Keywords: information security, information security management systems (ISMS), ISMS audit, audit planning
References
1. ISO/IEC 19011:2011. Guidelines for auditing management systems. 11.11.2011. Geneva, International Organization for Standardization. 44 p.
2. Aksenov V.V. Audit sistemy menedzhmenta infotmatsionnoi bezopasnosti. Rukovodstvo [Audit of the management system of information security. Manual]. Available at: http://itsec.by/wp-content/uploads/2012/10/Auditors-Guide-ISO-27001-on-Russian.pdf (accessed 09.09.2013).
3. ISO/IEC 27007:2011.Information technology - Security techniques - Guidelines for information security management systems auditing. 14.11.2011. Geneva, International Organization for Standardization. 34 p.
4. Martyshenko L.A., Ivchenko V.P., Monastyrskii M.L. Teoreticheskie osnovy informatsionno-statisticheskogo analiza slozhnykh system [Theoretical foundations of information and statistical analysis of complex systems]. St. Petersburg, Lan' Publ., 1997, 320 p.
5. Astakhov A.M. Iskusstvo upravleniya informatsionnymi riskami [Art of information risk management]. Moscow, DMK Press, 2010, 312 p.
6. GOST R 51897-2011. Rukovodstvo ISO 73:2009 Menedzhment riska. Terminy i opredeleniya.[GOST R 51897-2011. ISO Guid 73:2009. Risk management. Terms and definition]. М.: Moscow, Standartinform Publ., 16 p.
7. ISO/IEC 31000:2009.Risk management – Principles and guidelines. 15.11.2009. Geneva, International Organization for Standardization. 32 p.
8. Gvozdev A.V., Zikratov I.A., Lebedev I.S., Lapshin S.V., Solov’ev I.N. Prognoznaya otsenka zashchishchennosti arkhitektur programmnogo obespecheniya [Prediction of software architecture protection level]. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2012, no. 4 (80), pp. 126–130.
9. Zikratov I.A., Odegov S.V. Otsenka informatsionnoi bezopasnosti v oblachnykh vychisleniyakh na osnove baiesovskogo podkhoda [Evaluation of information security in cloud computing based on the Bayesian approach]. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2012, no. 4 (80), pp. 121–126.
10. Lebedev A.N., Kupriyanov M.S., Nedosekin D.D. Chernyavskii E.A. Veroyatnostnye metody v inzhenernykh zadachakh [Handbook of the probabilistic methods in engineering problems]. St. Petersburg, Energoatomizdat Publ., 2000, 333 p.
11. ISO/IEC 27000:2013. Information security management systems – Overview and vocabulary. 14.01.2013. Geneva, International Organization for Standardization. 34 p.
12. ISO/IEC 27001:2013. Information security management systems – Requirements.01.10.2013. Geneva, International Organization for Standardization. 29 p.
13. GOST R ISO/MEK 27004-2011. Informatsionnaya tekhnologiya. Metody i sredstva obespecheniya bezopasnosti. Menedzhment informatsionnoi bezopasnosti. Izmereniya[State Standard ISO/IEK 27004-2011. Information technology - Security techniques - Information security management - Measurement]. 01.01.2012. Moscow, Standartinform Publ., 62 p.
14. GOST R ISO/MEK 27005-2010. Informatsionnaya tekhnologiya. Metody i sredstva obespecheniya bezopasnosti. Menedzhment riska informatsionnoi bezopasnosti [State standard ISO/IEK 27005-2010. Information technology - Security techniques - Information security risk management]. Moscow, Standartinform Publ., 51 с.
15. GOST R ISO/MEK 27006-2008. Informatsionnaya tekhnologiya. Metody i sredstva obespecheniya bezopasnosti. Trebovaniya k organam, osushchestvlyayushchim audit i sertifikatsiyu system menedzhmenta informatsionnoi bezopasnosti. [State standard ISO/IEK 27006-2008. Information technology - Security techniques – Requirements for bodies providing audit and certification of information security management systems]. Moscow, Standartinform Publ., 40 с.