Abstract:

The paper is based on a project of an information system security audit for a service company when identifying existing threats to information security. Assessments of the information system's compliance with information security standards are given. The company's activities were analyzed, the necessary information was collected for conducting a security audit of the information system, and the data obtained was analyzed. Recommendations were developed to reduce the risks of information security threats. Implementation of the developed countermeasures to eliminate information security vulnerabilities will help the company reduce the risks of information security threats to protect important data stored in the information system, as well as to prevent possible financial losses and damage to the company's reputation.