Менеджмент інформаційної безпеки комерційного підприємства
Information Security Management of a Commercial Enterprise
Author(s): Volodymyr PanchenkoSubject(s): Economy, Business Economy / Management, Micro-Economics, Accounting - Business Administration, ICT Information and Communications Technologies
Published by: Центральноукраїнський національний технічний університет
Keywords: threat; information systems; information security; security controls; CISSP; information security management; ISMS; threats; information systems;
Summary/Abstract: The basic concepts of information security such as properties, threats, vulnerabilities, risks, controls are reviewed. The classification and examples of information security threats are given. The information security management system is described. The measures of security in the context of ISO 27001 are discussed.The article considers the preconditions of enterprise information security and the control features are defined by it, that associated with the continuous development of enterprise information infrastructure, the provision of various types of information services, automation of financial and operational performance, as well as the business processes of modern organizations.It was determined that the purpose of information management is to ensure the effective development of a business enterprise through the prompt and flexible regulation of various types of information activities (search, collection, analysis, synthesis, processing, transmission, storage and use of various information).The advantages for the commercial enterprise from the introduction of the information security management system are revealed: (a) protecting information and documents against theft; (b) increasing the confidence of business partners who are confident in protecting their business information, production secrets and business; (c) improving the positive image of the company; (d) increasing competitive advantage by protecting information; (e) creating an effective management mechanism for identifying and managing risks while ensuring information security of a business enterprise.Determined concept, purpose and methods of information security improvements of enterprise information environment at the present stage of development economics. Classification and unification of the most commonly used methods for information security. In order to ensure the confidentiality of information were provided recommendations for improving the information security of domestic enterprises.
Journal: Центральноукраїнський науковий вісник. Економічні науки
- Issue Year: 2019
- Issue No: 3 (36)
- Page Range: 219-228
- Page Count: 10
- Language: Ukrainian