General Principles of Testing Information Security of an Enterprise

Abstract

The article describes the technical methods of testing information security of the enterprise and the development of the sequence of their application. Also investigated the methods and mechanisms for testing information security of the enterprise. Existing methods of researching information security of an enterprise are conditionally divided into 3 categories: methods of research, goal analysis and confirmation of the presence of vulnerabilities. Guided by the principles laid down in these methods, the external auditor, with the consent of the customer, can, at his own discretion, form a sequence of actions for security testing. Until now, these techniques remain only indications for the auditor and he is forced, to a large extent, to rely on his experience and expert opinion.

Keywords: enterprise information security, testing, information security, enterprise security, testing methods, testing mechanisms, vulnerability.

References
1. Технічний захист інформації [Електронний ресурс] // Режим доступу: http://tzi.com.ua/audbezib.html
2. НД ТЗІ 3.7-003-05 «Порядок проведення робіт із створення Комплексної системи захисту інформації в інформаційно-телекомунікаційній системі».
3. ISO/IEC 27001. Information technology -- Security techniques -- Information security management systems – Requirements // 2015.
4. ISO/IEC 27002. Information technology – Security techniques – Code of practice for information security management. // 2013.
5. В.И Аверченков Аудит информационной безопасности, учебное пособие // ФЛИНТА 2011.
6. Logging The Ultimate Guide [Електронний ресурс] // Режим доступу: https://www.loggly.com/ultimateguide/linux-logging-basics/
7. Справочное руководство Nmap (Man Page) [Електронний ресурс] // Режим доступу: https://nmap.org/man/ru/
8. FreeBSD Handbook [Електронний ресурс] // Режим доступу: https://www.freebsd.org/doc/handbook/