MANAGEMENT OF INFORMATION RISKS OF THE ENTERPRISE IN THE CONDITIONS OF DIGITALIZATION
Yurchuk Natalia – Candidate of Economic Sciences, Associate Professor of the Department of Computer Science and Economic Cybernetics, Vinnytsia National Agrarian University (21008, 3 Sonyachna st, Vinnytsia, е-mail: firstname.lastname@example.org).
The features of modern information risk management are considered and analyzed in the article. The influence of digitalization of enterprises on information security is analyzed.
Approaches to the interpretation of the definition of "information risk" are analyzed. It is indicated that information risks arise primarily from the creation, transmission, storage, processing, use of information in practical activities using digital media and other information and communication means. The purpose of risk management of information risks of the enterprise is to minimize the costs of counteracting information risks and the overall losses from them. Information risks include risks of internal and external fraud, unauthorized use of company resources, breach of confidentiality, integrity and reliability of information, etc.
The proposed information risk management system provides for the implementation of such procedures as identification of information risks, analysis of information risks, selection and implementation of the method of reducing information risks, control of information risks.
It has been found that it is advisable to use models based on international standards when modeling information threats. Popular practices used in practice are based on standards such as ISO / IEC 27005: 2011, NIST SP800-30, EBIOS, OCTAVE.
It is determined that quantitative calculation of risk situations is used first of all when it is necessary to choose the optimal variant of solving a risk situation. Enterprise information risk management techniques include organizational and technological measures.
It is established that the methods of information risk management of the enterprise include organizational and technological measures. Organizational methods of risk reduction include: risk aversion, loss prevention, loss minimization, transfer of risk control, risk sharing method, information seeking, control or risk management. Technology measures include the accumulation of risk information, their assessment and analysis, ranking and informing management about the implementation of risks and the likelihood of their occurrence, the use of modern data protection systems (obstruction, access control, masking, regulation, etc.).
It is established that the choice of information risk management methodology in each individual case depends on the specific activity of the enterprise.
1. Kaletnik H., Kozlovs'kyj S. & Kozlovs'kyj V. (2012) Stijkist' ekonomiky iak faktor bezpeky ta rozvytku derzhavy [Economic stability is a factor of security and development of the state]. Ekonomika Ukrainy – Economy of Ukraine, 7. pp. 16-25 [in Ukrainian].
2. Natorina A.O. (2017) Dominanty tsyfrovoi transformatsii ekonomiky krainy [Digital transformation dominants of the of the country’s economy]. Naukovyj visnyk Poltavs'koho universytetu ekonomiky i torhivli. Seriia : Ekonomichni nauky – Scientific Bulletin of Poltava University of Economics and Trade. Series: Economic Sciences. 5. pp. 146-151 [in Ukrainian].
3. Okhrimenko A.O. (2011) Vyznachennia poniat' ryzyk i upravlinnia ryzykamy v sferi informatsijnoi bezpeky [Definition of risk concepts and risk management in information security]. Systemy obrobky informatsii – Information processing systems, 7 (97). pp. 133-134 [in Ukrainian].
4. Honcharuk I.V. (2013) Aspekty sutnosti j otsinky efektyvnosti ahrarnoi pidpryiemnyts'koi diial'nosti [Aspekty sutnosti j otsinky efektyvnosti ahrarnoi pidpryiemnyts'koi diial'nosti]. Ahroinkom – Ahroinkom. 7-9. pp. 100-103 [in Ukrainian].
5. Kislov D.V. (2015) Informatsijni ryzyky upravlins'kykh system. [Information risk of management systems]. Molodyj vchenyj – Young Scientist, 7(2), pp. 144-147 [in Ukrainian].
6. Koliadenko S.V. (2011) Strukturna transformatsiia v hospodars'kykh kompleksakh APK rehionu [Structural transformation of economic systems of agriculture in the region]. Zbirnyk naukovykh prats' VNAU. Seriia: Ekonomichni nauky – Collection of scientific works of VNAU. Series: Economic Sciences. 2 (53). Vol. 3. pp. 181-187 [in Ukrainian].
7. Sajt Opendatabot. Servis monitorynhu reiestratsijnykh danykh ta sudovoho reiestru dlia zakhystu aktyviv [Registration and court monitoring service for asset protection]. Retrieved from https://opendatabot.ua/ [in Ukrainian].
8. Artyschuk I.V. (2011) Pidkhody do pobudovy karty ryzykiv na osnovi vrakhuvannia vplyvu bazovykh faktoriv na diial'nist' torhovel'noho pidpryiemstva [Approacher to the construction of maps based on risk of incorporation of factors for trading enterprises]. Torhivlia, komertsiia, pidpryiemnytstvo: zbirnyk naukovykh prats' – Trade, commerce, entrepreneurship: a collection of scientific works. Vol. 13. pp. 101-107 [in Ukrainian].
9. Kiseleva I.A. & Iskadzhjan S.O. (2017) Upravlenie informacionnymi riskami v biznese [Information risk management in business]. Innov: jelektronnyj nauchnyj zhurnal – Innov: an electronic scientific journal, 1 (30). Retrieved from http://www.innov.ru/science/economy/upravlenie-informatsionnymi-riskami/ [in Russian].
10. Kozlova E.A. (2013) Ocenka riskov informacionnoj bezopasnosti s pomoshh'ju metoda nechetkoj klasterizacii i vychislenija vzaimnoj informacii [Assessing information security risks using the fuzzy clustering method and the calculation of mutual information]. Molodoj uchjonyj – Young scientist. 5. pp. 154-161. Retrieved from https://moluch.ru/archive/52/6967/ [in Russian].
11. Fedulova I.V. (2019) Stratehiia ryzyk-menedzhmentu [Risk management strategy]. Menedzhment ta pidpryiemnytstvo v Ukraini: etapy stanovlennia i problemy rozvytku – Management and Entrepreneurship in Ukraine: Stages of Formation and Problems of Development. Vol. 1. pp. 65-74 [in Ukrainian].
12. Chunar'ova A.V., Parkhomenko I.I. & Saschuk I.I. (2014) Analiz pidkhodiv ta prohramnykh rishen' otsinky i kontroliu informatsijnykh ryzykiv v komp'iuteryzovanykh systemakh [Analysis of approaches and software solutions for information risk assessment and control in computer systems]. Visnyk Inzhenernoi akademii Ukrainy – Bulletin of engineering academy of Ukraine, Vol. 2, pp. 138-142 [in Ukrainian].
13. DSTU ISO/IEC 27005:2015 Informatsijni tekhnolohii. Metody zakhystu. Upravlinnia ryzykamy informatsijnoi bezpeky [DSTU ISO / IEC 27005: 2015 Information technology. Methods of protection. Information security risk management]. Retrieved from http://online.budstandart.com/ua/catalog/doc-page.html?id_doc=66912 [in Ukrainian].
14. Buchyk S.S. & Mel'nyk S.V. (2015) Metodyka otsiniuvannia informatsijnykh ryzykiv v avtomatyzovanij systemi [Methods of estimation of informative risks in automated system]. Problemy stvorennia, vyprobuvannia, zastosuvannia ta ekspluatatsii skladnykh informatsijnykh system: zbirnyk naukovykh prats' – Problems of creation, testing, application and operation of complex information systems: a collection of scientific works. Vol. 11. pp. 33-43 [in Ukrainian].
15. Kuznietsova N.V. (2018) Finansovyj ryzyk-menedzhment z urakhuvanniam informatsijnykh ryzykiv [Financial risk management based on information risks]. Reiestratsiia, zberihannia i obrobka danykh – Registration, storage and processing of data. Vol. 1, pp. 30-39 [in Ukrainian].
16. Lipaev V.V. (2004) Funkcional'naja bezopasnost' programmnyh sredstv [Functional safety of software]. M.: SINTEG 348 p. [in Russian].
17. Polozhennia pro orhanizatsiiu systemy upravlinnia ryzykamy v bankakh Ukrainy ta bankivs'kykh hrupakh. Postanova Pravlinnia Natsional'noho banku Ukrainy 11.06.2018. 64. Retrieved from https://zakon.rada.gov.ua/laws/show/v0064500-18/ed20180611#n34 [in Ukrainian].
18. Kuznietsova N.V. (2014) Deiaki aspekty minimizatsii informatsijnykh ryzykiv u bankivs'kij diial'nosti [Some aspects of minimizing information risks in banking]. Systemni doslidzhennia ta informatsijni tekhnolohii – System research & information technologies. 1. pp. 7-19 [in Ukrainian].
19. ISO/IEC GUIDE 73:2002. Risk management-Vocabulary – Guidelines for use in standards. International Organization for Standardization (2002). Retrieved from https://www.iso.org/standard/34998.html [in Switzerland].
20. Korets'ka O.V. (2016) Metody znyzhennia ryzykiv iak zasib zabezpechennia konkurentospromozhnosti pidpryiemstv [Risk mitigation methods as a means of ensuring the competitiveness of enterprises]. Retrieved from: https://www.kpi.kharkov.ua/archive/MicroCAD/2016/S23/s256.pdf [in Ukrainian].
21. Denysenko A.V. (2014) Rol' ta mistse kontroliu v protsesi upravlinnia ryzykamy na turystychnykh pidpryiemstvakh [Role of control in risk management in the travel companies]. Ekonomika i rehion – Economy and region. 2, pp. 81-85 [in Ukrainian].
071 Accounting and taxation
072 Finance, banking and insurance
076 Business, trade and exchange activities
241 Hotel, restaurant and catering
281 Public administration
The journal “Economy, finances, management: Topical issues of science and practice” is included in the "List of Scientific Professional Editions of Ukraine".
The scientific edition is assigned the Category "Б" in the field of economics in specialties 051, 071, 072, 073, 075, 076, 241, 281
The journal “Economy, finances, management: Topical issues of science and practice” has a Digital Object Identifier (DOI)
The journal “Economy, finances, management: Topical issues of science and practice” is indexed in such database as Index Copernicus Value (https://journals.indexcopernicus.com/search/form)
The editorial board of the journal is guided by the principles of scientific, objectivity, professionalism, informational support of the most significant innovative researches, observance of standards of publishing ethics.
The purpose of the journal "Economics, finances, management: Topical issues of science and practical activity» is the coverage of leading scientific ideas in the economic, financial and management activities of the sectors of the national economy and the involvement of representatives of the domestic and foreign scientific professional community.
Objectives of the journal:
- publication of research findings on innovation in the economy, financial and management spheres, innovation of production processes;
- expanding partnerships with international scientific publishing organizations;
- enhancing the culture of reviewing and annotating published material;
- adherence to editorial ethics.
Article publishing is a paid service. Cost for printing in professional publications in accordance with the Decree of the Cabinet of Ministers of Ukraine of August 27, 2010 No. 796 "On approval of the list of paid services that can be provided by state educational institutions, other institutions of the educational system belonging to state and communal ownership" and the order Rector of the Higher Education University Mazura VA dated March 14, 2018 No. 93 “On setting the cost of printing in professional editions of the University”.
The cost of printing one page in professional editions of the university is 60 UAH.
An additional copy of the magazine with the mailing list costs 250 UAH.
Recipient: Vinnytsia National Agrarian University MFO 820172 Current account No. 31256282102055 Code 00497236 Bank State Treasury Service of Ukraine, Kyiv. VAT payer code 004972302286. Registration number 100271744. Purpose of payment: for printing an article in the journal: ”Economy, finances, management: Topical issues of science and practical activity "
It was founded in 1997 under the name "Bulletin of the Vinnytsia State Agricultural Institute". In 2010-2014 he was published under the title “Collection of scientific works of Vinnitsa National Agrarian University”.
From 2015 ”Economy, finances, management: Topical issues of science and practical activity” (Certificate of State Registration of Mass Media No. 21154-10954 of PR as of December 31, 2014)
The journal is the successor to the edition ”Collection of Scientific Papers of Vinnytsia National Agrarian University. Series: Economic Sciences. "