Abstract
The article discusses the concept of organizational formation of the protected information system of a commercial enterprise. The content and classification of information resources, subject to the characteristics of the trading activities, information about customers, employees, communicative, general, financial and legal data have been given; the level of importance has been revealed. The basic principles of creating the protected information system in terms of specificity of a commercial enterprise (continuity, integrity, systemacy, legitimacy) have been formulated. Taking into account the specified principles, the thematic content of requirements to the protected information system has been determined: centralization, planning, preciseness, purposefulness, activity, reliability, flexibility, originality, openness, economic efficiency. There are given recommendations to building a secure information system, which include easy maintenance and transparency for users of the mechanisms of the information system protection; a minimum set of privileges for users; ability to disable the security mechanisms of information system in the critical circumstances; independence of protection mechanisms from the information system; assumptions about the worst intentions and potential users’ errors; minimization of information about existing mechanisms of information system protection. It has been determined that the information system protection includes two components: organizational and administrative (including the internal documents regulating the issues of protection) and technical (including the subsystems of anti-virus protection, back up and archiving, email security, intrusion detection, protection of data transmission channels, identification and authentication of users); their functional purpose being analyzed. The purpose and content of security policy of information system were determined as a theoretical basis of organizational and administrative components of the protection system. It has been inferred about the universality of the presented method providing secure communication for the users of a business.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Vestnik of Astrakhan State Technical University. Series: Management, computer science and informatics
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
