Organizational paradigm for providing of information security
The theoretical and methodological bases of application of organizational governance theories for ensuring information security are researched. The basic terms concerning systems and their classifications, process of governance and its function, theory, process and organization are considered. The main provisions concerning the theory of governance, the theory of systems, the theory of organizations, which give the opportunity to establish the basis of a scientific approach for the sustainable functioning of organizations, in particular those working in the field of information security, are generalized. The classical approaches to the formation of the scientific fundamentals of the theory of systems, the theory of organizations and the theory of governance for ensuring information security are analyzed. The focus is on the combination of the indicated theories. This formulates the requirements and documented the rules for effective and resultative management of information security organizations of different types, different status, any sphere of activity. The peculiarities of the application of organizational theories of governance to information security management are established. For information classified in Ukraine as restricted information, the best and most effective mechanisms for protecting critical information should be applied. The combination of classical theories enables it to be realized in the information security policies (rules). To date, two organizational governance theories are well-known in Ukraine, which are implemented by organizations in support of the implementation of the rules for the protection of critical information. The first is the information security management system, developed on the basis of a series of international standards ISO/IEC 27k. Another is the comprehensive information security system, which must be applied by Ukrainian enterprises of all forms of ownership and subordination, where circulating information with restricted access. Unlawful access to the specified information may harm citizens, organizations (legal entities) and the state. These systems are an effective tool used by organizations where there are particularly high requirements for working with documents containing critical information. The result of the practical application of organizational governance theories for the organizations of Ukraine's sphere of information protection is a more efficient and effective provision of information security.
Full Text:PDF (Українська)
M. Tulenkov, “Cooperating sociology as a subject area management”, Social Psychology, no. 1 (21), pp. 12-25, 2007.
V. P. Popov, and I. V. Kraynyuchenko, “The concept of “system””, Management and personal: Psychology management, sociology and socionics, no. 5-6, pp. 71-80, 2016.
V. V. Domarev, and D. V. Domarev, Management of information security in banks (Theory and practical implementation of standards series ISO 27k). Donets’k, Ukraine: WS “Vеlstar”, 2012.
L. Gordon, and M. Loeb, “The economics of information security investment”, ACM Transactions on information and system security, vol. 5, no 4, pp. 438-457, Nov. 2002.
L. Gordon, and M. Loeb, “Return on information security investment: myths vs. reality”, Strategic Finance, pp. 26-31, Nov.2002.
D.V. Моlоdtsоv, “Моdel of the Gross”, Zhurnal Vychislitel’noi Matematiki i Matematicheskoi Fiziki, vol. 2, no. 12, pp. 309-320, 1972.
I. I. Kargin, Systemology: Theory, Methodology, Practice. Moscow, Russia: SEIHPE “MGUS”, 2007.
V. V. Godin, and I. K. Korneev, Information support for management activities. Moscow, Russia: Higher School, 2001.
N.T. Zadorozhna, and K.M. Lavrischeva, Document management information systems education (Colleges and for PPO). Kyiv, Ukraine: DUT, 2011.
G. I. Balibardina, Document management and documentation support of management. Volgograd, RF: Volg. GU, 2002.
D. A. Novikov, Theory of governance of organizational systems. Moscow, Russia: MPSI, 2005.
B. Andersen, Business-Processes. Improvement tools. Moscow, Russia: RIA “Standards and Quality”, 2003.
V. V. Kondratiev, and M. N. Kuznetsov, We show business processes from the company's process model to the procedural rules. Moscow, Russia: Eksmo, 2008.
V. V. Repin, and V. G. Eliferov, Process approach to governance. Modeling of business processes. Moscow, Russia: RIA “Standards and Quality”, 2004.
ISSN 2411-1031 (Print), ISSN 2518-1033 (Online)