Issues of mathematical interpretation of the information security audit process using Petri nets

Annotation: This article presents the way to compose a mathematical model of the information security audit process. The model is based on the use of temporary Petri nets to describe the states of the in-formation security audit process and the changes in the states of the audit process. The changes in the state of the information security audit process are described, that consist in identifying audit evidence, analyzing audit evidence and identifying viola-tions in the implementation of information security measures, analyzing violations in the implementation of information secu-rity measures and developing comments that should be formed as the main result of the information security audit process. The reference indicators of the Petri net on the composition of com-ponents and connections between them have been developed to assess the completeness and correctness of the structure of real information security audit processes. The mathematical model obtained when assessing the efficiency of the information secu-rity audit process is primarily designed to answer the question of the sufficiency of audit components in the organization under study. In addition, the obtained mathematical model of the in-formation security audit process represents the basis for simula-tion modeling of the audit process in order to assess the proba-bility of achieving audit goals for a given period of audit time and a certain set of detected audit evidence.

Keywords: cybersecurity, information security, trust assessment, trust, petri net, information security audit, audit, graphs