Analysis of the original data for the formation of information security policy at the enterprise

The article considers the factors that are to be analyzed in the process of information security policy formation at the enterprise as a whole and in each of its business processes in particular as well as the classification of information security threats (by the aspect of information security to which the threats are directed, by the location of the source of threats, by the size of the damage caused, by the degree of influence on the information system, by the nature of its occurrence) and their potential carriers – security violators (by place of action, by motive, by level of knowledge of information system, by level of opportunity, by time of action). Based on the requirements of the current legislation, the author proposes to formulate the appropriate models of threats and violators, based on the needs of the enterprise, and taking into account the importance of the information to be protected. The analysis of threats and violators of information security allows the head of the company to formulate an optimal security policy, applying a specific set of measures aimed at its implementation. At the same time, particular attention is paid to the ratio of possible losses to expenditures aimed at preventing the realization of specific threats. The basis for further research on the formation of information security policy at the enterprise, with the identification of critical data, the loss of which can significantly affect the economic performance of the enterprise; forming of functional security profiles, taking into account the need for maximum protection at minimal cost.