Russian Federation
The relevance of this research is determined by the increasing role of information as a strategic resource and a tool of geopolitical confrontation, which requires the development of scientifically based approaches to the formation and implementation of an information security strategy. The aim of the article is to develop a sketch of a systems approach to defining an information security strategy as a model of management actions aimed at achieving the goals of ensuring security in the information sphere. In this paper, strategy is considered as a complex system, including subsystems of information security policies, internal standards and regulations. A classification of strategies by management levels (global, portfolio and functional), as well as by the object of security (conceptual, systemic and object strategies) is proposed. The behavioral essence of strategy as a model of an organization's activity, implemented through a set of management decisions is revealed. The feasibility of applying a risk-oriented approach and an information security risk management cycle, including situational analysis, decision-making, planning, implementation of measures and performance evaluation, is substantiated. In addition, a model for assessing the maturity of information security management processes based on a tiered approach is proposed. Prospects for further research are related to the in-depth development of methodology for the formation of information security strategies, the development of tools for assessing their effectiveness, as well as the study of the relationship between strategy, public policy and economic factors in the context of the development of the information society.
strategy, information security, risks, risk management
1. Bol'shoj enciklopedicheskij slovar' / gl. red. A.M. Prohorov. M.: Sovetskaya enciklopediya; SPb.: Fond «Leningr. Galereya», 2002. 1628 s.
2. O Strategii nacional'noj bezopasnosti Rossijskoj Federacii: Ukaz Prezidenta Ros. Federacii ot 2 iyulya 2021 g. № 400. Dostup iz sprav.-pravovoj sistemy «Konsul'tantPlyus».
3. O Strategii razvitiya informacionnogo obshchestva v Rossijskoj Federacii na 2017–2030 gody: Ukaz Prezidenta Ros. Federacii ot 09 maya 2017 g. № 203. Dostup iz sprav.-pravovoj sistemy «Konsul'tantPlyus».
4. Eskiz sistemnogo podhoda k formirovaniyu ponyatijnogo apparata informacionnoj bezopasnosti / M.A. Vus [i dr.] // Informatizaciya i svyaz'. 2012. № 9. S. 7–15. EDN PUQQQL.
5. Shakin D.N. Eskiz sistemnogo podhoda k opredeleniyu sushchnosti i soderzhaniya informacionnoj bezopasnosti // Informacionnye tekhnologii i telekommunikacii. 2013. T. 1. № 3. S. 52–60. EDN RUMBWH.
6. Ansoff I. Strategicheskij menedzhment. Klassicheskoe izdanie. SPb.: Piter, 2009. 344 s.
7. Informacionnaya bezopasnost': monografiya / S.M. Docenko [i dr.]. M.: Oruzhie i tekhnologii, 2009. 256 s.
8. Bujnevich M.V., Matveev A.V., Smirnov A.S. Aktual'nye problemy podgotovki specialistov v oblasti informacionnoj bezopasnosti MChS Rossii i konstruktivnye podhody k ih resheniyu // Nauchno-analiticheskij zhurnal «Vestnik Sankt-Peterburgskogo universiteta Gosudarstvennoj protivopozharnoj sluzhby MChS Rossii». 2022. № 3. S. 1–17. EDN OGPXZX.
