Home  Journals  National Interests: Priorities and Security  1(286) - 2015 January

Organizational support to IT infrastructure management in the information security system of an enterprise

Vol. 11, Iss. 1, JANUARY 2015

Article PDF Version

Available online: 7 January 2015

Subject Heading: THREATS AND SECURITY

JEL Classification: 

Pages: 31-41

At present, the issue of information security management of an enterprise is extremely relevant. Its relevance is determined by aggravating problems of information security in the conditions of intensive improvement of data protection technologies and tools. It is proved by increased number of violations in the field of information protection and growing seriousness of their consequences. Globally, the total annual number of violations increases by more than 100%. In Russia, the number of reported crimes in the sphere of information security increases several times every year. The statistics shows that if a commercial organization leaks important internal information, it becomes a bankrupt in 60% of cases. Thus, there are factors and parameters that determine the need for a balanced approach to the indicated problem: the growing number of data-related threats and risks, inadequate information security of existing corporate information systems. The modern market dictates the need to ensure security and protection of commercial information and sensitive data. Protection of information resources at modern enterprises is one of the main areas, which requires a continuous analysis of the quality of resources, tools, security methods, as well as their prompt update and improvement. The article analyses the challenges to information integrity in corporate information systems, and information resources of modern enterprises. The author offers formalization of information security system optimization of an enterprise. The paper defines organizational management parameters of the IT infrastructure in the data security system of an enterprise, describes the information-processing procedure and decision-making while managing IT infrastructure within the information security system. The author describes a model of "personnel resource" influence on IT infrastructure management in the system of data protection of an enterprise and offers recommendations to minimize human resource risks and threats.

Keywords: Keywords: IT infrastructure management, enterprise information security, contour information processing, decision making, minimizing personnel risks, threats

References:

1. Vlasenko M.N. Organizatsionnye aspekty i problemy kadrovogo obespecheniya khozyaistvuyushchikh sub"ektov spetsialistami sfery informatsionnoi bezopasnosti v sovremennykh usloviyakh rynochnoi ekonomiki Rossii [Organizational aspects and problems of staffing economic agents with specialists in the field of information security under Russian current economic environment]. Natsional'nye interesy: prioritety i bezopasnost' = National interests: priorities and security, 2011, no. 24, pp. 64–70.
2. Gatchin Yu.A., Zharinov I.O., Korobeinikov A.G. Matematicheskie modeli otsenki infrastruktury sistemy zashchity informatsii na predpriyatii [Mathematical models of assessing the infrastructure of information security systems of an enterprise]. Nauchno-tekhnicheskii vestnik informatsionnykh tekhnologii, mekhaniki i optiki = Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2012, no. 2, pp. 92–95.
3. Gorbenko I.D., Kachko E.G., Potii A.V. Resheniya i sredstva zashchity informatsii [Information security solutions and tools]. Moscow, Forum, INFRA-M Publ., 2004, pp. 528–533.
4. Kroshilin S.V. Informatsionnye voiny na mikro- i makrourovne i ikh vliyanie na ekonomicheskuyu bezopasnost' [Information warfare at micro- and macro-levels and their impact on economic security]. Natsional'nye interesy: prioritety i bezopasnost' = National interests: priorities and security, 2011, no. 7, pp. 46–50.
5. Karpychev V.Yu. Ekonomicheskii analiz normativno-tekhnicheskogo obespecheniya informatsionnoi bezopasnosti [Economic analysis of normative-technical support for information security]. Ekonomicheskii analiz: teoriya i praktika = Economic analysis: theory and practice, 2011, no. 35, pp. 2–18.
6. Korovyakovskii D.G. Rossiiskii i zarubezhnyi opyt v praktike zashchity personal'nykh dannykh [The Russian and foreign experience in the practice of personal data protection]. Natsional'nye interesy: prioritety i bezopasnost' = National interests: priorities and security, 2009, no. 4, pp. 48–54.
7. Loginov E.L., Loginov A.E. Organizatsionnye podkhody k povysheniyu informatsionnoi bezopasnosti sistem kriticheskoi infrastruktury Rossii [Organizational approaches to enhancing information security systems of the Russian critical infrastructure]. Natsional'nye interesy: prioritety i bezopasnost' = National interests: priorities and security, 2013, no. 15, pp. 7–13.
8. Loginov E.L., Loginov A.E. Problemy povysheniya bezopasnosti sistem upravleniya v EES Rossii [Problems of enhancing management system safety in the UES of Russia]. Natsional'nye interesy: prioritety i bezopasnost' = National interests: priorities and security, 2012, no. 45, pp. 31–37.
9. Ovsyanitskaya L.Yu. Aktual'nye voprosy zashchity informatsii (na primere promyshlennykh predpriyatii i uchrezhdenii zdravookhraneniya g. Chelyabinska) [Topical issues of information security (the case of Chelyabinsk industrial enterprises and health care institutions)]. Natsional'nye interesy: prioritety i bezopasnost' = National interests: priorities and security, 2013, no. 21, pp. 54–59.
10. Petrovskii V.I., Tumbinskaya M.V., Petrovskii M.V. Optimizatsiya kompleksnoi sistemy zashchity informatsii na predpriyatiyakh razlichnykh form sobstvennosti: monografiya [Optimization of comprehensive system of information security at enterprises with various forms of ownership: a monograph]. Kazan, Otechestvo Publ., 2014, 636 p.
11. Petrovskii V.I., Tumbinskaya M.V. Printsipy postroeniya sistemy zashchity informatsii na predpriyatiyakh razlichnykh form sobstvennosti: uchebnoe posobie [Principles of building information security system at enterprises with various forms of ownership: a textbook]. Kazan, Poznanie Publ., 2014, 469 p.
12. Pomekhi v tekhnologii obespecheniya informatsionnoi bezopasnosti: monografiya [Hazards in the technology of information security support: a monograph]. Kazan, Kazan State Technical University Publ., 2004, 282 p.
13. Petrovskii V.I, Petrovskii V.V. Informatsionnaya bezopasnost' i elektromagnitnaya sovmestimost' tekhnicheskikh sredstv: monografiya [Information security and electromagnetic compatibility of technical equipment: a monograph]. Kazan, Kazan State Technical University Publ., 2005, 388 p.
14. Revenkov P.V. Elektronnyi banking: upravlenie riskami informatsionnoi bezopasnosti [Electronic banking: information security risk management]. Finansy i kredit = Finance and credit, 2010, no. 9, pp. 59–63.
15. Tronikov I.B. Metody otsenki informatsionnoi bezopasnosti predpriyatiya na osnove protsessnogo podkhoda [Methods of assessing information security of an enterprise based on the process approach]. St. Petersburg, Saint Petersburg State University of Information Technologies Publ., 2010, 134 p.
16. Terent'ev A.M. Vybor adekvatnykh sredstv informatsionnoi zashchity personal'nogo komp'yutera v Rossii [Choosing appropriate information security tools for personal computers in Russia]. Natsional'nye interesy: prioritety i bezopasnost' = National interests: priorities and security, 2012, no. 33, pp. 37–42.
17. Ustinovich E.S., Barbashin E.A. Pravovye garantii obespecheniya informatsionnoi bezopasnosti pri osushchestvlenii informatsionnoi deyatel'nosti organami publichnoi vlasti v Rossii [Legal guarantees to ensure information security when implementing information activities by public authorities in Russia]. Natsional'nye interesy: prioritety i bezopasnost' = National interests: priorities and security, 2008, no. 3, pp. 84–88.
18. Tsaregorodtsev A.V. Analiz riskov bezopasnosti dannykh v korporativnykh setyakh kreditno-finansovykh organizatsii na osnove oblachnykh vychislenii [Analyzing data security risks in corporate networks of credit and financial institutions on the basis of cloud computing]. Natsional'nye interesy: prioritety i bezopasnost' = National interests: priorities and security, 2013, no. 39, pp. 35–43.
19. Chumichkin A.A. Sovremennye vyzovy razvitiyu informatsionnykh tekhnologii v usloviyakh ispol'zovaniya setevykh soobshchestv v realizatsii strategii informatsionnykh voin [Today’s challenges faced by IT development under conditions of using online communities in information warfare strategy implementation]. Natsional'nye interesy: prioritety i bezopasnost' = National interests: priorities and security, 2012, no. 9, pp. 33–41.
20. Shindin A.I. Informatsionnoya bezopasnost' kak reshayushchii faktor dlya dostizheniya biznes-tselei [Information security as a crucial factor to achieve business goals]. Natsional'nye interesy: prioritety i bezopasnost' = National interests: priorities and security, 2008, no. 5, pp. 70–72.
21. Yur'eva L.V. Osobennosti i problemy sistemy informatsionnoi bezopasnosti v metallurgicheskikh kholdingakh [Features and problems of information security system in metallurgical holdings]. Natsional'nye interesy: prioritety i bezopasnost' = National interests: priorities and security, 2008, no. 10, pp. 74–80.

View all articles of issue

ISSN 2311-875X (Online)
ISSN 2073-2872 (Print)

Journal current issue

Vol. 20, Iss. 4 April 2024

Archive