DEVELOPING THE INFORMATION SECURITY POLICY OF A PRIVATE ENTERPRISE
DOI:
https://doi.org/10.31891/2219-9365-2024-79-10Keywords:
information security policy, methods and means of information protectionAbstract
Based on the analysis of the main provisions of the information protection theory, it was established that in order to create an information security policy, it is necessary to develop a number of documents and instructions aimed at information protection. And in no case should stop at one method of information protection, otherwise data protection will be at risk. Data protection must be comprehensive. The comprehensive policy of information security covers the development, production and installation of technical means of protection, as well as regular inspections of the information equipment used. The development of this policy is as follows: identification of deficiencies in the company's current information protection; identification of types of threats that may arise as a result of deficiencies in the protection of information systems of the enterprise; selection of methods and ways of solving existing problems.
As a solution, a set of measures was developed, which consists of administrative decisions that regulate the possibility of information leakage due to the influence of the human factor. Based on the analysis of the main methods and means of information protection, it was established that organizational and legal methods and means of information protection should be aimed at countering threats to information security, reducing risks and effectively handling incidents in order to ensure a sufficient level of data protection for a long time. The evaluation of the effectiveness of the proposed measures through economic substantiation proved their feasibility of implementation in the organization.
