FEATURES OF TECHNICAL AND TECHNOLOGICAL MANAGEMENT OF ENTERPRISE INFORMATION SECURITY IN THE BUSINESS ENVIRONMENT
Abstract
The article actualizes the need to study the enterprise information security management system, in particular in its technical and technological part. On the basis of the conducted researches the basic levels at which there was maintenance of information security are allocated: physical, program, normative-legal, technical-technological and organizational-administrative levels. The system of management of technical and technical protection of information in information systems was formed, which includes subjects (special subjects of protection system, management, specialists and personnel), objects (databases, documentation in electronic form and on paper, information, constituting a trade secret, technological, technical and production information) and technical-technological, hardware, software, organizational and managerial tools for managing the protection of the information system. Taking into account the proposed management system of technical and technological protection of information in information systems, its functions, tasks, stages of implementation and other aspects, the directions and basic tools for technical and technological management of information security of the business entity were identified. The main directions of the management system of technical and technological protection of information were defined: management of information security incidents, regular updating of software security, access control and password policy control, audit of network infrastructure. The tools of technical and technological management of information security of the enterprise were characterized by: modules of trusted loading, analysis of security of information systems, protection against viruses and spam, DLP-systems, protection of virtual infrastructure, intrusion detection systems. Effective implementation of the system of technical and technological management of information security of the enterprise was proposed to implement on the basis of the model "Lifecycle Security", which regulates and describes the stages of building a corporate information security system and organizational modes of information system protection in general, means of information protection.
References
Балановская А. В., Волкодаева А. В. Организационно-экономические механизмы обеспечения эффективности управления информационной безопасностью промышленных предприятий: монография. Самара : САГМУ, 2012. 248 с.
Белозеров О. И., Топоркова И. И. Программно-технические аспекты функционирования систем обеспечения информационной безопасности. Вопросы науки и образования. 2018. №10 (22). С. 45–47.
Блинов А. М. Некоторые аспекты автоматизации технологических процессов предприятий с учетом информационной безопасности. Записки Горного института. 2011. Т. 192. С. 136–139.
Бойченко О. В., Шелудько Б.А. Технологические аспекты информационной защиты объекта информатизации. Мировая наука : проблемы и инновации : материалы VIII Международной научно-практической конференции МЦНС «наука и просвещение». 2017. С. 55–58.
Ветрова Н. М., Гайсарова А. А. Особенности менеджмента информационной безопасности на современном этапе. Экономика строительства и природопользования. 2017. №1 (2). С. 64–69.
Двойнишников Н. Э. Технологические особенности проблем обеспечения информационной безопасности автоматизированных систем управления, являющихся объектами критической информационной инфраструктуры. Международный журнал прикладных наук и технологий «Integral». 2019. №1. С. 127–132.
Домарев В.В. Программно-технические методы и средства защиты информации. URL: http://www.bezpeka.com/files/lib_ru/bookdomarev03/ch_ 09.pdf (дата звернення: 19.12.2020).
Дячков Д. В. Стратегічні напрями управління інформаційною безпекою підприємств агропродовольчої сфери. Український журнал прикладної економіки. 2019. Том 4. № 4. С. 70–78.
Легомінова С. В. Теоретичні засади інформаційної безпеки підприємства. Економіка. Менеджмент. Бізнес. 2015. № 3. С. 87–92
Маркіна І. А., Дячков Д. В. Основи формування системи менеджменту інформаційної безпеки підприємства. Проблеми і перспективи розвитку підприємництва : зб. наук. пр. Харківського національного автомобільно-дорожнього університету. Харків : ХНАДУ, 2016. № 3 (14), Т. 1. С. 80–88.
Balanovskaya, A., & Volkodayeva, A. (2012). Organizatsionno-ekonomicheskiye mekhanizmy obespecheniya effektivnosti upravleniya informatsionnoy bezopasnost'yu promyshlennykh predpriyatiy [Organizational and economic mechanisms for ensuring the effectiveness of information security management of industrial enterprises]. Samara: SAGMU, 248. (in Russian)
Belozerov, O., & Toporkova, I. (2018). Programmno-tekhnicheskiye aspekty funktsionirovaniya sistem obespecheniya informatsionnoy bezopasnosti [Software and technical aspects of the functioning of information security systems]. Voprosy nauki i obrazovaniya – Science and education issues, 10 (22), 45–47. (in Russian)
Blinov, A. (2011). Nekotoryye aspekty avtomatizatsii tekhnologicheskikh protsessov predpriyatiy s uchetom informatsionnoy bezopasnosti [Some aspects of automation of technological processes of enterprises taking into account information security]. Zapiski Gornogo instituta – Notes of the Mining Institute, 192, 136–139. (in Russian)
Boychenko, O., & Shelud'ko, B. (2017). Tekhnologicheskiye aspekty informatsionnoy zashchity ob"yekta informatizatsii [Technological aspects of information protection of the object of informatization]. Mirovaya nauka : problemy i innovatsii : materialy VIII Mezhdunarodnoy nauchno-prakticheskoy konferentsii MTSNS «nauka i prosveshcheniye» – World Science: Problems and Innovations: Proceedings of the VIII International Scientific and Practical Conference of the ICNS «Science and Education», 55–58. (in Russian)
Vetrova, N., & Gaysarova, A. (2017). Osobennosti menedzhmenta informatsionnoy bezopasnosti na sovremennom etape [Features of information security management at the present stage]. Ekonomika stroitel'stva i prirodopol'zovaniya – Economics of construction and environmental management, 1(2), 64–69. (in Russian)
Dvoynishnikov, N. (2019). Tekhnologicheskiye osobennosti problem obespecheniya informatsionnoy bezopasnosti avtomatizirovannykh sistem upravleniya, yavlyayushchikhsya ob"yektami kriticheskoy informatsionnoy infrastruktury [Technological features of the problems of ensuring information security of automated control systems that are objects of critical information infrastructure]. Mezhdunarodnyy zhurnal prikladnykh nauk i tekhnologiy «Integral» - International journal of applied sciences and technologies "Integral", 1, 127–132. (in Russian)
Domarev, V. (n.d.) Programmno-tekhnicheskiye metody i sredstva zashchity informatsii [Software and technical methods and information security tools]. Retrieved from: http://www.bezpeka.com/files/lib_ru/bookdomarev03/ch_09.pdf (in Russian)
Dyachkov, D. (2019). Stratehichni napryamy upravlinnya informatsiynoyu bezpekoyu pidpryyemstv ahroprodovolʹchoyi sfery [Strategic directions of information security management of agro-food enterprises]. Ukrayinsʹkyy zhurnal prykladnoyi ekonomiky – Ukrainian Journal of Applied Economics, 4(4), 70–78.
Lehominova S. (2015). Teoretychni zasady informatsiynoyi bezpeky pidpryyemstva [Theoretical principles of information security of the enterprise]. Ekonomika. Menedzhment. Biznes – Economy. Management. Business, 3, 87–92.
Markina I., & Dyachkov D. (2016). Osnovy formuvannya systemy menedzhmentu informatsiynoyi bezpeky pidpryyemstva [Fundamentals of formation of information security management system of the enterprise]. Problemy i perspektyvy rozvytku pidpryyemnytstva : zb. nauk. pr. Kharkivsʹkoho natsionalʹnoho avtomobilʹno-dorozhnʹoho universytetu – Problems and prospects of business development: coll. Science. Kharkiv: KHNADU, 3(14), 80–88.
