AUDIT OF INFORMATION SECURITY IN THE CONTEXT OF AUTOMATION OF ACCOUNTING DATA IN DOMESTIC ENTERPRISES

Abstract

The article examines the issue of auditing the information security of electronic accounting data in enterprises, which is a crucial aspect of protecting an organization's information resources. In the modern era of digitalized accounting processes, the use of electronic systems significantly enhances enterprise efficiency, minimizes the risk of human error, and provides quick access to necessary data. However, the electronic format of accounting information is vulnerable to threats such as cyberattacks, technical failures, and unauthorized access, necessitating comprehensive protection measures. The paper analyzes the current state of information security threats in Ukraine, particularly the increasing number of cyberattacks targeting state institutions, enterprises, the energy sector, and telecommunications. It examines the most common attack methods and security vulnerabilities, including the use of malicious software, phishing attacks, improper account storage, and unauthorized access. The article highlights that attackers primarily aim to steal confidential data, disrupt information systems, and commit financial fraud.

The study also reviews recent research in the field of information security, exploring various approaches to risk assessment, methods for predicting potential threats, and strategies for auditing information systems security. Particular attention is given to the process of auditing accounting information, which includes evaluating data storage security, access management, authentication policies, backup procedures, and compliance with regulatory requirements. A conceptual approach to conducting an audit is proposed, consisting of three main stages. The article emphasizes the importance of a comprehensive approach to information security, which includes implementing multi-factor authentication, regularly backing up data, controlling access to confidential information, and monitoring potential threats. The study's findings can be used to develop enterprise cybersecurity strategies, improve security policies, and ensure compliance with regulatory requirements. The proposed audit methods facilitate the timely identification of risks, reduce the likelihood of data loss, and strengthen organizational resilience against cyber threats.