scholarly journals Conceptual principles for ensuring effective protection of information in the context of economic security of the enterprise

2020 ◽  
pp. 84-92
Author(s):  
A.V. Pecheniuk
Keyword(s):  
Information Security ◽  
Information And Communication Technologies ◽  
Security Policy ◽  
Criminal Responsibility ◽  
Economic Security ◽  
Information Policy ◽  
Security System ◽  
Theory And Practice ◽  
Confidential Information ◽  
Information Security Policy

The necessity of formation of an effective information security system of the enterprise is substantiated. It is emphasized that when designing an information policy, the firm must comply with the requirements of the current legislation, take into account the level of technical support, especially the regulation of employees' access to confidential information, etc. It is stated that the costs of organizing information security measures should be appropriate to its value. The article identifies major threats that could be breached by confidential information. The list of the main normative legal acts aimed at bringing to civil, administrative and criminal responsibility for illegal collection, disclosure and use of information constituting a trade secret. The main stages of building an information security policy are summarized, the most common types of information threats related to the use of modern computer technologies are described. The necessity of developing a domestic original accounting (management) program that could be used in the long term by the vast majority of Ukrainian enterprises is pointed out. There are three groups of tools that are applied in the theory and practice of information security of the enterprise (active, passive and combined), emphasizing the need for planning and continuous monitoring in real time of all important processes and conditions that affect data security. It is noted that even if the information security system is built taking into account all modern methods and means of protection, it does not guarantee one hundred percent protection of the information resources of the enterprise, but a well-designed information security policy allows to minimize the corresponding risks. Key words: information security, information policy, information security, confidential information, information threats, information and communication technologies, software.

scholarly journals Information Policy and Information Security of PRC: Development, Approaches and Implementation

2020 ◽  
Vol 20 (2) ◽  
pp. 382-394
Author(s):  
Tatyana Ivanovna Ponka ◽  
Mirzet Safetovich Ramich ◽  
Yuyao Wu
Keyword(s):  
Foreign Policy ◽  
Information Security ◽  
International Relations ◽  
Information And Communication Technologies ◽  
Policy Development ◽  
Information Policy ◽  
Security System ◽  
Asia Pacific ◽  
Republic Of China

The subject of the study is the new course of the PRC information policy, which was launched by the Fifth generation of the PRC leaders after the 18th Congress of the Chinese Communist Party in 2012. As a result, after the 18th Congress of the CPC was started the implementation of the Strong cyberpower strategy, which implies not only ensuring cyber security in the country, but also the usage of network resources to develop the national economy. Chinas new information policy was caused by the sharply increased role of information and communication technologies in international processes and the shift in the focus of international relations to the Asia-Pacific region. The PRCs information policy is based on the most advanced technologies in the IT sphere and the cooperation with private companies on regulating external and internal information security. The relevance of the research topic is due to the increasing role of ICT in international processes. In this context, the most important are the positions of the leading countries of the world to regulate this area, as well as the mechanisms and tools used by them. The Peoples Republic of China is one of the leaders in the field of scientific and technical developments and actively uses its achievements to accomplish tasks in the field of domestic and foreign policy. In this regard, the purpose of the study is to analyze and compare the development strategies of the PRC information policy and the resources that are necessary for their implementation. The unique network landscape, which was formed under the influence of government policy on control over published content and the sharing of digital services market among the three largest information corporations (Baidu, Tencent and Alibaba), has become an essential part of the countrys information security system and requires detailed study. The purpose of the article is to identify the evolution of Chinas information policy development strategy and resources for its implementation. This article also discusses the threats to the information security of the Peoples Republic of China and analyzes the approaches to ensuring it. The results of the study are the conclusions that show the role and place of information policy in the PRC foreign policy, the structure of the information security system and strategic approaches to the regulation of international relations in cyberspace.

scholarly journals Power Distance as a Variable in Assessing Employees' Behavior towards Information Security Policy Compliance in a High-Power Distance Society: An Exploratory Study

2021 ◽  
Vol 12 (04) ◽  
Author(s):  
Erasmus Etim ◽  
Kevin Streff ◽  
Insu Park ◽  
Pam Rowland
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Rational Choice Theory ◽  
Choice Theory ◽  
Power Distance ◽  
Theory And Practice ◽  
Policy Compliance ◽  
Information Security Policy ◽  
Information Security Policy Compliance ◽  
Security Policy Compliance

Information security is a concern of every business, therefore the need for employees to comply with a policy that would protect the organization's assets.  The model developed for this research was based on Protection Motivation Theory, Theory of Planned Behavior, and Rational Choice Theory.  There were 129 responses from Nigeria used to validate the model.  The data analysis using PLS-SEM resulted in these findings: self-efficacy, normative beliefs, and power distance were significant, therefore impacting.  Therefore, not significant descriptive norms did not positively impact intention to comply with information security policy.  Power distance was impactful on employees' intention to comply with information system policy and contributed to theory and practice; respondents chose to do right by their intention to comply with information security policy.  Training and managerial oversight in policy compliance are significant since those actions would help protect the organization's information.  The analysis showed the adverse effect of a high correlation between indicators of different constructs.

scholarly journals Method and technique of formal design of complex information security system in information and telecommunication systems

Radiotekhnika ◽  
2020 ◽  
pp. 91-96
Author(s):  
R.Y. Gvozdov ◽  
R.V. Oliynykov
Keyword(s):  
Information Processing ◽  
Information Security ◽  
Security Policy ◽  
Security System ◽  
Telecommunication System ◽  
Information Security Policy ◽  
Complex Information ◽  
Telecommunication Systems ◽  
Formalized Description ◽  
Formal Design

The aim of the article is to develop a methodology for the formal design of the complex information security system in information and telecommunication systems. At the moment, there are no methods for the formal design of complex information security system in information and telecommunication systems, so the development of such a methodology is an urgent task. The article discusses the methods of formalized modeling of information security policy and methods of formalized description of the information and telecommunications system and information processing processes. The necessity of formal design of complex information security system is substantiated and the requirements for the development of formal descriptions of an integrated information security system in accordance with regulatory documents in the field of technical protection of information are described. The comparative characteristics of the methods of formalized modeling of information security policy and methods of formalized description of the information and telecommunication system and information processing processes are given. As a result of the comparison, it is proposed to use the UML method for the formal description of the information-telecommunication system, and the UMLsec method for the security policy modeling. An algorithm for the formation of a complex of protection facilities in an information and telecommunications system is proposed from a formal model of security policy and from a formalized description of an information and telecommunications system and information processing processes.

scholarly journals The Relevance of Information Security Policy in the Logical Part of the Company

2019 ◽  
Vol 7 (11) ◽  
pp. 721-931
Author(s):  
Igor Da Silva Corocher ◽  
Barbara Lopes Felsenthal ◽  
Bruno Pereira Gonçalves ◽  
Jean Mark Lobo de Oliveira ◽  
Rilmar Pereira Gomes ◽  
...  
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Information Policy ◽  
Economic Sector ◽  
Data Loss ◽  
Information Security Policy ◽  
Level Of Knowledge ◽  
A Company ◽  
Logical Part

The objective of this research is to analyze the relevance of the information security policy in the logical part of the company. It will be used data obtained from research conducted within various companies, which demonstrate the level of knowledge of employees and some wrong measures they taken which ended up harming the company. It will be possible to check not only the weight that an information policy has within any economic sector, but also to point out which areas of the company are most prone to data loss/theft. One of the most valuable assets in any business, is information, that is, data that is generated through trades made, revenue generated, productivity, etc., and however small the information seems, to the market it can be extremely relevant and the leakage of this information, due to a failure or lack of security, can lead to the bankruptcy of a company.

scholarly journals Determination of optimal access level to confidential information in industry.

2015 ◽  
Vol 2015 (3) ◽  
pp. 135-138 ◽  
Author(s):  
Наталия Кузнецова ◽  
Nataliya Kuznetsova ◽  
Татьяна Карлова ◽  
Tatyana Karlova ◽  
Александр Бекмешов ◽  
...  
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Access Control ◽  
Control Systems ◽  
Security Policy ◽  
Confidential Information ◽  
Information Security Policy

Complicated information systems are used on modern factories, which proposed to apply of access control systems. The article is devoted to determination of optimal access levels count in depend on information security policy and factory size

scholarly journals Validity of information security policy models

2004 ◽  
Vol 16 (3) ◽  
pp. 263-274 ◽  
Author(s):  
Joshua Onome Imoniana
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Security Policy ◽  
Chief Executive ◽  
Theoretical Models ◽  
Information Security Policy ◽  
Security Officer ◽  
Continuity Planning ◽  
Policy Models ◽  
Inclusive Business

Validity is concerned with establishing evidence for the use of a method to be used with a particular set of population. Thus, when we address the issue of application of security policy models, we are concerned with the implementation of a certain policy, taking into consideration the standards required, through attribution of scores to every item in the research instrument. En today's globalized economic scenarios, the implementation of information security policy, in an information technology environment, is a condition sine qua non for the strategic management process of any organization. Regarding this topic, various studies present evidences that, the responsibility for maintaining a policy rests primarily with the Chief Security Officer. The Chief Security Officer, in doing so, strives to enhance the updating of technologies, in order to meet all-inclusive business continuity planning policies. Therefore, for such policy to be effective, it has to be entirely embraced by the Chief Executive Officer. This study was developed with the purpose of validating specific theoretical models, whose designs were based on literature review, by sampling 10 of the Automobile Industries located in the ABC region of Metropolitan São Paulo City. This sampling was based on the representativeness of such industries, particularly with regards to each one's implementation of information technology in the region. The current study concludes, presenting evidence of the discriminating validity of four key dimensions of the security policy, being such: the Physical Security, the Logical Access Security, the Administrative Security, and the Legal & Environmental Security. On analyzing the Alpha of Crombach structure of these security items, results not only attest that the capacity of those industries to implement security policies is indisputable, but also, the items involved, homogeneously correlate to each other.

Sign in / Sign up

Export Citation Format

Share Document