Organizational paradigm for providing of information security

Abstract

The theoretical and methodological bases of application of organizational governance theories for ensuring information security are researched. The basic terms concerning systems and their classifications, process of governance and its function, theory, process and organization are considered. The main provisions concerning the theory of governance, the theory of systems, the theory of organizations, which give the opportunity to establish the basis of a scientific approach for the sustainable functioning of organizations, in particular those working in the field of information security, are generalized. The classical approaches to the formation of the scientific fundamentals of the theory of systems, the theory of organizations and the theory of governance for ensuring information security are analyzed. The focus is on the combination of the indicated theories. This formulates the requirements and documented the rules for effective and resultative management of information security organizations of different types, different status, any sphere of activity. The peculiarities of the application of organizational theories of governance to information security management are established. For information classified in Ukraine as restricted information, the best and most effective mechanisms for protecting critical information should be applied. The combination of classical theories enables it to be realized in the information security policies (rules). To date, two organizational governance theories are well-known in Ukraine, which are implemented by organizations in support of the implementation of the rules for the protection of critical information. The first is the information security management system, developed on the basis of a series of international standards ISO/IEC 27k. Another is the comprehensive information security system, which must be applied by Ukrainian enterprises of all forms of ownership and subordination, where circulating information with restricted access. Unlawful access to the specified information may harm citizens, organizations (legal entities) and the state. These systems are an effective tool used by organizations where there are particularly high requirements for working with documents containing critical information. The result of the practical application of organizational governance theories for the organizations of Ukraine's sphere of information protection is a more efficient and effective provision of information security.