Organizational paradigm for providing of information security
DOI:
https://doi.org/10.20535/2411-1031.2018.6.1.153133Keywords:
Information security, providing of information security, theory of governance, theory of systems, theory of organizationsAbstract
The theoretical and methodological bases of application of organizational governance theories for ensuring information security are researched. The basic terms concerning systems and their classifications, process of governance and its function, theory, process and organization are considered. The main provisions concerning the theory of governance, the theory of systems, the theory of organizations, which give the opportunity to establish the basis of a scientific approach for the sustainable functioning of organizations, in particular those working in the field of information security, are generalized. The classical approaches to the formation of the scientific fundamentals of the theory of systems, the theory of organizations and the theory of governance for ensuring information security are analyzed. The focus is on the combination of the indicated theories. This formulates the requirements and documented the rules for effective and resultative management of information security organizations of different types, different status, any sphere of activity. The peculiarities of the application of organizational theories of governance to information security management are established. For information classified in Ukraine as restricted information, the best and most effective mechanisms for protecting critical information should be applied. The combination of classical theories enables it to be realized in the information security policies (rules). To date, two organizational governance theories are well-known in Ukraine, which are implemented by organizations in support of the implementation of the rules for the protection of critical information. The first is the information security management system, developed on the basis of a series of international standards ISO/IEC 27k. Another is the comprehensive information security system, which must be applied by Ukrainian enterprises of all forms of ownership and subordination, where circulating information with restricted access. Unlawful access to the specified information may harm citizens, organizations (legal entities) and the state. These systems are an effective tool used by organizations where there are particularly high requirements for working with documents containing critical information. The result of the practical application of organizational governance theories for the organizations of Ukraine's sphere of information protection is a more efficient and effective provision of information security.
References
M. Tulenkov, “Cooperating sociology as a subject area management”, Social Psychology, no. 1 (21), pp. 12-25, 2007.
V. P. Popov, and I. V. Kraynyuchenko, “The concept of “system””, Management and personal: Psychology management, sociology and socionics, no. 5-6, pp. 71-80, 2016.
V. V. Domarev, and D. V. Domarev, Management of information security in banks (Theory and practical implementation of standards series ISO 27k). Donets’k, Ukraine: WS “Vеlstar”, 2012.
L. Gordon, and M. Loeb, “The economics of information security investment”, ACM Transactions on information and system security, vol. 5, no 4, pp. 438-457, Nov. 2002.
L. Gordon, and M. Loeb, “Return on information security investment: myths vs. reality”, Strategic Finance, pp. 26-31, Nov.2002.
D.V. Моlоdtsоv, “Моdel of the Gross”, Zhurnal Vychislitel’noi Matematiki i Matematicheskoi Fiziki, vol. 2, no. 12, pp. 309-320, 1972.
I. I. Kargin, Systemology: Theory, Methodology, Practice. Moscow, Russia: SEIHPE “MGUS”, 2007.
V. V. Godin, and I. K. Korneev, Information support for management activities. Moscow, Russia: Higher School, 2001.
N.T. Zadorozhna, and K.M. Lavrischeva, Document management information systems education (Colleges and for PPO). Kyiv, Ukraine: DUT, 2011.
G. I. Balibardina, Document management and documentation support of management. Volgograd, RF: Volg. GU, 2002.
D. A. Novikov, Theory of governance of organizational systems. Moscow, Russia: MPSI, 2005.
B. Andersen, Business-Processes. Improvement tools. Moscow, Russia: RIA “Standards and Quality”, 2003.
V. V. Kondratiev, and M. N. Kuznetsov, We show business processes from the company's process model to the procedural rules. Moscow, Russia: Eksmo, 2008.
V. V. Repin, and V. G. Eliferov, Process approach to governance. Modeling of business processes. Moscow, Russia: RIA “Standards and Quality”, 2004.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2020 Collection "Information technology and security"
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors that are published in this collection, agree to the following terms:
- The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
- The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
- Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).
