Formation of the instantaneous information security audit concept

Abstract

This publication covers the problem of formation the concept of the instantaneous information security (IT-Security) audits, including protection against zero-day threats. Various recent materials are presented to the actual problem of counter zero-day threats notes that “any process-driven people, is unreliable. In this situation it is proposed to use not only a technical methods to counter zero-day threats, but to offer a combined method based on the concept of instantaneous IT-Security audits. Methodological basis of this concept for instantaneous audits defined both ISO 27001 and ISO 19011 standards, which extended with the set of IT-security metrics for quantify the object protection level. In the example for one variable was demonstrated an increase in the rate of growth of the ISMS level variables with known IT-Security audits process.