N. M. Sinani - Post-graduate Student, GGU (Moscow), Senior Project Manager, JSC «S-Club». E-mail: nsinani@sclub.ru

Information security is a purposeful activity of an enterprise bodies and officials. These activities are carried out by the approved manpower and resources to achieve the status of information security environment, ensure its proper functioning and dynamic development. In the typical organizational structure of any enterprise it is possible to identify the main information flows and major sources and storages of confidential information that require protection. It is necessary to apply a set of remedies that will protect the most valuable resources and valuable information. At the same time, the security system-s cost must optimal and do not exceed the cost of the protected assets. The existing practice of information security separate solutions adaptation shows that the fundamental problem of the adequacy and effectiveness of protection from the point of view of the user are not always taken into consideration. It is necessary to determine the balance between the possible damage from the unauthorized information leakage and the volume of investments spent to ensure the security of information resources. One of the most important considerations when choosing a method of risk assessment is that the results have to be effective in ensuring the implementation of information security systems. Since sophisticated methods of information processing do not always result in unambiguous solution, the implemented system design must be built on different principles than the existing ones. The proposed automated system is built on a new technique of information security systems design. All procedures are based on customers - inquiries. This customer-oriented approach allows building a unique solution that fits all customer criteria, choosing adequate data security facilities and balancing the cost of products and services and the cost of protection.