PresentationPDF Available

IT AUDIT QUALITY ASSESSMENTS RISKS AS A PART OF CYBER-SECURITY IN A DIGITAL WORLD

Authors:

Abstract

IT AUDIT QUALITY ASSESSMENTS RISKS AS A PART OF CYBER-SECURITY IN A DIGITAL WORLD
IT AUDIT
QUALITY
ASSESSMENTS
RISKS AS A PART
OF CYBER-
SECURITY IN A
DIGITAL WORLD
IT AUDIT
QUALITY
ASSESSMENTS
RISKS AS A PART
OF CYBER-
SECURITY IN A
DIGITAL WORLD
Anna Ashot Bayadyan
ASUE department
of ,,Management accounting
and
Auditing’’, Candidate of
Economics, Associate
Professor
STATISTICS OF BROCKEN SITES IN TERMS OF
2011-2021
Latest update:17.03.2021
The data of the 10 largest
organizations attacked by
cyberbullying in 2020
1. Toll Group
2. Marriott International
4. Twitter
5. Garmin
3. Magellan
6. Clark County School
District
9. FireEye and SolarWinds supply chain attack
victims
7. Software AG
8. Vastaamo Psychotherapy Centre
10. SolarWinds
Why are the
printers easy
targets ?
Protection of o$ce equipment from cyber
attacks
What steps can an IT auditor
take to minimize risks in
these cases?
Include o;ce printers, including
scanner and fax capabilities within
the framework risk assessments.
If the printer needs to be replaced
then supervise to remove safely the
printer's external memory.
Put a special printer and restrict
access to that part of the network
from the rest of the o;ce for those
departments that regularly publish
important documents.
Control, so that printers must be
turned o? during non-working
hours.
Security management
For example, the risks connected with the
information security arise along with the
development of IT services and IT infrastructure of
the company.
The following risk areas should
be considered by the IT audit
1. Knowledge management.
2. Human resource management.
3. Enterprise security management.
4. Management of relations with third parties.
5. Risk management.
6. Information cooperation.
Issues of the information security; Employments information
awareness and training
It is proposed to implement IT
Auditing in this case:
- Awareness procedures and
programs.
- Training programs, when a
certificate is issued and
qualification is awarded after
accomplishing them and
passing the examinations.
-The strategy of information
communication
The result will be:
Reduction of incident
risks connected with the
"Human factor’’ and
increasing the efficiency
of information security
management.
Threat and Vulnerability Management
Internet
It is proposed to implement IT
Auditing in this case:
Fact monitoring for the
intrusion of the company
database;
detecting detrimental
programs;
information security
management;
threat management;
vulnerability management;
responding to incidents in
time.
The result will be:
Reducing the risk
of serious
information security
incidents, the
security of important
information
resources, and
increase the
efficiency of security
monitoring.
Privacy and data protection
The company needs to be
assisted while solving these
problems in that case:
1. data collection and storage;
2. accountability;
3. notification;
4. selection and agreement;
5. access of the subject to his
personal data;
6. disclosure of data to third parties;
7. data reliability.
The result will be:
Reducing the risk for
information disclosure
unauthorized change
or destruction.
Testing of unauthorized access
penetration to security systems
It is necessary to
implement:
Comprehensive testing
of protection systems
that are for aginst
unauthorized access to
infrastructure .
Development and
implementation of testing
procedures for the
website security.
Preparation of proposals
for solving the problems
of vulnerability found in
the security system
The result will be :
The abolition of
vulnerabilities in IT
infrastructure allows
reducing the risk of
information loss or
theft.
Conclusion
So we can say that companies need to improve their
security measures, utilize the new technologies to the
maximum and respond quickly to threats when they
are occured as cyber threats continue to grow and
evolve. Many companies are setting up their own
Security Operation Center to increase their cyber
security, which are used to implement appropriate
actions and monitor security incidents for the
technology, processes and trained staff. The above-
mentioned points offered by us, will allow reducing the
risks of cybersecurity in the modern digital world, as
the awareness of IT security is low and or the most
serious negative consequences of cyber-attacks on
the whole activity of the organization are not realized
from the viewpoint of the employees in the majority of
the organizations.
THANKS!
ResearchGate has not been able to resolve any citations for this publication.
ResearchGate has not been able to resolve any references for this publication.