Decision support system for increasing the level of information security of the enterprise
Anzhelika Azarova, Iryna Dohtieva, Anatoliy ShyianThe article proposes a decision support system (DSS) to increase the level of information security of domestic enterprises, which allows individual selection of methods and tools of such a policy based on expert data, as well as taking into account the wishes of the business entity. Its structure was determined and substantiated; program implementation of such DSS for adaptive selection of methods and means of information security policy was carried out. The main functions of such DSS to increase the level of information security of the enterprise are: user authentication; assessment by an independent information security expert of the priority of protection against possible or potential threats; the ability of the user to choose the most common threats to the company for which it is necessary to take specific protection; offer the user the most appropriate methods of information security policy, taking into account all his wishes; dynamic data update to monitor the latest security methods. The scientific novelty of the obtained results is that it was developed for the first the DSS which allows to increase the level of information security of the enterprise by means of system technique and ER-modelling and to select individual methods and tools of information security policy of enterprise based on the wishes of the entrepreneur and expert assessments text
References
[1] Order of the Cabinet of Ministers of Ukraine No. 167-r “On the Approval of the Concept of the Development of Digital Competences and Approval Plan of Measures for Its Implementation”. (2021, March). Retrieved from https://zakon.rada.gov.ua/laws/show/167-2021-р#Text.
[2] Order of the Cabinet of Ministers of Ukraine No. 67-r “On the Approval of the Concept of the Development of the Digital Economy and Society of Ukraine for 2018-2020 and Approval of the Plan of Measures for Its Implementation”. (2018, January). Retrieved from https://zakon.rada.gov.ua/laws/show/67-2018-р#Text.
[3] Bogush, V.M., & Yudin, O.K. (2005). Information security of the state. Kyiv: MK-Press.
[4] Golubenko, O.L., Khoroshko, V.O., Petrov, O.S., Golovan, S.M., & Yaremchuk, Yu.E. (2010). Policy of information security. Luhansk: SNU named after V. Dalya.
[5] Lenkov, S.V., Peregudov, D.A., & Khoroshko, V.A. (2008). Methods and means of information security. Unauthorized receipt of information. (Vol 1). Kyiv: Ariy.
[6] Lenkov, S.V., Peregudov, D.A., & Khoroshko, V.A. (2008). Methods and means of information security. Information security. (Vol 2). Kyiv: Ariy.
[7] ISO 9000:2015. (2021). Quality management systems − Fundamentals and vocabulary. Retrieved from https://www.iso.org/ru/standard/45481.html.
[8] ISO/IEC 14001:2015. (2021). Environmental management systems - requirements with guidance for use. Retrieved from https://www.iso.org/standard/60857.html.
[9] ISO/IEC 27000:2018. (2018). Information technology − Security techniques − Information security management systems − Overview and vocabulary. Retrieved from https://www.iso.org/standard/73906.html.
[10] ISO/IEC 27001:2013. (2022). Information technology − Security techniques − Information security management systems − Requirements. Retrieved from https://www.iso.org/standard/54534.html.
[11] Kormich, B.A. (2004). Organizational and legal basis of information security policy in Ukraine. (Abstract of Doctoral dissertation, National University of Internal Affairs, Kharkiv, Ukraine).
[12] Gnatienko, G.M., & Snytyuk, V.E. (2008). Expert technologies to make decisions. Kyiv: Maklout.
[13] Kigel, V.R. (2003). Methods and models to support decision-making in market economics. Kiev: СUL.
[14] Bidyuk, P.I., & Korshevnyuk, L.O. (2010). Design of computer information systems to support decision making. Kiev: NNK „IPSA” NTUU „KPI”.