Проблеми та перспективи оцінювання інформаційної безпеки підприємств за динамічних умов господарювання

Abstract

Стаття присвячена дослідженню проблем, потенційних можливостей оцінювання інформаційної безпеки підприємств за динамічних умов господарювання. На основі проведеного огляду наукових досліджень за тематикою можна виокремлено ключові проблеми оцінювання інформаційної безпеки. Запропоновано агреговану економіко-математичної моделі, яка включає розширений набір індикаторів, методику їх нормалізування, агрегування, формули для даних розрахунків, рекомендації щодо валідування і практичного впровадження/використання.

The article is devoted to the study of problems and potential opportunities for assessing the information security of enterprises in dynamic economic conditions. The research uses methods of analysis and synthesis. Based on a review of scientific research on the subject, key problems in assessing information security can be identified. An aggregated economic-mathematical model is proposed, which includes an extended set of indicators, methods for their normalisation and aggregation, formulas for these calculations, recommendations for validation and practical implementation/use. The purpose of the proposed model is to obtain an integrated quantitative assessment of the level of information security of an enterprise (with an indication of the scale of this assessment, as a generally accepted option: from «0» to «100»), which will take into account technical, organisational, legal, human, operational (resilience) components and will be suitable for comparisons, monitoring and prioritisation of measures. Assessing the information security of enterprises (at the enterprise level) in dynamic (and sometimes even highly dynamic) economic conditions requires a departure from traditional formal approaches and a gradual transition to comprehensive, adaptive, risk-oriented methodologies. An important task is to develop integrated indicators that reflect the level of security not only from a technical point of view, but also from an organisational, legal, personnel and other points of view. A promising area of research is the creation of a unified assessment methodology that will enable the comparison of different enterprises and the integration of information security assessment (the assessment process) into the overall economic security system. The implementation of these approaches will enable enterprises not only to identify and neutralise threats in a timely manner, but also to ensure long-term stability and competitiveness. The expected results of implementation will be as follows: increased business resilience to external information threats, reduced risk of confidential information loss, protection of business reputation and customer bases, and increased trust among consumers, partners, investors and other stakeholders.