Аналіз вихідних даних для формування політики інформаційної безпеки на підприємстві

Abstract

The article considers the factors that are to be analyzed in the process of information security policy-making at the enterprise as a whole and in each of its business processes. damage caused, by the degree of influence on the information system, by the nature of occurrence) and their potential carriers - security violators (by the place of action, by motive of the violation, by the level of knowledge about the information system) theme, in terms of opportunities for future action). Based on the requirements of the current legislation, the author proposes to formulate appropriate models of threats and violators, based on the needs of the enterprise, as well as taking into account the importance of the information to be protected. Analysis of threats and breaches of information security allows the head of the company to formulate an optimal security policy, applying a specific set of measures aimed at its implementation. At the same time, particular attention is paid to the ratio of potential losses to expenditures aimed at preventing the realization of specific threats. The basis for further research on the formation of information security policy in the enterprise with the identification of critical data, the loss of which can greatly affect the economic performance of the enterprise; the formation of functional security profiles, taking into account the need for maximum protection at minimum cost.