УДК 338.43 : 004. 056
JEL classification: F52; M15
Introduction. The purpose of the article was to develop methodological foundations for assessing and diagnosing the information security of agricultural enterprises.
Methods of research. The tasks of the article were solved by means of general and special methods of research: analysis and synthesis, systematization and generalization, method of grouping, dialectical approach.
Results. The ways and methods of the information security assessment of the enterprise were defined and characterized. Among them are: standard-based assessment, risk-oriented assessment and economic indicators. Much of the methodology for assessing the level of an enterprise information security, agrarian enterprise in particular, were based on the identification of information risks based on US and British methods CRAMM, FRAP, OCTAVE, NIST, MSAT, COBRA and Russian GRIF 2006 methodology.
Originality. It was proved that for methodological bases development of estimation and diagnostics of enterprise information security level it is expedient to use advantages of estimation methods by standard, at risk of information system and using group and private indicators of economic component of information security estimation.
Practical importance. The concept of the methodology development for economic assessment and information security diagnostics of agri-food enterprises was proposed, which takes into account the advantages of the considered diagnostics and assessment methods of the information security level of agricultural enterprises, offers a quantitative and qualitative assessment of its components, determines the impact of integrated indexes on the performance indicators and safety of subjects agricultural business, and, as a result, offer effective ways to optimize the management of information security companies in agri-food sector. The main scientific provisions of the article can be used in the practice of agricultural enterprises.
Keywords: concept, economic indicators of assessment, enterprise of agro-food sphere, management of information security, methodology, methods of assessment of information security, risk-oriented approach, standard.
- Andrianov, V. V. Obespecheniye informatsionnoy bezopasnosti biznes [Providing information security for business]. Available at: https://econ.wikireading. ru/25723.
- Buchik, S. S., Shalaev, V. A. (2017). «Analysis of instrumental methods for determining information security risks of information and telecommunication systems». Naukoyemni tekhnolohiyi. no 3(35), 2015-225.
- Diachkov, D. V. (2017). «Methodical approaches to assessment of information security of the enterprise». Visnyk Sumsʹkoho natsionalʹnoho ahrarnoho universytetu: Seriya «Ekonomika i menedzhment». no 12 (74), pp. 87-92.
- Zefirov, L., Alekseev, V. M. (2011). «Methods for assessing the information security of an organization». Trudy Mezhdunarodnogo simpoziuma «Nadezhnost’ i kachestvo». no 2, pp. 407-409.
- Kukanova, Sovremennyye metody i sredstva analiza i upravleniye riskami informatsionnykh sistem kompaniy [Modern methods and means of analysis and risk management of information systems of companies]. Available at: http://citforum.ru /products/dsec/cramm/
- Oksenyuk, V. (2019). Vykorystannya prohramnykh zasobiv dlya otsinky ta upravlinnya ryzykamy informatsiynoyi bezpeky [Using software tools for information security risk assessment and management]. Available at: http://elartu.tntu.edu.ua/bitstream/lib/30437/2/IMST_2019_Okseniuk_V-Use_of_soft ware pdf.
- Pugin, V., Gubareva, O. Yu. (2012). «Overview of risk analysis techniques for information security of an enterprise information system». T-Comm. no 6, pp. 54-57.
- Puzyrenko, H., Ivko, S. O., Lavrut, O. O., Klymovych, O. K. (2015). «Application of information security risk assessment models in information and telecommunication systems». Systemy obrobky informatsiyi. Vol. 3(128), pp. 75-79.
- Puzyrenko, H., Ivko, S. O., Lavrut, O. O. (2014). «Analysis of the process of information security risk management in ensuring the survivability of information and telecommunication systems». Systemy obrobky informatsiyi: Infokomunikatsiyni systemy. Vol.8 (124), pp. 128-134.
- Rodin, S. (2012). «Process approaches to modeling in the field of information security risk management». Matematychni mashyny i systemy. no 4, pp. 142-148.
- Saati, T., Cairns, K. (1991). Analiticheskoye planirovaniye. Organizatsiya system [Analytical planning. Organization of systems]. Radio and communications. Moscow.
- Semkina, A. A., Tsybulin. A. M. (2012). «Assessment of the level of information security of an enterprise through residual risk». Vestnik VolGU. 6. Series 10, pp. 156-159.
- Tsukanova, O. A., Smirnov, S. B. (2014). Ekonomika zashchity informatsii: uchebnoye posobiye, 2-ye izdaniye, izmenennoye i dopolnennoye. [Economics of information security: a training manual, 2nd edition, amended and supplemented]. NRU ITMO. St. Petersburg. Russia.
- Stoneburner, G., Goquen, A., Feringa, A. (2002). Risk management guide for information technology systems. Recommendations of the National Institute of Standards and Technology. Gaithersburg. USA. 55 p.
The article was received 25.07.2019