Authors: 
Seryodkin Sergey Petrovich
Receipt date: 
01.07.2021
Section: 
4. Software and technical problems of information security
Year: 
2021
Journal number: 
3(11) 2021
УДК: 
330.322.54
DOI: 

10.26731/2658-3704.2021.3(11). 67-76

Article File: 
PDF icon scientific_approaches_to_the_justification.pdf
Pages: 
67
76
Abstract: 

The article presents practical recommendations and a mechanism for justifying investment in information security for business enterprises. The scientific and practical approach to this problem is analyzed, the main economic methods of investment justification are given. A methodology for justifying investments in information security is proposed, based on the assessment and probability of the implementation of threats to information security and the total cost of costs for eliminating the consequences of the implementation of threats.

Keywords: 
information security
the cost of information assets
investments
costs
risks
negative consequences
List of references: 
  1. Positive Technologies. Company website. Moscow, 2002. Access mode: https://www.ptsecurity.com.
  2. Petrenko, S. A., & Simonov, S. V.Upravlenie informacionnymi riskami. Economicheski opravdannaya bezopasnost. Moscow, DMK Press, 2018, 396 p.
  3. Regionalnaya organizaciya «Sankt-Peterburgskoye obshestvo informatiki, vychislitelnoj tehnici, system cvyazi i upravleniya». Website. St. Petersburg, 1991. Access mode: http://spoisu.ru.
  4. Metodika ocenki ugroz bezopasnosti. Methodological document. FSTEK Rossii. Moscow, 2021, 83 p.
  5. Drobotun, E. B., & Cvetkov, O.B. Postroyenie modeli ugroz bezopasnosti informacii v avtomatizirovannoj sisteme upravleniya kriticheski vazhnymi objektami na osnove scenariev dejstvij narushitelya. Tver, 2016, 9 p.