organization, enterprise, and sometimes it belongs to the basic industrial assets because important technological and business processes are often depend on information security and uninterrupted access to it. But alongside with the development of information technologies there is a risk of information leakage, external intervention in information system work and virus attack. It is important to realize a real condition of security of information system valuable resources to resist its external and internal threats. In this case, independent examination of automatic information system security, i.e. security audit conducted by LLC "Art-master", is considered to be beneficial. Audit of information security is a system process assigned to estimate qualitative and quantitative condition of corporate information system according to information security criteria. The primary goal of audit is unbiased estimation of current condition of company information security as well as availability to resist external and internal security threats. Basic stages of information security audit: expert audit of information security, within which defects in information protection measures system on the basis of experts’ experience who are involved in the audit, expose; information security audit that is held on accordance to International Standard ISO/IEC 27001:2005 “Information technology – Security techniques – Information security management systems – Requirements” developed by International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) on the basis of the British Standard BS 7799-2:2002 “Information security system management. Specification and guidance of application”. Both information system work of the company in general and its separate segments providing information processing that are protected can be considered as the object of audit. Main issues solved during audit There are the following issues solved during audit: Collection and analysis of the source data regarding organizational and functional structure of the company required for estimation of information security condition; Analysis of completeness and efficiency of existing information security policy; Analysis of information and technological risks related to implementation of information security threats; Realization of test attempts of unauthorized access to crucial units of information system and determination of security vulnerability of these units; Making of recommendations concerning the policy of information security based on analysis of existing information security routine; Making of recommendations regarding use of existing and installation of extra information protection facilities to increase reliability and safety of company information system.
The purposes of audit The purpose of information security audit is estimation of information system (IS) security and development of recommendations for use of organizational actions and program-technical facilities aimed at protection of information and other IS assets to prevent information security violation threats. Information security audit is the initial stage for creation of information security complex subsystem. This subsystem combines organizational and software-technological measures aimed at protection of IS resources from information security threats regarding infringement of availability, integrity and confidentiality of stored and processed information. Audit of information security allows making well-grounded solutions concerning use of protective measures by specific company, taking into account their cost and information security threats. Audit on conformance to International Standard ISO/IEC 27001:2005 ISO/IEC 27001:2005 represents the set of demands to Information Security Management System (ISMS) that are mandatory to the certification. Standard establishes demands to development, implementation, functioning, monitoring, analysis, support and improvement of documented ISMS in the context of existing risks of the company. Audit results on conformance to International Standard ISO/IEC 27001:2005 Accordingly on the basis of audit on conformance to International Standard ISO/IEC 7001:2005 the customer receives: - Description of ISMS sphere activity;
- Methods of definition of important assets;
- List (inventory, register) of important assets of the company and their value (criticality);
- Methods of risks evaluation;
- Evaluation report of risks;
- Categories for risks acceptance;
- Application for acceptance (approval) of residual risks;
- Plan for risks treatment;
List of policies, manuals, procedures, instructions necessary for the company’s ISMS functioning. Guidelines for their development.
You may write to the following addresses dzi@am-soft.ua, post@am-soft.ua or phone +380 44 248-97-91, 248-98-27 to receive more detailed information concerning information security audit as well as learn pricing packages. | 
