Principles of information security management system

Abstract

The main element of a complex system that determines its performance and efficiency is its management system. Modern management systems are widely used, including in the management of teams of people united by common goals (organizations, departments, groups of developers, etc.). Information security is no exception - it is not enough to saturate the division responsible for information technology security with personnel, technical systems of information protection, it is necessary to ensure the effectiveness in achieving the goals, which is not possible without an appropriate management system. Information security specialists in organizations of various forms of ownership often face the problem of ensuring effective and efficient protection of information assets. Availability of international and national standards, regulatory documents of regulators does not ensure the achievement of high performance and efficiency indicators. The achievability of these indicators is determined by setting and achieving a number of goals, based on certain strategic principles of information security management system.