Abstract [eng] |
The purpose of this work is to create the information system for information security audit that help to make the decision-making easier for information security auditors and make accurate recommendations to improve safety. The system helps determine the risk factors according to LST ISO/IEC 27001:2006 standard. The information security audit is high cost and complex process, therefore rarely or not at all performed in organizations. Consequently, there is a need of measures to perform audit by lay persons. Also require that such measures are long term and could be extended, changed, according to political and technological changes in organization. In this work has been analyzed possibilities and use of decision support systems for information security audit problems solving, developed information security audit decision support system model and realized and tested a prototype system. |