摘要:Simultaneously with increasing the speed and precision of data processing, multiple connectivity, fast transmission over long distances, and their results, the development and generalization of automatic processing, brought many new vulnerabilities and deficiencies, otherwise inevitable, the basis of new risk categories. The risks of cyber attacks on financial auditing involve the risk management of information systems security. Identifying, mitigating or eliminating the effects are mandatory requirements without which a high-quality financial audit can not be achieved in a highly computerized environment. To substantiate specific risk management actions on information systems security, in this study we analyzed the main types and techniques used in cyber attacks by making their radiography, identifying the strengths and weaknesses of new technologies and systems that are or not favoring security systems. At the same time, we analyzed the security system of an information system, organized it in layers, and revealed the specific areas for the security evaluation of the Mehari method. Finally, some of the results of a survey based on a questionnaire made with the support of master students of the Information Systems Audit and Control course were revealed, with three of the most common weaknesses identified for each security domain.
关键词:risk; financial audit; IT security; risk management; cyber attack.