V.I. Korolev - Dr. Sc. (Eng.), Professor, Department No. 41, National Research Nuclear University «Moscow Engineering Physics Institute» (MEPhI); Leading Research Scientist, Federal Research Centre «Informatics and Management» of the Russian Academy of Sciences (FRC IM RAS). E-mail: vkorolev@ipiran.ru

The article deals in the conceptual aspects of information security structuring at large enterprises of integrated business, working at the conditions of corporate management. There are identified, formulated and proposed main factors which make an influence on resolving information security problems in corporate business management. These ones are provided as follows: the necessity of creating a single information space for the enterprises and organizations of the corporation, the problem of the dynamic development of business applications and inheritance providing information systems, the total cost of information technology on the stages of the life cycle of systems, spatial dispersion of sites for the location of objects of protection and others. There is a justified and proposed approach to the structure of the system components of information security and management in the сorporation, the comprehensive system of information protection regarding individual information objects is subjected, its functional purpose is defined. There are basic provisions of the architectural approach for the design of information security of corporations and the basic structure of information security system organization. The standard architecture of enterprise systems information security management is proposed. Enterprise information security management takes into consideration the integration of management processes and consolidation of resources to ensure information security policy. The architecture of enterprise systems information security management is based on the modern view of management: a systematic approach to information security management and process approach in the implementation of management of information security.

 

1. Bezopasnost informacii v korporativnykh informacionnykh sistemakh. Vnutrennie ugrozy //Analiticheskijj centr InfoWatch. 2013. www.infowatch.ru/analytics.
2. Belenkov V.G. Voprosy metodicheskogo obespechenija postroenija perspektivnogo KSA // Sistemy vysokojj dostupnosti. № 1−2. 2007. T. 3. S. 5−35.
3. Koroljov V.I. Metodologija postroenija kompleksnojj zashhity informacii na obektakh informatizacii // Sistemy vysokojj dostupnosti. № 4. 2009. T. 5. S. 4−24.
4. Maljuk A.A., Gorbatov V.S.,Koroljov V.I., Fomichjov V.M.,Durakovskijj A.P., Kondrateva T.A.Vvedenie v informacionnuju bezopasnost: Ucheb. posobie dlja vuzov. M.: Gorjachaja linija - Telekom. 2011. 288 s. http://techbook.ru/maljuk.html.
5. Podkhod sistemnojj inzhenerii k upravleniju zhiznennym ciklom. Ponjatijjnyjj minimum. PraxOS. 1.0. 2008. http://techinvestlab.ru/files/495344/se_ls_minimum_praxos_1.doc.
6. Simmonds M., Mehnsill EH. Zashhita informacii: CHast 1. Informacionnaja bezopasnost. «SAFER» - vozmozhnosti zashhity informacii // Resurs IBM developer Works Rossija. 2011. http://www.ibm.com/developerworks/ru/library/ws-datagovpart1/index.html.
7. Rechtin E. System Architecting: Creating and building complex systems. Prentice-Hall. 1991.
8. Federalnyjj zakon Rossijjskojj Federacii ot 27 ijulja 2006 g. № 149-FZ «Ob informacii, informacionnykh tekhnologijakh i o zashhite informacii» (s izmenenijami na 21 ijulja 2014 g.).
9. GOST 34003-90. Mezhgosudarstvennyjj standart. INFORMACIONNAJA TEKHNOLOGIJA. Kompleks standartov na avtomatizirovannye sistemy. AVTOMATIZIROVANNYE SISTEMY. Terminy i opredelenija.
10. GOST R 51275-2006. NACIONALNYJJ STANDART ROSSIJJSKOJJ FEDERACII. Zashhita informacii. OBEKT INFORMATIZACII. FAKTORY, VOZDEJJSTVUJUSHHIE NA INFORMACIJU. Obshhie polozhenija.
11. GOST R 50922-2006. NACIONALNYJJ STANDART ROSSIJJSKOJJ FEDERACII. Zashhita informacii. OSNOVNYE TERMINY I OPREDELENIJA.
12. GOST R ISO/MEHK 27001-2006. Informacionnaja tekhnologija. METODY I SREDSTVA OBESPECHENIJA BEZOPASNOSTI. Sistemy menedzhmenta informacionnojj bezopasnosti.
13. GOST R ISO/MEHK 27002-2012. NACIONALNYJJ STANDART ROSSIJJSKOJJ FEDERACII. Informacionnaja tekhnologija. METODY I SREDSTVA OBESPECHENIJA BEZOPASNOSTI. Svod norm i pravil menedzhmenta informacionnojj bezopasnosti.