graduate student
In the context of the deep digitalization of the economy and the growth of cyber threats, information security is being transformed from a highly specialized technical function into a strategic element of corporate governance and risk management. The article provides a theoretical and methodological analysis of information security as a complex, multicomponent management object integrated into the overall management system of the organization. Based on international standards (ISO/IEC 27001), national legislation (Federal Law No. 149-FZ) and the work of leading researchers (B. von Solms, R. Baskerville) reveals the key characteristics of information security: sociotechnical nature, risk-orientation, regulatory burden and dynamism. The author systematizes five theoretical approaches to understanding information security in management optics — resource-oriented, risk-oriented, process (PDCA), sociotechnical and institutional — and based on them offers a structural and functional information security management model that includes three hierarchical levels (strategic, tactical, operational) and five basic management functions. Special attention is paid to the evolution of information security from the "first generation" (technical support) to the "second generation" (strategic integration into corporate governance, ERM, compliance and BCM). The article emphasizes that effective information security management in modern conditions is impossible without its understanding as a complex subsystem in which technological measures, organizational processes, the human factor and regulatory requirements act in a single management contour. The findings provide a theoretical basis for further empirical research in the field of ISMS maturity metrics, the impact of corporate culture on security, and the strategic positioning of information security in the digital economy.
information security, information security management system (ISMS), corporate governance, risk-based approach, sociotechnical system, information assets, PDCA cycle, cyber risks
1. IBM reports average breach costs hit record $4.88M in 2024, up 10% from last year. URL:https://siliconangle.com/2024/07/30/ibm-reports-average-breach-costs-hit-record-4-88m-2024-10-last-year/ (data obrascheniya: 12.10.2025 g.)
2. Vasil'eva I.N., Stel'mashonok E.V. Sovremennyy vzglyad na upravlenie informacionnoy bezopasnost'yu predpriyatiya. Vestnik INZhEKONa. Seriya: Ekonomika. 2014. № 1 (68). S. 166-171.
3. Rudneva N.I. Menedzhment ekonomicheskoy bezopasnosti v sociotehnicheskih sistemah: suschnost' i specifika. Nauka i Obrazovanie. 2025. T. 8. № 1.
4. Federal'nyy zakon ot 27.07.2006 g. № 149-FZ «Ob informacii, informacionnyh tehnologiyah i o zaschite informacii». URL:http://www.kremlin.ru/acts/bank/24157 (data obrascheniya: 12.10.2025 g.)
5. Upravlenie riskami informacionnoy bezopasnosti. Standart ISO/IEC 27005:2018. URL:https://www.securityvision.ru/blog/upravlenie-riskami-informatsionnoy-bezopasnosti-chast-6-standart-iso-iec-27005-2018/ (data obrascheniya: 12.10.2025 g.)
6. Kozachok V.I. Informacionnaya bezopasnost' korporacii kak ob'ekt social'nogo upravleniya. Vlast'. 2017. T. 25. № 5. S. 74-82.
