Information security audit

An information security audit may include the following work:
• Risk analysis - study of possible threats, the implementation of which may lead to a violation of information confidentiality, as well as other aspects of security - integrity and availability;
• Assessment of the level of information security - according to the methods described in regulatory documents (Government of the Russian Federation, FSTEC of Russia);
• Assessing the current state of information security in an organization - assessing the sufficiency of using information security tools, assessing the most vulnerable systems;
• Assessment of compliance with regulatory requirements - assessment of compliance with the requirements of regulatory documents of FSTEC of Russia, FSB of Russia, Roskomnadzor, etc.
An information security audit allows you to develop recommendations for increasing the security of information systems, increase the level of information security when processing it in the organization’s information systems, and also update information for the development of organizational and administrative documents on information protection.