Information Safety Process Development According to ISО 27001 for an Industrial Enterprise

摘要

The development results of the information security process in accordance with the requirements of ISO 27001 for the conditions of an industrial enterprise are given. To implement the process, we used various information protection tools: software-based, organizational, mixed, etc. The process is described and visualized, the analytical models of process indicators and their quantitative criteria are developed. The methodology that regulates the procedure for the implementation, management and documentation of the information security process for an industrial enterprise was developed. Identification, analysis and assessment of process risks (identified ways of unauthorized receipt of information), developed a plan of preventive actions to minimize and eliminate risks, reflected in the methodology for the process. The results of the work performed have been approved and implemented at the enterprise and have significant practical significance not only for the enterprise, but also for the profile industry as a whole.