Leveraging Security Modeling and Information Systems Audits to Mitigate Network Vulnerabilities

Laberiano Andrade Arenas, Cesar Yactayo-Arias, Sheyla Rivera Quispe, Jenner Lavalle Sandoval

Research output: Contribution to journalOriginal Articlepeer-review


Advancements in digital technologies have significantly enhanced the functional capabilities of consumers and businesses alike, yet have concurrently amplified the complexities associated with cybersecurity, including theft and cyber-attacks. Consequently, auditing of information systems has emerged as a crucial security apparatus for organizations aiming to safeguard their data assets, specifically with respect to customer information. This study aims to design an information systems security and audit model that emphasizes the fortification of an organization's crucial assets via IT infrastructure security and information security management systems, in alignment with ISO 27001 standards. The proposed model seeks to assure information confidentiality, integrity, availability, and compliance with legal mandates. The study adopted the OCTAVE v2.0 method, executed in three distinct phases. In the first phase, profiles of asset-based threats were constructed. The second phase involved the identification of infrastructure vulnerabilities, whereas the final phase focused on the development of a security strategy and plans. The implementation of the proposed model yielded a marked impact, with a positive shift from 46% to 94% following the establishment of IT infrastructure security policies. The study underscores the importance of conducting a comparative analysis prior to implementation and asserts that well-defined and identified security models and information systems auditing can effectively counteract potential data leaks and cyber-attacks such as malware, phishing, spam, and ransomware. The findings suggest that a meticulous and preemptive approach to auditing and security planning can significantly bolster the resilience of an organization's digital infrastructure.

Original languageAmerican English
Pages (from-to)763-771
Number of pages9
JournalInternational Journal of Safety and Security Engineering
Issue number4
StateIndexed - 2023

Bibliographical note

Publisher Copyright:
© 2023 WITPress. All rights reserved.


  • ISO 27001 standards
  • IT infrastructure security
  • cyberattacks
  • organizations
  • protection of valuable assets


Dive into the research topics of 'Leveraging Security Modeling and Information Systems Audits to Mitigate Network Vulnerabilities'. Together they form a unique fingerprint.

Cite this