Development of a method for conducting an audit of the information security system

Information processes, as well as information resources, manage information of varying degrees of importance for the enterprise. In this regard, the protection of such information is one of the most important procedures in the field of state security, the importance of which is growing every year. The problem of information security - the reliable provision of its safety and the established status of use - is one of the most important problems of our time. The paper considers the existing standards in the field of information security audit. The author has developed an innovative model of audit of the information security system based on the comparison of demand measures of order no. 21 of the FSTEC of Russia and ways of implementation in the subsystem of the information system of personal data protection, the recommendations for inspections of specific measures of protection and used technology audit technical means. The developed method is tested on the example of conducting an audit in “Lama” LLC company. The choice was made to establish the compliance of the organization’s personal data protection system with the requirements of order no. 21 of the FSTEC of Russia. Recommendations have been developed to eliminate the existing shortcomings and inconsistencies by re-equipping the anti-virus protection subsystem and the subsystem of inter-network shielding and protection of communication channels.