Information and cybersecurity audit: Statutory regulation and performance issues

Abstract

Subject. This article focuses on the issues related to the audit of information systems and cybersecurity. Objectives. The article aims to determine the key areas of legal regulation of information security audit, taking into account the requirements of the time, technical capabilities and digital transformations taking place in society and the global space. Methods. For the study, we used a case study method, analysis, computational and graphical method, data systematization, and the ecosystem approach. Results. The article identifies gaps in the methodological framework and statutory regulation of the audit of information systems, substantiates the need for systematization and further development of the legislative framework for the audit of information security, and identifies the objects of information technologies that require special attention. It proposes to make certain changes to the Federal Law On Auditing regarding the introduction of information security checks of business entities into the list of other services, as well as develop standards for government auditing, which will unify this type of activity. Conclusions and Relevance. The number of cybercrimes is steadily growing, and this is due to both the widespread digitalization of ecosystems and the high level of technical and intellectual training of persons committing fraudulent actions. Ensuring the information security of economic entities and government agencies is impossible without conducting an audit that reduces the risk of cyber threats. The results of the study can be used to develop the regulatory framework for the audit of information systems, as well as for further scientific research and practical application.