Issue №: 1 (51)
The journal deals with the issues of efficiency of functioning of the national economics and organizational forms of management of the national economy. Attention is paid to the problems of marketing, management and efficiency of production and economic activity of agrarian enterprises. The issues of public administration and administration, accounting and taxation, banking and insurance, forecasting and modeling of economic processes, foreign economic activity, commodity flows of economic entities and their infrastructure support.
MANAGEMENT OF INFORMATION RISKS OF THE ENTERPRISE IN THE CONDITIONS OF DIGITALIZATION
Yurchuk Natalia – Candidate of Economic Sciences, Associate Professor of the Department of Computer Science and Economic Cybernetics, Vinnytsia National Agrarian University (21008, 3 Sonyachna st, Vinnytsia, е-mail: urnata@vsau.vin.ua).
The features of modern information risk management are considered and analyzed in the article. The influence of digitalization of enterprises on information security is analyzed.
Approaches to the interpretation of the definition of "information risk" are analyzed. It is indicated that information risks arise primarily from the creation, transmission, storage, processing, use of information in practical activities using digital media and other information and communication means. The purpose of risk management of information risks of the enterprise is to minimize the costs of counteracting information risks and the overall losses from them. Information risks include risks of internal and external fraud, unauthorized use of company resources, breach of confidentiality, integrity and reliability of information, etc.
The proposed information risk management system provides for the implementation of such procedures as identification of information risks, analysis of information risks, selection and implementation of the method of reducing information risks, control of information risks.
It has been found that it is advisable to use models based on international standards when modeling information threats. Popular practices used in practice are based on standards such as ISO / IEC 27005: 2011, NIST SP800-30, EBIOS, OCTAVE.
It is determined that quantitative calculation of risk situations is used first of all when it is necessary to choose the optimal variant of solving a risk situation. Enterprise information risk management techniques include organizational and technological measures.
It is established that the methods of information risk management of the enterprise include organizational and technological measures. Organizational methods of risk reduction include: risk aversion, loss prevention, loss minimization, transfer of risk control, risk sharing method, information seeking, control or risk management. Technology measures include the accumulation of risk information, their assessment and analysis, ranking and informing management about the implementation of risks and the likelihood of their occurrence, the use of modern data protection systems (obstruction, access control, masking, regulation, etc.).
It is established that the choice of information risk management methodology in each individual case depends on the specific activity of the enterprise.
1. Kaletnik H., Kozlovs'kyj S. & Kozlovs'kyj V. (2012) Stijkist' ekonomiky iak faktor bezpeky ta rozvytku derzhavy [Economic stability is a factor of security and development of the state]. Ekonomika Ukrainy – Economy of Ukraine, 7. pp. 16-25 [in Ukrainian].
2. Natorina A.O. (2017) Dominanty tsyfrovoi transformatsii ekonomiky krainy [Digital transformation dominants of the of the country’s economy]. Naukovyj visnyk Poltavs'koho universytetu ekonomiky i torhivli. Seriia : Ekonomichni nauky – Scientific Bulletin of Poltava University of Economics and Trade. Series: Economic Sciences. 5. pp. 146-151 [in Ukrainian].
3. Okhrimenko A.O. (2011) Vyznachennia poniat' ryzyk i upravlinnia ryzykamy v sferi informatsijnoi bezpeky [Definition of risk concepts and risk management in information security]. Systemy obrobky informatsii – Information processing systems, 7 (97). pp. 133-134 [in Ukrainian].
4. Honcharuk I.V. (2013) Aspekty sutnosti j otsinky efektyvnosti ahrarnoi pidpryiemnyts'koi diial'nosti [Aspekty sutnosti j otsinky efektyvnosti ahrarnoi pidpryiemnyts'koi diial'nosti]. Ahroinkom – Ahroinkom. 7-9. pp. 100-103 [in Ukrainian].
5. Kislov D.V. (2015) Informatsijni ryzyky upravlins'kykh system. [Information risk of management systems]. Molodyj vchenyj – Young Scientist, 7(2), pp. 144-147 [in Ukrainian].
6. Koliadenko S.V. (2011) Strukturna transformatsiia v hospodars'kykh kompleksakh APK rehionu [Structural transformation of economic systems of agriculture in the region]. Zbirnyk naukovykh prats' VNAU. Seriia: Ekonomichni nauky – Collection of scientific works of VNAU. Series: Economic Sciences. 2 (53). Vol. 3. pp. 181-187 [in Ukrainian].
7. Sajt Opendatabot. Servis monitorynhu reiestratsijnykh danykh ta sudovoho reiestru dlia zakhystu aktyviv [Registration and court monitoring service for asset protection]. Retrieved from https://opendatabot.ua/ [in Ukrainian].
8. Artyschuk I.V. (2011) Pidkhody do pobudovy karty ryzykiv na osnovi vrakhuvannia vplyvu bazovykh faktoriv na diial'nist' torhovel'noho pidpryiemstva [Approacher to the construction of maps based on risk of incorporation of factors for trading enterprises]. Torhivlia, komertsiia, pidpryiemnytstvo: zbirnyk naukovykh prats' – Trade, commerce, entrepreneurship: a collection of scientific works. Vol. 13. pp. 101-107 [in Ukrainian].
9. Kiseleva I.A. & Iskadzhjan S.O. (2017) Upravlenie informacionnymi riskami v biznese [Information risk management in business]. Innov: jelektronnyj nauchnyj zhurnal – Innov: an electronic scientific journal, 1 (30). Retrieved from http://www.innov.ru/science/economy/upravlenie-informatsionnymi-riskami/ [in Russian].
10. Kozlova E.A. (2013) Ocenka riskov informacionnoj bezopasnosti s pomoshh'ju metoda nechetkoj klasterizacii i vychislenija vzaimnoj informacii [Assessing information security risks using the fuzzy clustering method and the calculation of mutual information]. Molodoj uchjonyj – Young scientist. 5. pp. 154-161. Retrieved from https://moluch.ru/archive/52/6967/ [in Russian].
11. Fedulova I.V. (2019) Stratehiia ryzyk-menedzhmentu [Risk management strategy]. Menedzhment ta pidpryiemnytstvo v Ukraini: etapy stanovlennia i problemy rozvytku – Management and Entrepreneurship in Ukraine: Stages of Formation and Problems of Development. Vol. 1. pp. 65-74 [in Ukrainian].
12. Chunar'ova A.V., Parkhomenko I.I. & Saschuk I.I. (2014) Analiz pidkhodiv ta prohramnykh rishen' otsinky i kontroliu informatsijnykh ryzykiv v komp'iuteryzovanykh systemakh [Analysis of approaches and software solutions for information risk assessment and control in computer systems]. Visnyk Inzhenernoi akademii Ukrainy – Bulletin of engineering academy of Ukraine, Vol. 2, pp. 138-142 [in Ukrainian].
13. DSTU ISO/IEC 27005:2015 Informatsijni tekhnolohii. Metody zakhystu. Upravlinnia ryzykamy informatsijnoi bezpeky [DSTU ISO / IEC 27005: 2015 Information technology. Methods of protection. Information security risk management]. Retrieved from http://online.budstandart.com/ua/catalog/doc-page.html?id_doc=66912 [in Ukrainian].
14. Buchyk S.S. & Mel'nyk S.V. (2015) Metodyka otsiniuvannia informatsijnykh ryzykiv v avtomatyzovanij systemi [Methods of estimation of informative risks in automated system]. Problemy stvorennia, vyprobuvannia, zastosuvannia ta ekspluatatsii skladnykh informatsijnykh system: zbirnyk naukovykh prats' – Problems of creation, testing, application and operation of complex information systems: a collection of scientific works. Vol. 11. pp. 33-43 [in Ukrainian].
15. Kuznietsova N.V. (2018) Finansovyj ryzyk-menedzhment z urakhuvanniam informatsijnykh ryzykiv [Financial risk management based on information risks]. Reiestratsiia, zberihannia i obrobka danykh – Registration, storage and processing of data. Vol. 1, pp. 30-39 [in Ukrainian].
16. Lipaev V.V. (2004) Funkcional'naja bezopasnost' programmnyh sredstv [Functional safety of software]. M.: SINTEG 348 p. [in Russian].
17. Polozhennia pro orhanizatsiiu systemy upravlinnia ryzykamy v bankakh Ukrainy ta bankivs'kykh hrupakh. Postanova Pravlinnia Natsional'noho banku Ukrainy 11.06.2018. 64. Retrieved from https://zakon.rada.gov.ua/laws/show/v0064500-18/ed20180611#n34 [in Ukrainian].
18. Kuznietsova N.V. (2014) Deiaki aspekty minimizatsii informatsijnykh ryzykiv u bankivs'kij diial'nosti [Some aspects of minimizing information risks in banking]. Systemni doslidzhennia ta informatsijni tekhnolohii – System research & information technologies. 1. pp. 7-19 [in Ukrainian].
19. ISO/IEC GUIDE 73:2002. Risk management-Vocabulary – Guidelines for use in standards. International Organization for Standardization (2002). Retrieved from https://www.iso.org/standard/34998.html [in Switzerland].
20. Korets'ka O.V. (2016) Metody znyzhennia ryzykiv iak zasib zabezpechennia konkurentospromozhnosti pidpryiemstv [Risk mitigation methods as a means of ensuring the competitiveness of enterprises]. Retrieved from: https://www.kpi.kharkov.ua/archive/MicroCAD/2016/S23/s256.pdf [in Ukrainian].
21. Denysenko A.V. (2014) Rol' ta mistse kontroliu v protsesi upravlinnia ryzykamy na turystychnykh pidpryiemstvakh [Role of control in risk management in the travel companies]. Ekonomika i rehion – Economy and region. 2, pp. 81-85 [in Ukrainian].
About the journal
С1 Economics and International Economic Relations (by specialization)
D1 Accounting and Taxation
D2 Finance, Banking, Insurance and Stock Market
D3 Management
D4 Public Management and Administration
D5 Marketing
D7 Trade
J3 Tourism and Recreation
Founded in 1997 under the name ”Bulletin of Vinnytsia State Agricultural Institute”. In 2010-2014 it was published under the name “Collection of Scientific Papers of Vinnytsia National Agrarian University”. Since 2015 “Economics, finance, management: current issues of science and practical activity” (Certificate of State Registration of Mass Media No. 21154-10954 PR dated 12/31/2014).
