Предпосылки формирования системы информационной безопасности предприятия

Abstract

The article discusses the problems of managing the information security of the enterprise in a changing business climate. The description, shortcomings and advantages of the existing asS TP security system are given. The specifics of the company's procedural and technological security capabilities have been revealed. The enterprise's IT infrastructure has been identified in the information security and cyber defense format, consisting of three components: the servers of applications that deliver business applications; database servers that contain business data and system administration channels to manage and monitor infrastructure that need to work together as a coherent and coordinated system. Structured architecture, uniting corporate cybersecurity in 11 functional areas covering the technical and operational breadth of enterprise cybersecurity. These functional areas are highlighted on the basis of their relative independence from each other and because they are well consistent with the way staff, experience and responsibilities are shared in the enterprise. This corporate cybersecurity architecture format provides the basis for managing the capabilities that the enterprise provides the tools of audit, forensics, detection, and preventive control. This structure provides consistent management of security capabilities and helps prioritize their deployment, maintenance, and updates over time. It also ensures strict accountability and good alignment of strategy, staff, budget and technology to meet the organization's security needs. The structure is designed to be flexible and scalable regardless of the size of the enterprise. It provides an expandable mechanism for adjusting cyber defense over time in response to changing cyber threats.