In modern conditions, dynamic modernization, escalation and extrapolation of the state of the information and digital environment in the banking sector gives rise to the emergence of topical issues closely related to national security, and in particular, to information security. The imperfection of information banking and payment systems, which require constant control through information security audit, remains an urgent challenge. The research paper considers the issues of improving the system of control, monitoring and verification of information security in credit organizations based on audit. The methodological basis for the research includes the analysis and systematization of existing approaches to information security audit. The work reveals the imperfection of the current legislative framework and reporting system, as well as establishes the absence of a full–time qualified specialist responsible for information security audit in the audit department of credit organizations. As part of the research work, recommendations were developed to systematize the Bank of Russia’s regulatory documents governing the audit, to improve banks’ internal documentation, to introduce information security specialists into the staff of audit departments and to include audit results in the Bank of Russia’s information resource. The practical significance of the results obtained lies in the possibility of their applying when conducting information security audits in the banking sector. The results of the study can be used to modernize the structure of information security audit in credit institutions, to increase the level of protection of banking and payment systems and minimize the risks associated with their operation.
Pavlov et al. (Wed,) studied this question.