DECISION SUPPORT SYSTEM FOR INCREASING THE LEVEL OF INFORMATION SECURITY OF THE ENTERPRISE
DOI:
https://doi.org/10.31649/1999-9941-2022-53-1-12-18Keywords:
information security of enterprises, threats to information security, information security policy, decision support system, ER-modellingAbstract
The article proposes a decision support system (DSS) to increase the level of information security of domestic enterprises, which allows individual selection of methods and tools of such a policy based on expert data, as well as taking into account the wishes of the business entity. Its structure was determined and substantiated; program implementation of such DSS for adaptive selection of methods and means of information security policy was carried out. The main functions of such DSS to increase the level of information security of the enterprise are: user authentication; assessment by an independent information security expert of the priority of protection against possible or potential threats; the ability of the user to choose the most common threats to the company for which it is necessary to take specific protection; offer the user the most appropriate methods of information security policy, taking into account all his wishes; dynamic data update to monitor the latest security methods. The scientific novelty of the obtained results is that it was developed for the first the DSS which allows to increase the level of information security of the enterprise by means of system technique and ER-modelling and to select individual methods and tools of information security policy of enterprise based on the wishes of the entrepreneur and expert assessments text.
References
Rozporyadzh. Kab. Ministriv Ukrayiny vid 03.03.2021 r. № 167-r, Pro skhvalennya Kontseptsiyi rozvytku tsyfrovykh kompetentnostey ta zatverdzhennya planu zakhodiv z yiyi realizatsiyi [Order of the Cabinet of Ministers of Ukraine dated 03.03.2021 № 167-r, On approval of the Concept of development of digital competencies and approval of the action plan for its implementation]. Available at: https://zakon.rada.gov.ua/laws/show/167-2021-r#Text [in Ukrainian].
Rozporyadzh. Kab. Ministriv Ukrayiny vid 17.01.2018 r. № 67-r : stanom na 17 veres. 2020 r, Pro skhvalennya Kontseptsiyi rozvytku tsyfrovoyi ekonomiky ta suspil'stva Ukrayiny na 2018-2020 roky ta zatverdzhennya planu zakhodiv shchodo yiyi realizatsiyi [Order of the Cabinet of Ministers of Ukraine dated January 17, 2018 № 67-r: as of September 17. 2020, On approval of the Concept of Development of the Digital Economy and Society of Ukraine for 2018-2020 and approval of the action plan for its implementation]. Available at: https://zakon.rada.gov.ua/laws/show/67-2018-r#Text [in Ukrainian].
Bohush, V. M., Yudin, O. K. Informatsiyna bezpeka derzhavy [Information security of the state]. Kyiv, “MK-Pres” Publ., 2005. 432 p. [in Ukrainian].
Holubenko, O. L., Khoroshko, V. O., Petrov , O. S., Holovan', S. M., Yaremchuk, Yu. Ye. Polityka informatsiynoyi bezpeky [Information security policy]. Luhansk, SNU im. V. Dalya Publ., 2010. 208 p. [in Ukrainian].
Lenkov S.V., Peregudov D.A., Khoroshko V.A. Metody i sredstva zashchity informatsii. V 2-kh tomakh. Tom І. Nesanktsionirovannoe poluchenie informatsii [Methods and means of information protection. In 2 volumes. Volume I. Unauthorized receipt of information]. Kyiv, Arii Publ., 2008. 464 p. [in Russian].
Lenkov S.V., Peregudov D.A., Khoroshko V.A. Metody i sredstva zashchity informatsii. V 2-kh tomakh. Tom ІІ. Informatsionnaya bezopasnost' [Methods and means of information protection. In 2 volumes. Volume II. Information Security]. Kyiv, Arii Publ., 2008. 344 p. [in Russian].
ISO 9000:2015 Quality management systems − Fundamentals and vocabulary. Available at: https://www.iso.org/ru/standard/45481.html (аccessed 04.01.2022).
ISO 14001:2015 Environmental management systems − Requirements with guidance for use. Available at: https://www.iso.org/standard/60857.html (аccessed 04.01.2022).
ISO/IEC 27000:2018 Information technology − Security techniques − Information security management systems − Overview and vocabulary. Available at: https://www.iso.org/standard/73906.html (аccessed 04.01.2022).
ISO/IEC 27001:2013 Information technology − Security techniques − Information security management systems − Requirements. Available at: https://www.iso.org/standard/54534.html (аccessed 01.12.2022).
Kormych, B. A. Orhanizatsiyno-pravovi osnovy polityky informatsiynoyi bezpeky Ukrayiny: Avtoref. dys. … d-ra yuryd. nauk [Organizational and legal bases of information security policy of Ukraine. Avtoref. diss. … doct. jurid. sci.]. Kharkiv, Natsional'nyy universytet vnutrishnikh sprav. Publ., 2004. 42 p. [in Ukrainian].
Hnatiyenko, H.M., Snytyuk V.Ye. Ekspertni tekhnolohiyi pryynyattya rishen' [Expert decision-making technologies]. Kyiv, TOV «Maklaut» Publ., 2008. 444 p. [in Ukrainian].
Kihel', V. R. Metody i modeli pidtrymky pryynyattya rishen' u rynkoviy ekonomitsi [Methods and models of decision support in a market economy]. Kyiv, TsUL Publ., 2003. 202 p. [in Ukrainian].
Bidyuk, P. I., Korshevnyuk, L. O. Proektuvannya komp"yuternykh informatsiynykh system pidtrymky pryynyattya rishen' [Design of computer information systems for decision support]. Kyiv, NNK „IPSA” NTUU „KPI” Publ., 2010. 340 p. [in Ukrainian].
Downloads
-
PDF (Українська)
Downloads: 293