ANALYTICAL REVIEW OF APPROACHES TO DEVELOPING INFORMATION SECURITY POLICIES FOR AUTOMATED INFORMATION SYSTEMS

Abstract

At present, when threats to information security have reached unprecedented proportions, issues of information security and sustainable development of automated information systems (AIS) are acquiring a special side. The steadily increasing pressure on AIS by intruders and cybercriminals, simultaneously aggravated by the activities of employees servicing and operating these systems, activates the need for an integrated approach to ensuring information protection in AIS and a thorough analysis of the security status of all components and subsystems included in the AIS. In this light, monitoring the security status of AIS is a central aspect for assessing and forecasting changes caused by the impact of external and internal threats to information security. This not only allows you to track the security status of AIS from information security threats, but also to identify trends in changes in the level of their modification and development, assess possible risks and the level of damage not caused by information security incidents. The complexity and significance of this problem require the use of the latest technologies and approaches. One of the key steps necessary to solve the problem is the high-quality development of an information security policy in the AIS. This paper examines in detail the stages of development and various approaches and methods for developing an information security policy, including normative, risk, proactive, and reactive approaches. A comparative analysis of these approaches is conducted in terms of their advantages and disadvantages. Recommendations are presented for using a combined approach to create an effective information security system that ensures comprehensive security of information transmitted, stored, and processed in the AIS.