<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">kaz44</journal-id><journal-title-group><journal-title xml:lang="ru">Вестник Университета Шакарима. Серия технические науки</journal-title><trans-title-group xml:lang="en"><trans-title>Bulletin of Shakarim University. Technical Sciences</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">2788-7995</issn><issn pub-type="epub">3006-0524</issn><publisher><publisher-name>«Шәкәрім университеті» КеАҚ</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.53360/2788-7995-2025-4(20)-9</article-id><article-id custom-type="elpub" pub-id-type="custom">kaz44-2108</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>АВТОМАТИЗАЦИЯ И ИНФОРМАЦИОННЫЕ ТЕХНОЛОГИИ (ОРИГИНАЛЬНАЯ СТАТЬЯ)</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>AUTOMATION AND INFORMATION TECHNOLOGY (ORIGINAL ARTICLE)</subject></subj-group></article-categories><title-group><article-title>СРАВНИТЕЛЬНЫЙ АНАЛИЗ МЕТОДОВ АУДИТА СИСТЕМ УПРАВЛЕНИЯ ИНФОРМАЦИОННОЙ БЕЗОПАСНОСТЬЮ В КАЗАХСТАНЕ И ДРУГИХ СТРАНАХ</article-title><trans-title-group xml:lang="en"><trans-title>COMPARATIVE ANALYSIS OF AUDIT METHODS FOR INFORMATION SECURITY MANAGEMENT SYSTEMS IN KAZAKHSTAN AND OTHER COUNTRIES</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0009-0003-9072-8475</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Мухтарова</surname><given-names>З. Б.</given-names></name><name name-style="western" xml:lang="en"><surname>Mukhtarova</surname><given-names>Z. B.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Замира Бекеновна Мухтарова – докторант 2-го курса ОП «Системы информационной безопасности»</p><p>Республика Казахстан, г. Астана, ул. Каныш Сатпаева, 2 </p></bio><bio xml:lang="en"><p>Zamira Bekenovna Mukhtarova – 2nd-year doctoral student of the educational program «Information security systems»</p><p>010000, Republic of Kazakhstan, Astana, 2 Kanysh Satpayev Street</p></bio><email xlink:type="simple">zamira_bekenovna@mail.ru</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0001-7053-2844</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Жаркимбекова</surname><given-names>А. Т.</given-names></name><name name-style="western" xml:lang="en"><surname>Zharkimbekova</surname><given-names>A. T.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Айжан Темиржановна Жаркимбекова – PhD, Сеньор-лектор, Департамент информационной безопасности</p><p>Республика Казахстан, г. Астана, ул. Каныш Сатпаева, 2</p></bio><bio xml:lang="en"><p>Aizhan Temirzhanovna Zharkimbekova – PhD, Senior Lecturer, Department of information security</p><p>010000, Republic of Kazakhstan, Astana, 2 Kanysh Satpayev Street</p></bio><email xlink:type="simple">zh.aizhan.t@gmail.com</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0009-0005-4932-1774</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Смаилова</surname><given-names>Б. Т.</given-names></name><name name-style="western" xml:lang="en"><surname>Smailova</surname><given-names>B. T.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Балжан Темірболатқызы Смаилова – магистр, заведущая кафедры математики</p><p>071412, Республика Казахстан, г. Семей, ул. Глинки, 20 А</p></bio><bio xml:lang="en"><p>Balzhan Temirbolatkyzy Smailova – MS, Head of Mathematics Department</p><p>071412, Republic of Kazakhstan, Semey, 20 A Glinka Street </p></bio><email xlink:type="simple">st.balzhan@gmail.com</email><xref ref-type="aff" rid="aff-2"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru">Евразийский национальный университет им. Л.Н. Гумилева города Астана<country>Казахстан</country></aff><aff xml:lang="en">L.N. Gumilyov Eurasian National University<country>Kazakhstan</country></aff></aff-alternatives><aff-alternatives id="aff-2"><aff xml:lang="ru">НАО «Шәкәрім Университет»<country>Казахстан</country></aff><aff xml:lang="en">Shakarim University<country>Kazakhstan</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2025</year></pub-date><pub-date pub-type="epub"><day>25</day><month>01</month><year>2026</year></pub-date><volume>1</volume><issue>4(20)</issue><fpage>73</fpage><lpage>80</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Мухтарова З.Б., Жаркимбекова А.Т., Смаилова Б.Т., 2026</copyright-statement><copyright-year>2026</copyright-year><copyright-holder xml:lang="ru">Мухтарова З.Б., Жаркимбекова А.Т., Смаилова Б.Т.</copyright-holder><copyright-holder xml:lang="en">Mukhtarova Z.B., Zharkimbekova A.T., Smailova B.T.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://tech.vestnik.shakarim.kz/jour/article/view/2108">https://tech.vestnik.shakarim.kz/jour/article/view/2108</self-uri><abstract><p>В статье представлен сравнительный анализ традиционных методов аудита систем управления информационной безопасностью (СУИБ) в Казахстане и других странах. В статье рассматриваются ключевые подходы, используемые в процессе аудита, включая такие международные стандарты, как ISO/IEC 27001 (Международная организация по стандартизации/Международная электротехническая комиссия), NIST (Национальный институт стандартов и технологий), GDPR (Общий регламент по защите данных), и их адаптация в различных юрисдикциях. Особое внимание уделено преимуществам и недостаткам каждого метода, а также степени зрелости систем управления информационной безопасностью в разных странах. Проанализировано современное состояние информационной безопасности в Казахстане, включая нормативную базу и практическое применение механизмов аудита в государственных и частных организациях. Выделены основные проблемы и вызовы, с которыми сталкиваются организации при обеспечении кибербезопасности, такие как недостаточная квалификация специалистов, проблемы с внедрением современных технологий и стандартов, а также отсутствие межведомственной координации. Также рассматриваются перспективы совершенствования методов аудита СУИБ с учетом мирового опыта и предлагаются пути повышения эффективности аудита и совершенствования национальных практик в области информационной безопасности.Результаты исследования могут быть полезны специалистам по информационной безопасности, аудиторам, исследователям, а также организациям, занимающимся управлением рисками и защитой данных в условиях современной цифровой трансформации.</p></abstract><trans-abstract xml:lang="en"><p>This article presents a comparative analysis of approaches to auditing Information Security Management Systems (ISMS) used in the Republic of Kazakhstan and other countries. The study examines key audit methodologies, including international regulatory frameworks such as ISO/IEC 27001 (International Organization for Standardization / International Electrotechnical Commission), NIST (National Institute of Standards and Technology), and the GDPR (General Data Protection Regulation), with a particular focus on their adaptation across different legal jurisdictions. Special attention is given to the strengths and limitations of various auditing practices, as well as the maturity levels of ISMS executions across different nations. The paper analyzes the current state of information security in Kazakhstan, taking into account the national regulatory landscape and the practical application of audit mechanisms in both public and private sectors. It also identifies critical challenges faced by organizations, such as the shortage of qualified personnel, difficulties in implementing contemporary standards and technologies, and weak interdepartmental coordination. Prospective directions for enhancing ISMS audit methods are outlined based on an evaluation of global best practices. Additionally, the paper discusses potential directions for enhancing ISMS auditing practices by drawing on global experience and offers practical recommendations for improving audit effectiveness and strengthening national cybersecurity frameworks.The findings of this study are of practical relevance to information security professionals, auditors, researchers, and organizations involved in risk management and data protection within the context of ongoing digital transformation.</p></trans-abstract><kwd-group xml:lang="ru"><kwd>аудит</kwd><kwd>информационная безопасность</kwd><kwd>системы управления информационной безопасностью (СУИБ)</kwd><kwd>кибербезопасность</kwd><kwd>правовое регулирование</kwd><kwd>международные стандарты</kwd><kwd>ISO/IEC 27001</kwd><kwd>управление рисками</kwd></kwd-group><kwd-group xml:lang="en"><kwd>audit</kwd><kwd>information security</kwd><kwd>information security management systems (ISMS)</kwd><kwd>cybersecurity</kwd><kwd>legal regulation</kwd><kwd>international standards</kwd><kwd>ISO/IEC 27001</kwd><kwd>risk management</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">ISO/IEC 27001. Information technology – Security techniques – Information security management systems – Requirements (TechNormative Ed.), 2006.</mixed-citation><mixed-citation xml:lang="en">ISO/IEC 27001. Information technology – Security techniques – Information security management systems – Requirements (TechNormative Ed.), 2006.</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Averchenkov B.I. Audit informacionnoj bezopasnosti: metodologija i praktika. – Moskva: Nauka, 2021. (In Russian).</mixed-citation><mixed-citation xml:lang="en">Averchenkov B.I. Audit informacionnoj bezopasnosti: metodologija i praktika. – Moskva: Nauka, 2021. (In Russian).</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Important changes to ISO 27001:2022: https://www.controlcase.com/important-changes-to-iso-27001/?utm_source=chatgpt.com (accessed: 14.03.2025).</mixed-citation><mixed-citation xml:lang="en">Important changes to ISO 27001:2022: https://www.controlcase.com/important-changes-to-iso-27001/?utm_source=chatgpt.com (accessed: 14.03.2025).</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">The ISO/IEC 27001 information security management standard: literature review and theorybased research agenda / G. Culot et al // The TQM Journal, 2021.</mixed-citation><mixed-citation xml:lang="en">The ISO/IEC 27001 information security management standard: literature review and theorybased research agenda / G. Culot et al // The TQM Journal, 2021.</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">ST RK ISO/IEC 27001-2015 «Informacionnaja tehnologija. Metody i sredstva obespechenija bezopasnosti. Sistemy menedzhmenta informacionnoj bezopasnost'ju. Trebovanija». – 2015. (In Russian).</mixed-citation><mixed-citation xml:lang="en">ST RK ISO/IEC 27001-2015 «Informacionnaja tehnologija. Metody i sredstva obespechenija bezopasnosti. Sistemy menedzhmenta informacionnoj bezopasnost'ju. Trebovanija». – 2015. (In Russian).</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">De la Rosa Martín T. Automation of an information security management system based on the ISO/IEC 27001 Standard // Revista Universidad y Sociedad. – 2021. – Vol. 13, № 5. – P. 495-506.</mixed-citation><mixed-citation xml:lang="en">De la Rosa Martín T. Automation of an information security management system based on the ISO/IEC 27001 Standard // Revista Universidad y Sociedad. – 2021. – Vol. 13, № 5. – P. 495-506.</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Al-Karaki J.N. GoSafe: On the practical characterization of the overall security posture of an organization information system using smart auditing and ranking / J.N. Al-Karaki, A. Gawanmeh, S. El-Yassami // Journal of King Saud University – Computer and Information Sciences. – 2022. – Vol. 34, № 6. – P. 3079-3095.</mixed-citation><mixed-citation xml:lang="en">Al-Karaki J.N. GoSafe: On the practical characterization of the overall security posture of an organization information system using smart auditing and ranking / J.N. Al-Karaki, A. Gawanmeh, S. El-Yassami // Journal of King Saud University – Computer and Information Sciences. – 2022. – Vol. 34, № 6. – P. 3079-3095.</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Bakpokpaev A.A. Klassifikacija i analiz metodov i sredstv audita informacionnoj bezopasnosti / A.A. Bakpokpaev, E.Zh. Ajthozhaeva. – Almaty: Universitet im. Satpaeva, 2022. (In Russian).</mixed-citation><mixed-citation xml:lang="en">Bakpokpaev A.A. Klassifikacija i analiz metodov i sredstv audita informacionnoj bezopasnosti / A.A. Bakpokpaev, E.Zh. Ajthozhaeva. – Almaty: Universitet im. Satpaeva, 2022. (In Russian).</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">Zakon Respubliki Kazahstan «O personal'nyh dannyh i ih zashhite». – 2013. (In Russian).</mixed-citation><mixed-citation xml:lang="en">Zakon Respubliki Kazahstan «O personal'nyh dannyh i ih zashhite». – 2013. (In Russian).</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">Zakon Respubliki Kazahstan «O bezopasnosti». – 2005. (In Russian).</mixed-citation><mixed-citation xml:lang="en">Zakon Respubliki Kazahstan «O bezopasnosti». – 2005. (In Russian).</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">Isabaeva S.B. Obespechenie kiberbezopasnosti Kazahstana v uslovijah global'noj cifrovizacii: Doktorskaja dissertacija. – Kazahstan, 2020. (In Russian).</mixed-citation><mixed-citation xml:lang="en">Isabaeva S.B. Obespechenie kiberbezopasnosti Kazahstana v uslovijah global'noj cifrovizacii: Doktorskaja dissertacija. – Kazahstan, 2020. (In Russian).</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">Berezjuk V.I. Perspektivy razvitija cifrovogo audita v Respublike Kazahstan v uslovijah perehoda k cifrovoj jekonomike // Uchet. Analiz. Audit. – 2024. – T. 11(1). – S. 27-38. (In Russian).</mixed-citation><mixed-citation xml:lang="en">Berezjuk V.I. Perspektivy razvitija cifrovogo audita v Respublike Kazahstan v uslovijah perehoda k cifrovoj jekonomike // Uchet. Analiz. Audit. – 2024. – T. 11(1). – S. 27-38. (In Russian).</mixed-citation></citation-alternatives></ref><ref id="cit13"><label>13</label><citation-alternatives><mixed-citation xml:lang="ru">National Institute of Standards and Technology (NIST). Security and privacy controls for federal information systems and organizations. – 2018.</mixed-citation><mixed-citation xml:lang="en">National Institute of Standards and Technology (NIST). Security and privacy controls for federal information systems and organizations. – 2018.</mixed-citation></citation-alternatives></ref><ref id="cit14"><label>14</label><citation-alternatives><mixed-citation xml:lang="ru">European Union. General Data Protection Regulation (GDPR). – 2016.</mixed-citation><mixed-citation xml:lang="en">European Union. General Data Protection Regulation (GDPR). – 2016.</mixed-citation></citation-alternatives></ref><ref id="cit15"><label>15</label><citation-alternatives><mixed-citation xml:lang="ru">International Telecommunication Union, ABI Research. Global cybersecurity index &amp; cyberwellness profiles. – Geneva: ITU, 2015. – Available at: http://www.itu.int/dms_pub/itud/opb/str/D-STR-SECU-2015-PDF-E.pdf (accessed: 14.03.2025).</mixed-citation><mixed-citation xml:lang="en">International Telecommunication Union, ABI Research. Global cybersecurity index &amp; cyberwellness profiles. – Geneva: ITU, 2015. – Available at: http://www.itu.int/dms_pub/itud/opb/str/D-STR-SECU-2015-PDF-E.pdf (accessed: 14.03.2025).</mixed-citation></citation-alternatives></ref><ref id="cit16"><label>16</label><citation-alternatives><mixed-citation xml:lang="ru">International Telecommunication Union. The Global Cybersecurity Index. – 2020. – Available at: https://www.itu.int/en/ITU-D/Cybersecurity/Pages/global-cybersecurity-index.aspx (accessed: 14.03.2025).</mixed-citation><mixed-citation xml:lang="en">International Telecommunication Union. The Global Cybersecurity Index. – 2020. – Available at: https://www.itu.int/en/ITU-D/Cybersecurity/Pages/global-cybersecurity-index.aspx (accessed: 14.03.2025).</mixed-citation></citation-alternatives></ref><ref id="cit17"><label>17</label><citation-alternatives><mixed-citation xml:lang="ru">E-Governance Academy. The National Cyber Security Index. – 2020. – Available at: https://ncsi.ega.ee/methodology/ (accessed: 14.03.2025).</mixed-citation><mixed-citation xml:lang="en">E-Governance Academy. The National Cyber Security Index. – 2020. – Available at: https://ncsi.ega.ee/methodology/ (accessed: 14.03.2025).</mixed-citation></citation-alternatives></ref><ref id="cit18"><label>18</label><citation-alternatives><mixed-citation xml:lang="ru">Kompanijalardyң aқparattyқ bejіmdeu monitoringі / V.A. Lahno et al // ҚazKKA Habarshysy. – 2023. – T. 6(129). – S. 173-185. (In Kazakh).</mixed-citation><mixed-citation xml:lang="en">Kompanijalardyң aқparattyқ bejіmdeu monitoringі / V.A. Lahno et al // ҚazKKA Habarshysy. – 2023. – T. 6(129). – S. 173-185. (In Kazakh).</mixed-citation></citation-alternatives></ref><ref id="cit19"><label>19</label><citation-alternatives><mixed-citation xml:lang="ru">Automation of information security risk assessment / В. Akhmetov et al // International Journal of Electronics and Telecommunications. – 2022. – Vol. 68, № 3. – P. 549-555. https://doi.org/10.24425/ijet.2022.141273.</mixed-citation><mixed-citation xml:lang="en">Automation of information security risk assessment / В. Akhmetov et al // International Journal of Electronics and Telecommunications. – 2022. – Vol. 68, № 3. – P. 549-555. https://doi.org/10.24425/ijet.2022.141273.</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
