ОСОБЛИВОСТІ ТЕХНІКО-ТЕХНОЛОГІЧНОГО МЕНЕДЖМЕНТУ ІНФОРМАЦІЙНОЇ БЕЗПЕКИ ПІДПРИЄМСТВА В УМОВАХ БІЗНЕС-СЕРЕДОВИЩА

The article actualizes the need to study the enterprise information security management system, in particular in its technical and technological part. On the basis of the conducted researches the basic levels at which there was maintenance of information security are allocated: physical, program, normative-legal, technical-technological and organizational-administrative levels. The system of management of technical and technical protection of information in information systems was formed, which includes subjects (special subjects of protection system, management, specialists and personnel), objects (databases, documentation in electronic form and on paper, information, constituting a trade secret, technological, technical and production information) and technical-technological, hardware, software, organizational and managerial tools for managing the protection of the information system. Taking into account the proposed management system of technical and technological protection of information in information systems, its functions, tasks, stages of implementation and other aspects, the directions and basic tools for technical and technological management of information security of the business entity were identified. The main directions of the management system of technical and technological protection of information were defined: management of information security incidents, regular updating of software security, access control and password policy control, audit of network infrastructure. The tools of technical and technological management of information security of the enterprise were characterized by: modules of trusted loading, analysis of security of information systems, protection against viruses and spam, DLP-systems, protection of virtual infrastructure, intrusion detection systems. Effective implementation of the system of technical and technological management of information security of the enterprise was proposed to implement on the basis of the model "Lifecycle Security", which regulates and describes the stages of building a corporate information security system and organizational modes of information system protection in general, means of information protection.