You are here
Conceptual principles for ensuring effective protection of information in the context of economic security of the enterprise
The necessity of formation of an effective information security system of the enterprise is substantiated. It is emphasized that when designing an information policy, the firm must comply with the requirements of the current legislation, take into account the level of technical support, especially the regulation of employees' access to confidential information, etc. It is stated that the costs of organizing information security measures should be appropriate to its value.
The article identifies major threats that could be breached by confidential information. The list of the main normative legal acts aimed at bringing to civil, administrative and criminal responsibility for illegal collection, disclosure and use of information constituting a trade secret. The main stages of building an information security policy are summarized, the most common types of information threats related to the use of modern computer technologies are described.
The necessity of developing a domestic original accounting (management) program that could be used in the long term by the vast majority of Ukrainian enterprises is pointed out.
There are three groups of tools that are applied in the theory and practice of information security of the enterprise (active, passive and combined), emphasizing the need for planning and continuous monitoring in real time of all important processes and conditions that affect data security.
It is noted that even if the information security system is built taking into account all modern methods and means of protection, it does not guarantee one hundred percent protection of the information resources of the enterprise, but a well-designed information security policy allows to minimize the corresponding risks.
Key words: information security, information policy, information security, confidential information, information threats, information and communication technologies, software.
1. Mykytenko T.V., Petrovska I.O., Rohov P.D. (2014). Problemy informatsiinoi bezpeky subiektiv hospodariuvannia v Ukraini ta mozhlyvi shliakhy yikh vyrishennia v suchasnykh umovakh [Problems of informative safety of subjects of menage in Ukraine and possible ways of their decision are in modern terms]. Zbirnyk naukovykh prats Tsentru voienno-stratehichnykh doslidzhen Natsionalnoho universytetu oborony Ukrainy imeni Ivana Cherniakhovskoho [Collection of scientific works of Center of military-strategic researches of the National university of defensive of Ukraine of the name of Ivan Cherniakhovskii], no 1, pp. 24-31. Available at: http://journals.uran.ua/index.php/2304-2699/article/view/126694
2. Pecheniuk A.V. (2015). Problemy orhanizatsii efektyvnoho zakhystu informatsii [Problems of organization of effective protection of information]. Bukhhalterskyi oblik, kontrol ta analiz v umovakh instytutsionalnykh zmin ta staloho ekonomichnoho rozvytku [Accounting, control and analysis in the face of institutional change and sustainable economic development]: materialy II mizhnar. nauk.-prakt. internet-konf. 25 lystopada 2015 r. Ternopil, Krok, pp. 129-133.
3. Pro informatsiiu: Zakon Ukrainy [On Information]. Law of Ukraine. Available at: https://zakon.rada.gov.ua/laws/show/2657-12.
4. Pro zakhyst informatsii v informatsiino-telekomunikatsiinykh systemak: Zakon Ukrainy [On Information Protection in Information and Telecommunication Systems]. Law of Ukraine. Available at: https://zakon.rada.gov.ua/laws/show/80/94-%D0%B2%D1%80.
5. Pro rishennia Rady natsionalnoi bezpeky i oborony Ukrainy vid 27 sichnia 2016 roku. Pro Stratehiiu kiberbezpeky Ukrainy Ukaz Prezydenta Ukrainy. [On the Decision of the National Security and Defense Council of Ukraine of January 27, 2016. On the Cybersecurity Strategy of Ukraine]. Presidential Decree. Available at: https://zakon5.rada.gov.ua/laws/show/96/2016.
6. Valiullina Z.V. (2016). Informatsiina bezpeka korporatyvnoi ekonomiky v umovakh hlobalizatsiinykh protsesiv [Information security of corporate economy in the conditions of globalization processes]. Visnyk Dnipropetrovskoho universytetu [Bulletin of Dnipropetrovsk University], no. 6. pp. 34–43. Available at: https://www.ssoar.info/ssoar/bitstream/handle /document/62126/ssoar-ejmi-2016-6-valiullina-.pdf?sequence=1.
7. Hudz O.Ie., Makovii V.V. (2019). Kontseptualni osnovy formuvannia informatsiinoi polityky pidpryiemstv [Conceptual bases of formation of information policy of the enterprises]. Naukovyi visnyk Uzhhorodskoho natsionalnoho universytetu [Scientific Bulletin of Uzhgorod National University], no. 23, pp. 65–69. Available at: http://dspace.msu.edu.ua:8080/ jspui/bitstream/123456789/3222/1/%D0%9DEHEDOSH_COMPONENTS_LOGISTICS.PDF.pdf
8. Pecheniuk A. (2019). Problems of building of effective information security of the enterprise. Problems and achievements of modern science: coll. of scientific papers «ΛΌHOΣ» with materials of the International scientific-practical conf., Cork, May 6, 2019. Cork: NGO «European Scientific Platform», no. 6, pp. 14-16.
9. Sisetska A., Senchenko Ye. Antymonopolnyi komitet Ukrainy na zakhysti komertsiinoi taiemnytsi [Antimonopoly Committee of Ukraine for the Protection of Trade Secrets]. Available at: https://vkp.ua/publication/antimonopolnyy_komitet_ukrainy_na_zaschite_ko....
10. Ubyivovk I.I. (2016). Informatsiina bezpeka diialnosti pidpryiemstv [Information security of activity of enterprises]. Prychornomorski ekonomichni studii [Black Sea Economic Studies], no 9(2), pp. 126-131. Available at: http://bses.in.ua/journals/2016/9-2-2016/29.pdf
11. Melnyk M.O., Nikityn H.D., Mezentseva K.O. (2017). Analiz pobudovy modeli polityky informatsiinoi bezpeky pidpryiemstva [Analysis of building a model of enterprise information security policy]. Systemy obrobky informatsii [Information processing systems], no. 2(148), pp. 126-128. Available at: http://www.hups.mil.gov.ua/periodic-app/article/17407
12. Pecheniuk A.V. (2014) Osoblyvosti orhanizatsii informatsiinoi bezpeky suchasnoho pidpryiemstva [Features of organization of information security of the modern enterprise]. Instytut bukhhalterskoho obliku, kontrol ta analiz v umovakh hlobalizatsii [Institute of accounting, control and analysis in the conditions of globalization]: mizhnar. zb. nauk. prats, Ternopil, Krok, no 2, pp. 165-168. Available at: http://ibo.tneu.edu.ua/index.php/ibo/article/view/124/123
13. Kavun S.V., Pylypenko A.A., Ripka D.O. (2013). Ekonomichna ta informatsiina bezpeka pidpryiemstv u systemi konsolidovanoi informatsii [Economic and information security of enterprises in the system of consolidated information]. Kharkiv, KhNEU, 364 p. Available at: http://www.repository.hneu.edu.ua/bitstream.
14. Bazovyi kurs z informatsiinoi bezpeky [Basic Information Security Course]. Available at: http://cert.gov.ua/pdf/Broshura-CERT-UA-Informatsiina-bezpeka.pdf.
15. Ostapov S.E. Yevseiev S.P., Korol O.H. (2013). Tekhnolohii zakhystu informatsii: navchalnyi posibnyk [Information security technologies: a textbook]. Kharkiv, KhNEU, 476 p. Available at: https://www.twirpx.com/file/2340575/
16. Vereskun M.V. (2014). Metodychne zabezpechennia systemy informatsiinoi bezpeky promyslovykh pidpryiemstv [Methodical provision of information security system of industrial enterprises]. Ekonomika i orhanizatsiia upravlinnia [Economics and management organization], no 1(17), pp. 54-60.
17. Bazovi pravyla informatsiinoi bezpeky na pidpryiemstvi [Basic rules of information security at the enterprise]. Available at: https://uk-winner.com/basic-rules-of-information-security-at-the-enterprise.
18. Zakharchenko M.V., Kononovych V.H., Kildishev V.I. (2011). Informatsiina bezpeka informatsiino-komunikatsiinykh system [Information security of information and communication systems]. Kompleksy zasobiv zakhystu informatsii vid NSD [Information security complexes]. Odesa, ONAZ im. O.S. Popova, 168 p.
19. Kuzmenko B.V. Zakhyst informatsii. Orhanizatsiino-pravovi zasoby zabezpechennia informatsiinoi bezpeky [Protection of information. Organizational and legal means of ensuring information security]. Available at: http://itman.at.ua/news/kuzmenko_b_v_chajkovska _o_a_zakhist_informaciji_navchalnij_posibnik_ch_1_organizacijno_pravovi_zasobi_zabezpechennja_informacijnoji/2011-03-25-5.
20. Batiuk A.Ie., Dvulit Z.P., Obelovska K.M. (2004). Informatsiini systemy v menedzhmenti [Information systems in management]. Lviv, Natsionalnyi universytet «Lvivska politekhnika», «Intelekt-Zakhid», pp. 343-380.
21. Holovan S.M. Zakhyst konfidentsiinoi informatsii v orhanizatsii [Protecting sensitive information in an organization]. Available at: http://dspace.nbuv.gov.ua/bitstream/ handle/123456789/26513/05-Golovan.pdf?sequence=1.
Attachment | Size |
---|---|
pecheniuk_a._v._1-2020.pdf | 806.63 KB |