As a result of mastering the materials of this chapter, students must:


- the content and nature of managing information risks and ensuring information security;

- principles of information security;

be able to

- justify the need to move from countering threats to information security to managing information risks;

- to classify threats to information security;

- analyze threats to information security;


- skills of operating the basic concepts of information security.

Information security and information risk management

The problem of ensuring the safe use of information as the development of human civilization has become increasingly important. In the information society, it is one of the main factors affecting the development of information technology.

In modern history, we can distinguish three major stages in the development of the problem of information security:

1) until the 1950s;

2) from the 1950s to the 1980s;

3) since the 1980s. to the present.

At the first stage, the task of preserving the confidentiality of information was dominant and, if the problem was excluded

we transfer information using technical means, it was solved mainly through organizational arrangements.

At the second stage, with the advent of computers, the problem of reliability of storage and transmission of information, ensuring the uninterrupted functioning of information systems became acute. Network technologies were mastered. For many production and management processes, it was possible to return to manual methods in the event of failure of automated systems.

The current stage is characterized by the following features:

• the increasing role and importance of information in the life of society;

• Informatization of all spheres of society;

• qualitative changes in information technology;

• The unprecedented growth in the costs of information technology and information security, on the one hand, and the multiple increase in damage associated with the infringement of the security of information resources - on the other (world costs for information technology in 2012 are projected at the rate of about 2 , 7 trillion dollars, and the annual damage to the world community from information risks has already exceeded 1 trillion dollars.)

The current state of the problem of ensuring information security has led to a change in approaches to managing information security. This is reflected in the change in terminology. In the mid-1990s. the concept of "information risk" is introduced. Information Risk - is the possibility of a negative random event occurring in the information system of an enterprise, as a result of which an enterprise is damaged. First, a negative event was understood as an event, leading only to a decrease in the level of information security. Currently, under the definition of negative event is understood not only a violation of information security, but also a reduction in the quality of information to a level where the use of such information leads to damage to the enterprise. Thus, information security is provided within the framework of information risk management.

Going to the concept of "information risk allowed:

• Link negative events in the field of information security with the final results of the enterprise, with the impact of these events on the main business processes;

• apply to management of information risks economic management methods;

• raise the problem of ensuring information security at the level of the first persons of enterprises;

• involve managers of key business processes and all users of information systems in solving information security problems.

In the modern interpretation of the expression "providing information security or information protection are understood as the use of special methods and means by specialists of IT departments, security services and information security services, as well as users of information systems to prevent negative events (the implementation of threats) in the information system.

When considering the problems of information security under the information system (IS) is understood a complex of information elements and connections between them. As information elements, means for storing, processing, issuing and transmitting information of any physical nature, as well as communication between them, are considered.

One of the central information elements is a person who is related to the information process of the enterprise. An important element of the information system is a computer system (KS), which means any hardware-software for input, storage, transformation and transmission of information. Computer systems are relatively simple devices such as smartphones and netbooks, as well as complex systems, such as supercomputers or global computer networks.

Information resources include all information resources of manual information technologies. The proportion of printed documents, unencrypted photos, maps and other similar information carriers in the total volume of information technologies is constantly decreasing, but still remains quite significant.

Also We Can Offer!

Other services that we offer

If you don’t see the necessary subject, paper type, or topic in our list of available services and examples, don’t worry! We have a number of other academic disciplines to suit the needs of anyone who visits this website looking for help.

How to ...

We made your life easier with putting together a big number of articles and guidelines on how to plan and write different types of assignments (Essay, Research Paper, Dissertation etc)