Leveraging Security Modeling and Information Systems Audits to Mitigate Network Vulnerabilities

Abstract

Advancements in digital technologies have significantly enhanced the functional capabilities of consumers and businesses alike, yet have concurrently amplified the complexities associated with cybersecurity, including theft and cyber-attacks. Consequently, auditing of information systems has emerged as a crucial security apparatus for organizations aiming to safeguard their data assets, specifically with respect to customer information. This study aims to design an information systems security and audit model that emphasizes the fortification of an organization's crucial assets via IT infrastructure security and information security management systems, in alignment with ISO 27001 standards. The proposed model seeks to assure information confidentiality, integrity, availability, and compliance with legal mandates. The study adopted the OCTAVE v2.0 method, executed in three distinct phases. In the first phase, profiles of asset-based threats were constructed. The second phase involved the identification of infrastructure vulnerabilities, whereas the final phase focused on the development of a security strategy and plans. The implementation of the proposed model yielded a marked impact, with a positive shift from 46% to 94% following the establishment of IT infrastructure security policies. The study underscores the importance of conducting a comparative analysis prior to implementation and asserts that well-defined and identified security models and information systems auditing can effectively counteract potential data leaks and cyber-attacks such as malware, phishing, spam, and ransomware. The findings suggest that a meticulous and preemptive approach to auditing and security planning can significantly bolster the resilience of an organization's digital infrastructure. © 2023 Elsevier B.V., All rights reserved.