Information Security Management System in Terms of Business Practice in Slovakia

Abstract

The values of society turbulently change with the ongoing changes in the world. It is the information that values most. Demand for information increases along with the need for even more advanced communication and information security in all fields of human activity. Development in the field of science and technology has brought many advantages such as the Computational Age and the massive introduction of the Internet as a communication and information platform, along with disadvantages which are particularly due to insecure sources of information assets exposed to a wide scale of threats and hazards such as degradation, loss, damage, disclosure, and misuse. The paper deals with information security and its role in management systems. There is no simple recipe providing 100 % security of information. Companies apply the best security procedures with the aim to achieve an appropriate level of information security. One of the possibilities is the implementation in the information security management system according to ISO/IEC 27001 standard.
 The above-mentioned fact was the reason for carrying out the research and mapping the information security as well as closely related areas in terms of business practice in Slovakia. The aim of the article is to point at the information security in the companies, emphasize the importance of the information security management system in the business practice and analyze the current state of the information security and processes of the information security management system in the Slovak business entities.
 This article deals with selected results of the research carried out within the project „Information assets security as an integral part of quality management system in accordance with the principles of socially responsible business practices “, (acronym: SeInA). The methodology of the study was based on the scientific methods of acquiring and processing data: observation, questionnaire, interview, qualitative methods (analysis, synthesis, induction, deduction, comparison, abstraction, etc.); quantitative methods (descriptive statistics such as frequency analysis, statistical analysis, confidence intervals) and graphical methods. The research results identified the strengths of business entities and revealed the areas that need improvement. Entrepreneurial entities should primarily realize that information security cannot be provided randomly, i.e. in particular cases of emergency or incident; it requires a well-established and well-attended system providing minimum risk to information security, with a required level of guarantee and secured continuity of processes and individual activities of the organization. The reason for the security information management system is to achieve better results than those that would be attained with independent behavior and operation. A well-established and well-attended system should ensure that the attributes (confidentiality, integrity, availability, etc.) of the information assets security are being met, thus providing security for all parties and cultivating trustworthy relationships with them.
 
 Keywords: information; security; management system; business practice; research results.