ISSN 2663-1636 (ɪ) ISSN 2663-1644 (o) ɐɟɧɬɪɚɥɶɧɨɭɤɪɚʀɧɫɶɤɢɣ ɧɚɭɤɨɜɢɣ ɜɿɫɧɢɤ. ȿɤɨɧɨɦɿɱɧɿ ɧɚɭɤɢ, 2019, ɜɢɩ. 3(36) ɋɌȺɌɂɋɌɂɄȺ. ɆȺɌȿɆȺɌɂɑɇȱ ɆȿɌɈȾɂ, ɆɈȾȿɅȱ ɌȺ ȱɇɎɈɊɆȺɐȱɃɇȱ ɌȿɏɇɈɅɈȽȱȲ ȼ ȿɄɈɇɈɆȱɐȱ ɍȾɄ 004.056.5 JEL Classification: M15, Ɇ21 DOI: https://doi.org/10.32515/2663-1636.2019.3(36).219-228 ȼ.Ⱥ. ɉɚɧɱɟɧɤɨ, ɞɨɰ., ɞ-ɪ ɟɤɨɧ. ɧɚɭɤ ɐɟɧɬɪɚɥɶɧɨɭɤɪɚʀɧɫɶɤɢɣ ɞɟɪɠɚɜɧɢɣ ɩɟɞɚɝɨɝɿɱɧɢɣ ɭɧɿɜɟɪɫɢɬɟɬ ɿɦɟɧɿ ȼ. ȼɢɧɧɢɱɟɧɤɚ, ɦ. Ʉɪɨɩɢɜɧɢɰɶɤɢɣ, ɍɤɪɚʀɧɚ Ɇɟɧɟɞɠɦɟɧɬ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ ɤɨɦɟɪɰɿɣɧɨɝɨ ɩɿɞɩɪɢɽɦɫɬɜɚ ɍ ɫɬɚɬɬɿ ɪɨɡɝɥɹɧɭɬɨ ɩɟɪɟɞɭɦɨɜɢ ɮɨɪɦɭɜɚɧɧɹ ɫɢɫɬɟɦɢ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ ɩɿɞɩɪɢɽɦɫɬɜɚ ɬɚ ɜɢɡɧɚɱɟɧɨ ɨɫɨɛɥɢɜɨɫɬɿ ɭɩɪɚɜɥɿɧɧɹ ɧɟɸ. Ɋɨɡɝɥɹɧɭɬɨ ɨɫɧɨɜɧɿ ɩɨɧɹɬɬɹ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ, ʀʀ ɩɪɢɡɧɚɱɟɧɧɹ ɬɚ ɦɟɬɨɞɢ ɜɞɨɫɤɨɧɚɥɟɧɧɹ ɿɧɮɨɪɦɚɰɿɣɧɨɝɨ ɫɟɪɟɞɨɜɢɳɚ ɞɿɹɥɶɧɨɫɬɿ ɩɿɞɩɪɢɽɦɫɬɜɚ ɧɚ ɫɭɱɚɫɧɨɦɭ ɟɬɚɩɿ ɪɨɡɜɢɬɤɭ ɟɤɨɧɨɦɿɱɧɨʀ ɧɚɭɤɢ. ɇɚɜɟɞɟɧɨ ɤɥɚɫɢɮɿɤɚɰɿɹ ɿ ɩɪɢɤɥɚɞɢ ɡɚɝɪɨɡ ɿɧɮɨɪɦɚɰɿɣɧɿɣ ɛɟɡɩɟɰɿ ɬɚ ɭɧɿɮɿɤɨɜɚɧɨ ɧɚɣɛɿɥɶɲ ɭɠɢɜɚɧɿ ɦɟɬɨɞɢ ɞɥɹ ɡɚɛɟɡɩɟɱɟɧɧɹ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ. Ⱦɚɧɨ ɨɩɢɫ ɫɢɫɬɟɦɢ ɦɟɧɟɞɠɦɟɧɬɭ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ. Ɋɨɡɝɥɹɧɭɬɨ ɡɚɯɨɞɢ ɛɟɡɩɟɤɢ ɜ ɤɨɧɬɟɤɫɬɿ ISO 27001. Ⱦɥɹ ɡɚɛɟɡɩɟɱɟɧɧɹ ɤɨɧɮɿɞɟɧɰɿɣɧɨɫɬɿ ɿɧɮɨɪɦɚɰɿʀ ɧɚɞɚɧɨ ɪɟɤɨɦɟɧɞɚɰɿɣ ɳɨɞɨ ɩɿɞɜɢɳɟɧɧɹ ɪɿɜɧɹ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ ɜɿɬɱɢɡɧɹɧɢɯ ɩɿɞɩɪɢɽɦɫɬɜ. ɡɚɯɢɫɬ ɿɧɮɨɪɦɚɰɿʀ, ɿɧɮɨɪɦɚɰɿɣɧɚ ɛɟɡɩɟɤɚ, CISSP, ɦɟɧɟɞɠɦɟɧɬ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ, ɋɆȱȻ, ɡɚɝɪɨɡɢ, ɿɧɮɨɪɦɚɰɿɣɧɿ ɫɢɫɬɟɦɢ ȼ.Ⱥ. ɉɚɧɱɟɧɤɨ, ɞɨɰ., ɞ-ɪ ɟɤɨɧ. ɧɚɭɤ ɐɟɧɬɪɚɥɶɧɨɭɤɪɚɢɧɫɤɢɣ ɝɨɫɭɞɚɪɫɬɜɟɧɧɵɣ ɝ. Ʉɪɨɩɢɜɧɢɰɤɢɣ, ɍɤɪɚɢɧɚ ɩɟɞɚɝɨɝɢɱɟɫɤɢɣ ɭɧɢɜɟɪɫɢɬɟɬ ɢɦɟɧɢ ȼ. ȼɢɧɧɢɱɟɧɤɨ, Ɇɟɧɟɞɠɦɟɧɬ ɢɧɮɨɪɦɚɰɢɨɧɧɨɣ ɛɟɡɨɩɚɫɧɨɫɬɢ ɤɨɦɦɟɪɱɟɫɤɨɝɨ ɩɪɟɞɩɪɢɹɬɢɹ ȼ ɫɬɚɬɶɟ ɪɚɫɫɦɨɬɪɟɧɵ ɩɪɟɞɩɨɫɵɥɤɢ ɮɨɪɦɢɪɨɜɚɧɢɹ ɫɢɫɬɟɦɵ ɢɧɮɨɪɦɚɰɢɨɧɧɨɣ ɛɟɡɨɩɚɫɧɨɫɬɢ ɩɪɟɞɩɪɢɹɬɢɹ ɢ ɨɩɪɟɞɟɥɟɧɵ ɨɫɨɛɟɧɧɨɫɬɢ ɭɩɪɚɜɥɟɧɢɹ ɟɸ. Ɋɚɫɫɦɨɬɪɟɧɵ ɨɫɧɨɜɧɵɟ ɩɨɧɹɬɢɹ ɢɧɮɨɪɦɚɰɢɨɧɧɨɣ ɛɟɡɨɩɚɫɧɨɫɬɢ, ɟɟ ɧɚɡɧɚɱɟɧɢɟ ɢ ɦɟɬɨɞɵ ɫɨɜɟɪɲɟɧɫɬɜɨɜɚɧɢɹ ɢɧɮɨɪɦɚɰɢɨɧɧɨɣ ɫɪɟɞɵ ɞɟɹɬɟɥɶɧɨɫɬɢ ɩɪɟɞɩɪɢɹɬɢɹ ɧɚ ɫɨɜɪɟɦɟɧɧɨɦ ɷɬɚɩɟ ɪɚɡɜɢɬɢɹ ɷɤɨɧɨɦɢɱɟɫɤɨɣ ɧɚɭɤɢ. ɉɪɢɜɟɞɟɧɵ ɤɥɚɫɫɢɮɢɤɚɰɢɹ ɢ ɩɪɢɦɟɪɵ ɭɝɪɨɡ ɢɧɮɨɪɦɚɰɢɨɧɧɨɣ ɛɟɡɨɩɚɫɧɨɫɬɢ, ɭɧɢɮɢɰɢɪɨɜɚɧɵ ɧɚɢɛɨɥɟɟ ɢɫɩɨɥɶɡɭɟɦɵɟ ɦɟɬɨɞɵ ɞɥɹ ɨɛɟɫɩɟɱɟɧɢɹ ɢɧɮɨɪɦɚɰɢɨɧɧɨɣ ɛɟɡɨɩɚɫɧɨɫɬɢ. Ⱦɚɧɨ ɨɩɢɫɚɧɢɟ ɫɢɫɬɟɦɵ ɦɟɧɟɞɠɦɟɧɬɚ ɢɧɮɨɪɦɚɰɢɨɧɧɨɣ ɛɟɡɨɩɚɫɧɨɫɬɢ. Ɋɚɫɫɦɨɬɪɟɧɵ ɦɟɪɵ ɛɟɡɨɩɚɫɧɨɫɬɢ ɜ ɤɨɧɬɟɤɫɬɟ ISO 27001. Ⱦɥɹ ɨɛɟɫɩɟɱɟɧɢɹ ɤɨɧɮɢɞɟɧɰɢɚɥɶɧɨɫɬɢ ɢɧɮɨɪɦɚɰɢɢ ɩɪɟɞɨɫɬɚɜɥɟɧɨ ɪɟɤɨɦɟɧɞɚɰɢɢ ɩɨ ɩɨɜɵɲɟɧɢɸ ɭɪɨɜɧɹ ɢɧɮɨɪɦɚɰɢɨɧɧɨɣ ɛɟɡɨɩɚɫɧɨɫɬɢ ɨɬɟɱɟɫɬɜɟɧɧɵɯ ɩɪɟɞɩɪɢɹɬɢɣ. ɡɚɳɢɬɚ ɢɧɮɨɪɦɚɰɢɢ, ɢɧɮɨɪɦɚɰɢɨɧɧɚɹ ɛɟɡɨɩɚɫɧɨɫɬɶ, CISSP, ɦɟɧɟɞɠɦɟɧɬ ɢɧɮɨɪɦɚɰɢɨɧɧɨɣ ɛɟɡɨɩɚɫɧɨɫɬɢ, ɋɆɂȻ, ɭɝɪɨɡɵ, ɢɧɮɨɪɦɚɰɢɨɧɧɵɟ ɫɢɫɬɟɦɵ ɉɨɫɬɚɧɨɜɤɚ ɩɪɨɛɥɟɦɢ. Ɂɚ ɪɚɯɭɧɨɤ ɦɚɫɨɜɨʀ ɤɨɦɩ’ɸɬɟɪɢɡɚɰɿʀ ɬɚ ɿɧɮɨɪɦɚɬɢɡɚɰɿʀ ɪɢɧɤɭ ɬɨɜɚɪɿɜ ɿ ɩɨɫɥɭɝ ɫɭɛ’ɽɤɬɢ ɩɿɞɩɪɢɽɦɧɢɰɶɤɨʀ ɞɿɹɥɶɧɨɫɬɿ ɦɚɸɬɶ ɞɨɫɬɭɩ ɞɨ ɪɿɡɧɨɦɚɧɿɬɧɨʀ ɿɧɮɨɪɦɚɰɿʀ, ɿ ɬɢɦ ɫɚɦɢɦ ɭ ɧɢɯ ɩɨɥɟɝɲɭɸɬɶɫɹ ɩɪɨɰɟɫɢ ɜɢɪɨɛɧɢɰɬɜɚ, ɭɩɪɚɜɥɿɧɧɹ ɿ ɡɛɭɬɭ ɩɪɨɞɭɤɰɿʀ. Ɉɞɧɚɤ, ɨɫɬɚɧɧɿɦ ɱɚɫɨɦ ɩɨɱɚɫɬɿɲɚɥɢ ɜɢɩɚɞɤɢ ɟɥɟɤɬɪɨɧɧɨɝɨ ɲɚɯɪɚɣɫɬɜɚ ɬɚ ɤɿɛɟɪɡɥɨɱɢɧɧɨɫɬɿ, ɳɨ ɧɟɝɚɬɢɜɧɨ ɜɿɞɨɛɪɚɡɢɥɨɫɹ ɧɚ ɛɿɡɧɟɫɿ. Ƚɨɫɬɪɚ ɩɪɨɛɥɟɦɚ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ ɤɨɦɟɪɰɿɣɧɢɯ ɨɪɝɚɧɿɡɚɰɿɣ ɧɚɛɭɥɚ ɜɚɠɥɢɜɨɝɨ ɡɧɚɱɟɧɧɹ ɜ ɫɭɱɚɫɧɢɯ ɭɦɨɜɚɯ ɦɚɫɨɜɨɝɨ ɡɚɫɬɨɫɭɜɚɧɧɹ ɤɨɦɩ’ɸɬɟɪɧɢɯ ɿɧɮɨɪɦɚɰɿɣɧɢɯ ɫɢɫɬɟɦ. ȼɿɞɩɨɜɿɞɧɨ, ɧɚɞɿɣɧɢɦ ɡɚɫɨɛɨɦ ɡɚɯɢɫɬɭ ɩɿɞɩɪɢɽɦɫɬɜɚ ɜɿɞ ɿɧɮɨɪɦɚɰɿɣɧɢɯ ɡɚɝɪɨɡ ɽ ɫɬɜɨɪɟɧɧɹ ɞɿɽɜɨʀ ɬɚ ɟɮɟɤɬɢɜɧɨʀ ɫɢɫɬɟɦɢ ɡɚɯɢɫɬɭ. Ⱥɧɚɥɿɡ ɨɫɬɚɧɧɿɯ ɞɨɫɥɿɞɠɟɧɶ ɿ ɩɭɛɥɿɤɚɰɿɣ. ɇɨɪɦɚɬɢɜɧɨ-ɩɪɚɜɨɜɿ ɬɚ ɨɪɝɚɧɿɡɚɰɿɣɧɨ-ɬɟɯɧɿɱɧɿ ɡɚɫɚɞɢ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ ɜɿɞɨɛɪɚɠɟɧɨ ɩɪɚɰɹɯ Ȼ. Ⱥ. Ʉɨɪɦɢɱɚ [4], ɚ ɬɚɤɨɠ, ɭ ɪɹɞɿ ɦɿɠɧɚɪɨɞɧɢɯ ɫɬɚɧɞɚɪɬɿɜ, ɡɨɤɪɟɦɚ: ȾɋɌɍ ISO/IEC 27001:2015 [3], ISO 27001:2013 [13] ɬɨɳɨ. ___________ © ȼ.Ⱥ. ɉɚɧɱɟɧɤɨ, 2019 219 ISSN 2663-1636 (ɪ) ISSN 2663-1644 (o) ɐɟɧɬɪɚɥɶɧɨɭɤɪɚʀɧɫɶɤɢɣ ɧɚɭɤɨɜɢɣ ɜɿɫɧɢɤ. ȿɤɨɧɨɦɿɱɧɿ ɧɚɭɤɢ, 2019, ɜɢɩ. 3(36) Ɍɟɨɪɟɬɢɱɧɿ ɦɟɧɟɞɠɦɟɧɬɭ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ ɜɢɜɱɚɥɢ ɬɚɤɿ ɜɿɬɱɢɡɧɹɧɿ ɜɱɟɧɿ, ɹɤ: ȱ. Ⱥ. Ɇɚɪɤɿɧɚ [5], Ɉ. ȼ. Ɇɚɬɜɿɽɧɤɨ [6], ȼ. Ƚ. ɋɩɪɿɧɫɹɧ [9], Ɉ. ȱ. Ɍɭɪɱɢɧ [10], ɚ ɬɚɤɨɠ ɡɚɪɭɛɿɠɧɿ ɜɱɟɧɿ – Ⱥ. ȼ. Ⱦɨɪɨɮɟɟɜ [2], Ɍ. Ʉɟɦɩɛɟɥɥ [12], Ƚ. Ɏ. Ɍɿɩɬɨɧ [14] ɬɚ ɿɧɲɿ. ɉɪɢɤɥɚɞɧɿ ɚɫɩɟɤɬɢ ɭɩɪɚɜɥɿɧɧɹ ɿɧɮɨɪɦɚɰɿɣɧɨɸ ɛɟɡɩɟɤɨɸ ɜ ɨɪɝɚɧɿɡɚɰɿʀ ɪɨɡɝɹɞɚɥɢ ɭ ɫɜɨʀɯ ȿ. ȱ. ɇɢɡɟɧɤɨ [7], ɋ. ȼ. ɋɟɜɟɪɢɧɚ [8], ɩɪɚɰɹɯ ɬɚɤɿ ɜɱɟɧɿ: ɋ. ɋ. Ȼɭɱɢɤ [1], Ɉ. ȼ. ɑɟɪɟɜɤɨ [11] ɬɚ ɿɧɲɿ. Ɉɞɧɚɤ, ɧɚɭɤɨɜɢɯ ɩɪɚɰɿ, ɩɪɢɫɜɹɱɟɧɢɯ ɦɟɧɟɞɠɦɟɧɬɭ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ ɤɨɦɟɪɰɿɣɧɨɝɨ ɩɿɞɩɪɢɽɦɫɬɜɚ ɧɚ ɰɟɣ ɱɚɫ ɧɟɞɨɫɬɚɬɧɶɨ. ɉɟɜɧɨɸ ɦɿɪɨ, ɰɟ ɩɨɜ’ɹɡɚɧɨ ɡ ɬɢɦ, ɳɨ ɞɨɫɥɿɞɧɢɤɢ ɡɧɚɱɧɭ ɭɜɚɝɭ ɩɪɢɞɿɥɹɸɬɶ ɡɚɛɟɡɩɟɱɟɧɧɸ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ ɨɪɝɚɧɿɜ ɞɟɪɠɚɜɧɨʀ ɜɥɚɞɢ, ɚɥɟ ɞɨɫɥɿɞɠɟɧɶ, ɩɪɢɫɜɹɱɟɧɢɯ ɫɬɜɨɪɟɧɧɹ ɞɿɽɜɨɝɨ ɦɟɯɚɧɿɡɦɭ ɡɚɯɢɫɬɭ ɿɧɮɨɪɦɚɰɿɣɧɢɯ ɫɢɫɬɟɦ ɜ ɤɨɦɟɪɰɿɣɧɢɯ ɩɿɞɩɪɢɽɦɫɬɜɚɯ, ɞɭɠɟ ɦɚɥɨ, ɳɨ ɪɨɛɢɬɶ ɩɟɪɟɞɭɦɨɜɢ ɞɥɹ ɩɨɞɚɥɶɲɢɯ ɧɚɭɤɨɜɢɯ ɩɨɲɭɤɿɜ. ɍ ɡɜ’ɹɡɤɭ ɡ ɰɢɦ, ɜɢɧɢɤɚɽ ɚɤɬɭɚɥɶɧɚ ɩɨɬɪɟɛɚ ɭ ɫɬɜɨɪɟɧɧɿ ɞɿɽɜɨɝɨ ɭɩɪɚɜɥɿɧɫɶɤɨɝɨ ɦɟɯɚɧɿɡɦɭ ɡɚɯɢɫɬɭ ɿɧɮɨɪɦɚɰɿʀ ɬɚ ɨɪɝɚɧɿɡɚɰɿʀ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ ɧɚ ɤɨɦɟɪɰɿɣɧɢɯ ɩɿɞɩɪɢɽɦɫɬɜɚɯ. ɉɨɫɬɚɧɨɜɤɚ ɡɚɜɞɚɧɧɹ. Ɇɟɬɨɸ ɞɨɫɥɿɞɠɟɧɧɹ ɽ ɜɢɜɱɟɧɧɹ ɫɭɬɿ ɣ ɭɡɚɝɚɥɶɧɟɧɧɹ ɩɪɢɡɧɚɱɟɧɧɹ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ, ɦɟɬɨɞɿɜ ɭɞɨɫɤɨɧɚɥɟɧɧɹ ɿɧɮɨɪɦɚɰɿɣɧɨɝɨ ɫɟɪɟɞɨɜɢɳɚ ɞɿɹɥɶɧɨɫɬɿ ɩɿɞɩɪɢɽɦɫɬɜɚ, ɚ ɬɚɤɨɠ ɮɨɪɦɭɜɚɧɧɹ ɫɢɫɬɟɦɢ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ ɩɿɞɩɪɢɽɦɫɬɜɚ ɬɚ ɜɢɡɧɚɱɟɧɧɹ ɨɫɨɛɥɢɜɨɫɬɟɣ ɭɩɪɚɜɥɿɧɧɹ ɧɟɸ. ȼɢɤɥɚɞ ɨɫɧɨɜɧɨɝɨ ɦɚɬɟɪɿɚɥɭ. ɍɩɪɚɜɥɿɧɧɹ ɛɭɞɶ-ɹɤɨɸ ɫɨɰɿɚɥɶɧɨ-ɟɤɨɧɨɦɿɱɧɨɸ ɫɢɫɬɟɦɨɸ ɩɨɜ’ɹɡɚɧɟ ɡ ɿɧɮɨɪɦɚɰɿɣɧɢɦɢ ɩɪɨɰɟɫɚɦɢ. ȱɧɮɨɪɦɚɰɿɹ ɹɜɥɹɽ ɫɨɛɨɸ ɡɜ’ɹɡɭɸɱɭ ɨɫɧɨɜɭ ɩɪɨɰɟɫɭ ɭɩɪɚɜɥɿɧɧɹ, ɨɫɤɿɥɶɤɢ ɫɚɦɟ ɜɨɧɚ ɦɿɫɬɢɬɶ ɜɿɞɨɦɨɫɬɿ, ɧɟɨɛɯɿɞɧɿ ɞɥɹ ɨɰɿɧɤɢ ɫɢɬɭɚɰɿʀ ɬɚ ɩɪɢɣɧɹɬɬɹ ɭɩɪɚɜɥɿɧɫɶɤɨɝɨ ɪɿɲɟɧɧɹ [9, c. 9]. ɋɭɱɚɫɧɿ ɿɧɮɨɪɦɚɰɿɣɧɿ ɫɢɫɬɟɦɢ ɩɪɢɡɧɚɱɟɧɿ ɞɥɹ ɡɚɛɟɡɩɟɱɟɧɧɹ ɩɪɚɰɟɡɞɚɬɧɨɫɬɿ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɿɧɮɪɚɫɬɪɭɤɬɭɪɢ ɩɿɞɩɪɢɽɦɫɬɜɚ, ɧɚɞɚɧɧɹ ɪɿɡɧɢɯ ɜɢɞɿɜ ɿɧɮɨɪɦɚɰɿɣɧɢɯ ɫɟɪɜɿɫɿɜ, ɚɜɬɨɦɚɬɢɡɚɰɿʀ ɮɿɧɚɧɫɨɜɨʀ ɬɚ ɜɢɪɨɛɧɢɱɨʀ ɞɿɹɥɶɧɨɫɬɿ, ɚ ɬɚɤɨɠ ɛɿɡɧɟɫ-ɩɪɨɰɟɫɿɜ ɨɪɝɚɧɿɡɚɰɿʀ, ɳɨ ɞɨɡɜɨɥɹɸɬɶ ɫɤɨɪɨɬɢɬɢ ɹɤ ɮɿɧɚɧɫɨɜɿ, ɬɚɤ ɿ ɬɪɭɞɨɜɿ ɜɢɬɪɚɬɢ. ȼ ɿɧɮɨɪɦɚɰɿɣɧɢɯ ɫɢɫɬɟɦɚɯ ɡɛɟɪɿɝɚɸɬɶɫɹ ɿ ɨɛɪɨɛɥɹɸɬɶɫɹ ɡɧɚɱɧɿ ɨɛɫɹɝɢ ɿɧɮɨɪɦɚɰɿʀ ɪɿɡɧɨɝɨ ɫɬɭɩɟɧɹ ɫɟɤɪɟɬɧɨɫɬɿ, ɬɨɦɭ ɝɨɫɬɪɨ ɩɨɫɬɚɽ ɩɢɬɚɧɧɹ ɩɪɨ ɡɚɯɢɳɟɧɿɫɬɶ ɰɢɯ ɿɧɮɨɪɦɚɰɿɣɧɢɯ ɫɢɫɬɟɦ ɩɿɞɩɪɢɽɦɫɬɜɚ ɜɿɞ ɪɿɡɧɢɯ ɡɚɝɪɨɡ ɛɟɡɩɟɰɿ ɿɧɮɨɪɦɚɰɿʀ [8, ɫ. 81]. ȼɱɟɧɿ ȿ.ȱ. ɇɢɡɟɧɤɨ ɿ ȼ.ɉ. Ʉɚɥɟɧɹɤ ɜɜɚɠɚɸɬɶ, ɳɨ ɿɧɮɨɪɦɚɰɿɹ ɽ ɜɚɠɥɢɜɢɦ ɫɬɪɚɬɟɝɿɱɧɢɦ ɪɟɫɭɪɫɨɦ ɤɨɦɟɪɰɿɣɧɨɝɨ ɩɿɞɩɪɢɽɦɫɬɜɚ. «Ɂɝɿɞɧɨ ɡ ɩɨɲɢɪɟɧɢɦɢ ɧɢɧɿ ɜ ɭɩɪɚɜɥɿɧɫɶɤɿɣ ɥɿɬɟɪɚɬɭɪɿ ɩɨɝɥɹɞɚɦɢ ɩɨɧɹɬɬɹ ɪɟɫɭɪɫɢ ɨɯɨɩɥɸɽ ɧɟ ɥɢɲɟ ɥɸɞɟɣ, ɤɚɩɿɬɚɥ, ɫɢɪɨɜɢɧɭ, ɚ ɣ ɿɧɮɨɪɦɚɰɿɸ» [10, ɫ. 5]. ȱɧɮɨɪɦɚɰɿɹ ɦɨɠɟ ɿɫɧɭɜɚɬɢ ɭ ɪɿɡɧɨɦɚɧɿɬɧɢɯ ɮɨɪɦɚɯ. ȼɨɧɚ ɦɨɠɟ ɛɭɬɢ ɧɚɞɪɭɤɨɜɚɧɨɸ ɚɛɨ ɧɚɩɢɫɚɧɨɸ ɧɚ ɩɚɩɟɪɿ, ɡɛɟɪɿɝɚɬɢɫɹ ɭ ɟɥɟɤɬɪɨɧɧɨɦɭ ɜɢɝɥɹɞɿ, ɩɟɪɟɞɚɜɚɬɢɫɹ ɩɨɲɬɨɸ ɚɛɨ ɡ ɜɢɤɨɪɢɫɬɚɧɧɹɦ ɟɥɟɤɬɪɨɧɧɢɯ ɡɚɫɨɛɿɜ ɡɜ’ɹɡɤɭ, ɞɟɦɨɧɫɬɪɭɜɚɬɢɫɹ ɧɚ ɩɥɿɜɰɿ ɚɛɨ ɛɭɬɢ ɜɢɪɚɠɟɧɨɸ ɭɫɧɨ. ɇɟɡɚɥɟɠɧɨ ɜɿɞ ɮɨɪɦɢ, ɡɚɫɨɛɿɜ ɪɨɡɩɨɜɫɸɞɠɟɧɧɹ ɿ ɡɛɟɪɿɝɚɧɧɹ, ɿɧɮɨɪɦɚɰɿɹ ɽ ɰɿɧɧɢɦ ɚɤɬɢɜɨɦ ɛɭɞɶ-ɹɤɨʀ ɤɨɦɩɚɧɿʀ [2]. Ɋɨɡɜɢɬɨɤ ɬɟɨɪɿʀ ɭɩɪɚɜɥɿɧɧɹ ɞɨɡɜɨɥɹɽ ɪɨɡɝɥɹɞɚɬɢ ɧɨɜɿ ɫɚɦɨɫɬɿɣɧɿ ɝɚɥɭɡɿ ɭɩɪɚɜɥɿɧɧɹ, ɩɨɜ’ɹɡɚɧɿ ɡ ɭɩɪɚɜɥɿɧɧɹɦ ɿɧɮɨɪɦɚɰɿɣɧɢɦɢ ɪɟɫɭɪɫɚɦɢ, ɜɩɪɨɜɚɞɠɟɧɧɹɦ ɿ ɜɢɤɨɪɢɫɬɚɧɧɹɦ ɿɧɮɨɪɦɚɰɿɣɧɢɯ ɬɟɯɧɨɥɨɝɿɣ ɜ ɞɿɹɥɶɧɨɫɬɿ ɩɿɞɩɪɢɽɦɫɬɜ ɿ ɨɪɝɚɧɿɡɚɰɿɣ, ɭɩɪɚɜɥɿɧɧɹɦ ɩɪɨɰɟɫɚɦɢ ɨɩɪɚɰɸɜɚɧɧɹ ɿɧɮɨɪɦɚɰɿʀ ɜ ɨɪɝɚɧɿɡɚɰɿɹɯ [9, ɫ. 9]. Ɋɨɡɜɢɬɨɤ ɤɨɦɩ’ɸɬɟɪɧɢɯ ɬɟɯɧɨɥɨɝɿɣ ɿ ʀɯ ɜɢɤɨɪɢɫɬɚɧɧɹ ɜ ɛɚɝɚɬɶɨɯ ɫɮɟɪɚɯ ɟɤɨɧɨɦɿɤɢ ɽ ɧɚ ɫɶɨɝɨɞɧɿ ɨɞɧɢɦ ɡ ɝɨɥɨɜɧɢɯ ɮɚɤɬɨɪɿɜ ʀʀ ɟɮɟɤɬɢɜɧɨɫɬɿ. ɉɪɨɬɟ ɩɪɨɝɪɟɫ ɜ ɿɧɮɨɪɦɚɰɿɣɧɨ-ɬɟɯɧɿɱɧɿɣ ɫɮɟɪɿ ɫɬɜɨɪɢɜ ɿ ɩɨɬɟɧɰɿɣɧɿ ɡɚɝɪɨɡɢ ɭ ɜɢɝɥɹɞɿ ɪɨɡɪɨɛɥɟɧɧɹ ɧɨɜɢɯ ɬɚ ɭɞɨɫɤɨɧɚɥɟɧɧɹ ɜɠɟ ɜɿɞɨɦɢɯ ɦɟɬɨɞɿɜ ɧɚɭɤɨɜɨɝɨ ɲɩɢɝɭɧɫɬɜɚ, ɤɨɬɪɿ ɞɨɡɜɨɥɹɸɬɶ ɲɜɢɞɤɨ ɡɧɚɯɨɞɢɬɢ ɜ ɤɨɦɩ’ɸɬɟɪɿ ɧɟɨɛɯɿɞɧɿ ɜɿɞɨɦɨɫɬɿ [10, ɫ. 9]. Ȼ.A. Ʉɨɪɦɢɱ ɪɨɡɭɦɿɽ ɩɿɞ ɿɧɮɨɪɦɚɰɿɣɧɨɸ ɛɟɡɩɟɤɨɸ «ɫɬɚɧ ɡɚɯɢɳɟɧɨɫɬɿ ɜɫɬɚɧɨɜɥɟɧɢɯ ɡɚɤɨɧɨɞɚɜɫɬɜɨɦ ɧɨɪɦ ɬɚ ɩɚɪɚɦɟɬɪɿɜ ɿɧɮɨɪɦɚɰɿɣɧɢɯ ɩɪɨɰɟɫɿɜ ɬɚ ɜɿɞɧɨɫɢɧ, 220 ISSN 2663-1636 (ɪ) ISSN 2663-1644 (o) ɐɟɧɬɪɚɥɶɧɨɭɤɪɚʀɧɫɶɤɢɣ ɧɚɭɤɨɜɢɣ ɜɿɫɧɢɤ. ȿɤɨɧɨɦɿɱɧɿ ɧɚɭɤɢ, 2019, ɜɢɩ. 3(36) ɳɨ ɡɚɛɟɡɩɟɱɭɽ ɧɟɨɛɯɿɞɧɿ ɭɦɨɜɢ ɿɫɧɭɜɚɧɧɹ ɞɟɪɠɚɜɢ, ɥɸɞɢɧɢ ɬɚ ɫɭɫɩɿɥɶɫɬɜɚ ɹɤ ɫɭɛ’ɽɤɬɿɜ ɰɢɯ ɩɪɨɰɟɫɿɜ ɬɚ ɜɿɞɧɨɫɢɧ» [7, ɫ. 15]. ȱɧɮɨɪɦɚɰɿɣɧɚ ɛɟɡɩɟɤɚ ɩɿɞɩɪɢɽɦɫɬɜɚ ɜ ɩɟɪɲɭ ɱɟɪɝɭ ɫɬɨɫɭɽɬɶɫɹ ɡɚɯɢɫɬɭ ɿɧɮɨɪɦɚɰɿɣɧɢɯ ɫɢɫɬɟɦ, ɨɫɨɛɥɢɜɨ ɮɭɧɤɰɿɣ ɹɤɿ ɬɿ ɜɢɤɨɧɭɸɬɶ (ɬɚɛɥ. 1). Ɍɚɛɥɢɰɹ 1 – Ɏɭɧɤɰɿʀ ɿɧɮɨɪɦɚɰɿɣɧɢɯ ɫɢɫɬɟɦ ȼɢɪɨɛɧɢɱɿ Ɏɿɧɚɧɫɨɜɿ ɋɢɫɬɟɦɚ ɦɚɪɤɟɬɢɧɝɭ ɋɢɫɬɟɦɢ ɫɢɫɬɟɦɢ ɬɚ ɫɢɫɬɟɦɢ ɨɛɥɿɤɭ Ⱦɨɫɥɿɞɠɟɧɧɹ ɉɥɚɧɭɜɚɧɧɹ ɍɩɪɚɜɥɿɧɧɹ ɪɢɧɤɭ ɿ ɨɛɫɹɝɿɜ ɪɨɛɿɬ ɿ ɩɨɪɬɮɟɥɟɦ ɩɪɨɝɧɨɡɭɜɚɧɧɹ ɪɨɡɪɨɛɤɚ ɡɚɦɨɜɥɟɧɶ ɩɪɨɞɚɠ ɤɚɥɟɧɞɚɪɧɢɯ ɩɥɚɧɿɜ ɍɩɪɚɜɥɿɧɧɹ Ɉɩɟɪɚɬɢɜɧɢɣ ɍɩɪɚɜɥɿɧɧɹ ɩɪɨɞɚɠɚɦɢ ɤɨɧɬɪɨɥɶ ɿ ɤɪɟɞɢɬɧɨɸ ɭɩɪɚɜɥɿɧɧɹ ɩɨɥɿɬɢɤɨɸ ɜɢɪɨɛɧɢɰɬɜɨɦ Ɋɟɤɨɦɟɧɞɚɰɿʀ ɡ Ⱥɧɚɥɿɡ ɪɨɛɨɬɢ Ɋɨɡɪɨɛɤɚ ɜɢɪɨɛɧɢɰɬɜɚ ɨɛɥɚɞɧɚɧɧɹ ɮɿɧɚɧɫɨɜɨɝɨ ɧɨɜɨʀ ɩɥɚɧɭ ɩɪɨɞɭɤɰɿʀ Ⱥɧɚɥɿɡ ɿ ɍɱɚɫɬɶ ɭ Ɏɿɧɚɧɫɨɜɢɣ ɜɫɬɚɧɨɜɥɟɧɧɹ ɮɨɪɦɭɜɚɧɧɿ ɚɧɚɥɿɡ ɿ ɰɿɧɢ ɡɚɦɨɜɥɟɧɶ ɩɪɨɝɧɨɡɭɜɚɧɧɹ ɩɨɫɬɚɱɚɥɶɧɢɤɚɦ Ɉɛɥɿɤ ɍɩɪɚɜɥɿɧɧɹ Ʉɨɧɬɪɨɥɶ ɡɚɦɨɜɥɟɧɶ ɪɟɫɭɪɫɚɦɢ ɛɸɞɠɟɬɭ. Ȼɭɯɝɚɥɬɟɪɫɶɤɢɣ ɨɛɥɿɤ ɿ ɪɨɡɪɚɯɭɧɨɤ ɡɚɪɨɛɿɬɧɨʀ ɩɥɚɬɧɿ ɋɢɫɬɟɦɚ ɤɚɞɪɿɜ Ⱥɧɚɥɿɡ ɿ ɩɪɨɝɧɨɡɭɜɚɧɧɹ ɩɨɬɪɟɛɢ ɭ ɬɪɭɞɨɜɢɯ ɪɟɫɭɪɫɚɯ ȼɟɞɟɧɧɹ ɚɪɯɿɜɿɜ ɡɚɩɢɫɿɜ ɩɪɨ ɩɟɪɫɨɧɚɥ Ⱥɧɚɥɿɡ ɿ ɩɥɚɧɭɜɚɧɧɹ ɩɿɞɝɨɬɨɜɤɢ ɤɚɞɪɿɜ Ɂɚɛɟɡɩɟɱɟɧɧɹ ɩɪɨɰɟɫɭ ɤɚɞɪɨɜɨɝɨ ɭɩɪɚɜɥɿɧɧɹ ȱɧɲɿ ɫɢɫɬɟɦɢ (ɧɚɩɪ., ȱɋ ɤɟɪɿɜɧɢɰɬɜɚ) Ʉɨɧɬɪɨɥɶ ɡɚ ɞɿɹɥɶɧɿɫɬɸ ɨɪɝɚɧɿɡɚɰɿʀ ȼɢɹɜɥɟɧɧɹ ɨɩɟɪɚɬɢɜɧɢɯ ɩɪɨɛɥɟɦ Ⱥɧɚɥɿɡ ɭɩɪɚɜɥɿɧɫɶɤɢɯ ɿ ɫɬɪɚɬɟɝɿɱɧɢɯ ɫɢɬɭɚɰɿɣ ȼɢɪɨɛɥɟɧɧɹ ɫɬɪɚɬɟɝɿɱɧɢɯ ɪɿɲɟɧɶ Ⱦɠɟɪɟɥɨ: [9, ɫ. 19]. ɇɚ ɨɫɧɨɜɿ ɚɧɚɥɿɡɭ ɧɚɭɤɨɜɢɯ ɞɠɟɪɟɥ [1; 2; 3; 5; 8; 10; 11; 14] ɩɟɪɟɥɿɱɢɦɨ ɧɚɣɛɿɥɶɲ ɩɨɲɢɪɟɧɿ ɜɢɞɢ ɩɨɬɟɧɰɿɣɧɢɯ ɡɚɝɪɨɡ ɬɚ ɧɟɛɟɡɩɟɤ ɞɥɹ ɤɨɦɟɪɰɿɣɧɨɝɨ ɩɿɞɩɪɢɽɦɫɬɜɚ ɭ ɫɮɟɪɿ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɞɿɹɥɶɧɨɫɬɿ: ɜɿɞɫɭɬɧɿɫɬɶ ɤɨɩɿɸɜɚɧɧɹ ɜɚɠɥɢɜɢɯ ɛɭɯɝɚɥɬɟɪɫɶɤɢɯ ɬɚ ɨɪɝɚɧɿɡɚɰɿɣɧɨɪɨɡɩɨɪɹɞɱɢɯ ɞɨɤɭɦɟɧɬɿɜ ɧɚ ɦɚɬɟɪɿɚɥɶɧɢɯ ɧɨɫɿɹɯ ɞɚɧɢɯ; ɜɿɞɫɭɬɧɿɫɬɶ ɜɟɞɟɧɧɹ ɩɪɨɬɨɤɨɥɿɜ ɡɦɿɧ ɭ ɩɪɨɝɪɚɦɧɨɦɭ ɡɚɛɟɡɩɟɱɟɧɧɿ; ɧɟɞɨɛɪɨɫɨɜɿɫɧɟ ɜɢɤɨɪɢɫɬɚɧɧɹ ɿɧɮɨɪɦɚɰɿʀ ɩɪɚɰɿɜɧɢɤɚɦɢ ɩɿɞɩɪɢɽɦɫɬɜɚ; ɜɿɞɫɭɬɧɿɫɬɶ ɪɟɝɭɥɸɜɚɧɧɹ ɞɨɫɬɭɩɭ ɤɨɪɢɫɬɭɜɚɱɿɜ ɞɨ ɪɿɡɧɢɯ ɬɢɩɿɜ ɿɧɮɨɪɦɚɰɿʀ ɬɚ ɛɚɡ ɞɚɧɢɯ; ɜɿɞɫɭɬɧɿɫɬɶ ɫɯɟɦ ɿɧɮɨɪɦɚɰɿɣɧɨɝɨ ɡɚɛɟɡɩɟɱɟɧɧɹ ɪɿɜɧɿɜ ɭɩɪɚɜɥɿɧɧɹ; ɦɨɠɥɢɜɿɫɬɶ ɧɟɫɚɧɤɰɿɨɧɨɜɚɧɨɝɨ ɜɬɪɭɱɚɧɧɹ ɜ ɩɪɨɝɪɚɦɧɟ ɡɚɛɟɡɩɟɱɟɧɧɹ ɬɚ ɛɚɡɭ ɞɚɧɢɯ; ɤɪɚɞɿɠɤɚ ɡɚɫɨɛɿɜ ɡɛɟɪɿɝɚɧɧɹ ɿɧɮɨɪɦɚɰɿʀ; 221 ISSN 2663-1636 (ɪ) ISSN 2663-1644 (o) ɐɟɧɬɪɚɥɶɧɨɭɤɪɚʀɧɫɶɤɢɣ ɧɚɭɤɨɜɢɣ ɜɿɫɧɢɤ. ȿɤɨɧɨɦɿɱɧɿ ɧɚɭɤɢ, 2019, ɜɢɩ. 3(36) ɩɪɨɦɢɫɥɨɜɟ ɲɩɢɝɭɧɫɬɜɨ; ɯɚɤɟɪɫɶɤɿ ɚɬɚɤɢ, ɲɤɿɞɥɢɜɟ ɩɪɨɝɪɚɦɧɟ ɡɚɛɟɡɩɟɱɟɧɧɹ, ɤɨɦɩ’ɸɬɟɪɧɿ ɜɿɪɭɫɢ; ɩɿɪɚɬɫɶɤɟ ɩɪɨɝɪɚɦɧɟ ɡɚɛɟɡɩɟɱɟɧɧɹ, ɧɟ ɥɿɰɟɧɡɨɜɚɧɿ ɚɧɬɢɜɿɪɭɫɧɿ ɩɪɨɝɪɚɦɢ, ɜɿɞɫɭɬɧɿɫɬɶ ɡɚɯɢɫɧɨɝɨ ɦɟɪɟɠɟɜɨɝɨ ɟɤɪɚɧɭ ɜɿɞ ȱɧɬɟɪɧɟɬ ɚɬɚɤ; ɧɚɹɜɧɿɫɬɶ ɧɟɩɿɞɡɜɿɬɧɢɯ ɩɨɫɚɞɨɜɢɯ ɨɫɿɛ ɭ ɫɢɫɬɟɦɿ ɭɩɪɚɜɥɿɧɧɹ ɩɿɞɩɪɢɽɦɫɬɜɨɦ. Ɉɬɠɟ, ɿɧɮɨɪɦɚɰɿɣɧɿ ɫɢɫɬɟɦɢ ɜɢɤɨɧɭɸɬɶ ɛɚɝɚɬɨ ɜɚɠɥɢɜɢɯ ɮɭɧɤɰɿɣ, ɨɛ’ɽɞɧɭɜɚɥɶɧɨɸ ɽ ɭɩɪɚɜɥɿɧɫɶɤɚ ɫɢɫɬɟɦɚ. ȼɢɧɢɤɚɽ ɧɟɨɛɯɿɞɧɿɫɬɶ ɫɬɜɨɪɟɧɧɹ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɿɧɮɪɚɫɬɪɭɤɬɭɪɢ ɩɿɞɩɪɢɽɦɫɬɜɚ ɧɚ ɛɚɡɿ ɩɚɪɚɞɢɝɦɢ ɽɞɢɧɨɝɨ ɿɧɮɨɪɦɚɰɿɣɧɨɝɨ ɩɪɨɫɬɨɪɭ ɩɿɞɩɪɢɽɦɫɬɜɚ, ɳɨ ɩɟɪɟɞɛɚɱɚɽ ɿɧɬɟɝɪɚɰɿɸ ɪɿɡɧɨɦɚɧɿɬɧɨɸ ɧɚɭɤɨɜɨ-ɬɟɯɧɿɱɧɨɸ, ɿɧɠɟɧɟɪɧɨɸ, ɮɿɧɚɧɫɨɜɨɸ, ɦɚɪɤɟɬɢɧɝɨɜɨɸ ɿ ɿɧɲɢɯ ɜɢɞɿɜ ɿɧɮɨɪɦɚɰɿʀ ɜ ɪɚɦɤɚɯ ɽɞɢɧɨʀ ɫɢɫɬɟɦɢ. ɋɬɜɨɪɟɧɧɹ ɽɞɢɧɨɝɨ ɿɧɮɨɪɦɚɰɿɣɧɨɝɨ ɩɪɨɫɬɨɪɭ ɞɨɡɜɨɥɹɽ ɪɟɚɥɿɡɭɜɚɬɢ ɽɞɢɧɢɣ ɛɟɡɩɟɪɟɪɜɧɢɣ ɰɢɤɥ ɿɧɧɨɜɚɰɿɣɧɨʀ ɞɿɹɥɶɧɨɫɬɿ ɩɿɞɩɪɢɽɦɫɬɜɚ, ɳɨ ɝɧɭɱɤɨ ɜɪɚɯɨɜɭɽ ɪɢɧɤɨɜɿ ɫɢɝɧɚɥɢ ɜ ɩɪɨɰɟɫɿ ɜɞɨɫɤɨɧɚɥɟɧɧɹ ɩɪɨɞɭɤɰɿʀ, ɞɨɡɜɨɥɹɽ ɹɤɧɚɣɩɨɜɧɿɲɟ ɡɚɞɨɜɨɥɶɧɹɬɢ ɩɨɬɪɟɛɢ ɤɥɿɽɧɬɿɜ [13, ɫ. 348]. ɉɿɞ ɿɧɮɨɪɦɚɰɿɣɧɨɸ ɛɟɡɩɟɤɨɸ (ȱȻ) ɡɚɡɜɢɱɚɣ ɪɨɡɭɦɿɸɬɶ ɫɬɚɧ (ɜɥɚɫɬɢɜɿɫɬɶ) ɡɚɯɢɳɟɧɨɫɬɿ ɪɟɫɭɪɫɿɜ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɫɢɫɬɟɦɢ ɜ ɭɦɨɜɚɯ ɧɚɹɜɧɨɫɬɿ ɡɚɝɪɨɡ ɜ ɿɧɮɨɪɦɚɰɿɣɧɿɣ ɫɮɟɪɿ. Ɂɚɯɢɫɬ ɿɧɮɨɪɦɚɰɿʀ – ɰɟ ɩɪɨɰɟɫ, ɫɩɪɹɦɨɜɚɧɢɣ ɧɚ ɡɚɛɟɡɩɟɱɟɧɧɹ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ. ȼɢɡɧɚɱɚɥɶɧɢɦɢ ɮɚɤɬɨɪɚɦɢ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ ɽ ɡɚɝɪɨɡɚ (threat) ɿ ɪɢɡɢɤ (risk). Ɂɚɝɪɨɡɨɸ ɧɚɡɢɜɚɸɬɶ ɩɨɬɟɧɰɿɣɧɭ ɩɪɢɱɢɧɭ (ɩɨɞɿɹ, ɩɨɪɭɲɟɧɧɹ, ɿɧɰɢɞɟɧɬ), ɳɨ ɡɧɢɠɭɽ ɪɿɜɟɧɶ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ ɫɢɫɬɟɦɢ, ɬɨɛɬɨ ɩɨɬɟɧɰɿɣɧɨ ɡɞɚɬɧɭ ɩɪɢɜɟɫɬɢ ɞɨ ɧɟɝɚɬɢɜɧɢɯ ɧɚɫɥɿɞɤɿɜ (impact) ɿ ɡɛɢɬɤɭ (loss) ɫɢɫɬɟɦɢ ɚɛɨ ɨɪɝɚɧɿɡɚɰɿʀ [5, c. 67]. ȱɧɮɨɪɦɚɰɿɣɧɚ ɛɟɡɩɟɤɚ – ɦɟɯɚɧɿɡɦ ɡɚɯɢɫɬɭ, ɳɨ ɡɚɛɟɡɩɟɱɭɽ: 1) Ʉɨɧɮɿɞɟɧɰɿɣɧɿɫɬɶ: ɞɨɫɬɭɩ ɞɨ ɿɧɮɨɪɦɚɰɿʀ ɬɿɥɶɤɢ ɚɜɬɨɪɢɡɨɜɚɧɢɯ ɤɨɪɢɫɬɭɜɚɱɿɜ. 2) ɐɿɥɿɫɧɿɫɬɶ: ɞɨɫɬɨɜɿɪɧɿɫɬɶ ɿ ɩɨɜɧɨɬɭ ɿɧɮɨɪɦɚɰɿʀ ɬɚ ɦɟɬɨɞɿɜ ʀʀ ɨɛɪɨɛɤɢ. 3) Ⱦɨɫɬɭɩɧɿɫɬɶ: ɞɨɫɬɭɩ ɞɨ ɿɧɮɨɪɦɚɰɿʀ ɬɚ ɡɜ’ɹɡɚɧɢɯ ɡ ɧɟɸ ɚɤɬɢɜɿɜ ɚɜɬɨɪɢɡɨɜɚɧɢɯ ɤɨɪɢɫɬɭɜɚɱɿɜ ɡɚ ɧɟɨɛɯɿɞɧɿɫɬɸ [2]. Ⱦɥɹ ɩɨɛɭɞɨɜɢ ɬɚ ɟɮɟɤɬɢɜɧɨʀ ɟɤɫɩɥɭɚɬɚɰɿʀ ɋɁȱȻ (ɫɢɫɬɟɦɚ ɡɚɛɟɡɩɟɱɟɧɧɹ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ) Ɉ.ȼ. ɑɟɪɟɜɤɨ ɪɟɤɨɦɟɧɞɭɽ: ɜɢɹɜɢɬɢ ɜɢɦɨɝɢ ɡɚɯɢɫɬɭ ɿɧɮɨɪɦɚɰɿʀ, ɫɩɟɰɢɮɿɱɧɿ ɞɥɹ ɞɚɧɨɝɨ ɨɛ'ɽɤɬɚ ɡɚɯɢɫɬɭ; ɜɪɚɯɭɜɚɬɢ ɜɢɦɨɝɢ ɧɚɰɿɨɧɚɥɶɧɨɝɨ ɬɚ ɦɿɠɧɚɪɨɞɧɨɝɨ ɡɚɤɨɧɨɞɚɜɫɬɜɚ; ɜɢɤɨɪɢɫɬɨɜɭɜɚɬɢ ɧɚɩɪɚɰɶɨɜɚɧɿ ɩɪɚɤɬɢɤɢ (ɫɬɚɧɞɚɪɬɢ, ɦɟɬɨɞɨɥɨɝɿʀ) ɩɨɛɭɞɨɜɢ ɩɨɞɿɛɧɢɯ ɋɁȱȻ; ɜɢɡɧɚɱɢɬɢ ɩɿɞɪɨɡɞɿɥɢ, ɜɿɞɩɨɜɿɞɚɥɶɧɿ ɡɚ ɪɟɚɥɿɡɚɰɿɸ ɬɚ ɩɿɞɬɪɢɦɤɭ ɋɁȱȻ; ɪɚɫ ɩɪɨɞɿɥɢɬɢ ɦɿɠ ɩɿɞɪɨɡɞɿɥɚɦɢ ɨɛɥɚɫɬɿ ɜɿɞɩɨɜɿɞɚɥɶɧɨɫɬɿ ɭ ɡɞɿɣɫɧɟɧɧɿ ɜɢɦɨɝ ɋɁȱȻ; ɧɚ ɛɚɡɿ ɭɩɪɚɜɥɿɧɧɹ ɪɢɡɢɤɚɦɢ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ ɜɢɡɧɚɱɢɬɢ ɡɚɝɚɥɶɧɿ ɩɨɥɨɠɟɧɧɹ, ɬɟɯɧɿɱɧɿ ɬɚ ɨɪɝɚɧɿɡɚɰɿɣɧɿ ɜɢɦɨɝɢ, ɫɤɥɚɞɨɜɿ ɩɨɥɿɬɢɤɢ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ ɨɛ'ɽɤɬɚ ɡɚɯɢɫɬɭ; ɪɟɚɥɿɡɭɜɚɬɢ ɜɢɦɨɝɢ ɩɨɥɿɬɢɤɢ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ, ɜɩɪɨɜɚɞɢɜɲɢ ɜɿɞɩɨɜɿɞɧɿ ɩɪɨɝɪɚɦɧɨ-ɬɟɯɧɿɱɧɿ ɡɚɫɨɛɢ ɿ ɫɩɨɫɨɛɢ ɡɚɯɢɫɬɭ ɿɧɮɨɪɦɚɰɿʀ; ɪɟɚɥɿɡɭɜɚɬɢ ɫɢɫɬɟɦɭ ɦɟɧɟɞɠɦɟɧɬɭ (ɭɩɪɚɜɥɿɧɧɹ) ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ (ɋɆȱȻ); ɜɢɤɨɪɢɫɬɨɜɭɸɱɢ ɫɢɫɬɟɦɭ ɭɩɪɚɜɥɿɧɧɹ ɨɪɝɚɧɿɡɭɜɚɬɢ ɪɟɝɭɥɹɪɧɢɣ ɤɨɧɬɪɨɥɶ ɟɮɟɤɬɢɜɧɨɫɬɿ ɋɁȱȻ ɿ ɩɪɢ ɧɟɨɛɯɿɞɧɨɫɬɿ ɩɟɪɟɝɥɹɞ ɿ ɤɨɪɢɝɭɜɚɧɧɹ ɋɁȱȻ [14]. Ⱦɨɫɥɿɞɧɢɰɹ ɋɟɜɟɪɢɧɚ ɋ.ȼ. ɪɨɛɢɬɶ ɜɢɫɧɨɜɨɤ, ɳɨ «ɛɟɡ ɧɚɥɟɠɧɨɝɨ ɡɚɯɢɫɬɭ ɿɧɮɨɪɦɚɰɿɣɧɨɝɨ ɫɟɪɟɞɨɜɢɳɚ ɩɿɞɩɪɢɽɦɫɬɜɚ ɧɟɦɨɠɥɢɜɨ ɡɚɛɟɡɩɟɱɢɬɢ ɣɨɝɨ ɟɤɨɧɨɦɿɱɧɭ ɛɟɡɩɟɤɭ» [11, ɫ. 160]. 222 ISSN 2663-1636 (ɪ) ISSN 2663-1644 (o) ɐɟɧɬɪɚɥɶɧɨɭɤɪɚʀɧɫɶɤɢɣ ɧɚɭɤɨɜɢɣ ɜɿɫɧɢɤ. ȿɤɨɧɨɦɿɱɧɿ ɧɚɭɤɢ, 2019, ɜɢɩ. 3(36) ɋɟɜɟɪɢɧɚ ɋ.ȼ. ɪɟɤɨɦɟɧɞɭɽ ɞɥɹ ɡɚɩɨɛɿɝɚɧɧɹ ɜɬɪɚɬɢ ɬɚ ɜɢɬɨɤɭ ɬɚɽɦɧɢɯ ɞɚɧɢɯ ɧɚ ɩɿɞɩɪɢɽɦɫɬɜɿ ɜɢɤɨɪɢɫɬɨɜɭɜɚɬɢ ɬɚɤɿ ɡɚɫɨɛɢ ʀʀ ɡɚɯɢɫɬɭ: ɮɿɡɢɱɧɿ, ɚɩɚɪɚɬɧɿ, ɩɪɨɝɪɚɦɧɿ, ɚɩɚɪɚɬɧɨ-ɩɪɨɝɪɚɦɧɿ, ɡɚɤɨɧɨɞɚɜɱɿ, ɤɪɢɩɬɨɝɪɚɮɿɱɧɿ ɬɚ ɨɪɝɚɧɿɡɚɰɿɣɧɿ ɦɟɬɨɞɢ [11, ɫ. 159]. Ɂɦɿɫɬ ɪɨɛɿɬ ɤɨɧɬɪɨɥɸ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ ɩɿɞɩɪɢɽɦɫɬɜɚ ɩɨɜɢɧɟɧ ɜɤɥɸɱɚɬɢ: ɡɞɿɣɫɧɟɧɧɹ ɦɨɧɿɬɨɪɢɧɝɭ ɬɚ ɩɟɪɟɜɿɪɤɚ ɩɪɨɰɟɞɭɪ ɬɚ ɿɧɲɢɯ ɡɚɫɨɛɿɜ ɤɨɧɬɪɨɥɸ ɪɢɡɢɤɿɜ (ɡɚɯɢɫɧɢɯ ɡɚɯɨɞɿɜ) ɞɥɹ ɲɜɢɞɤɨɝɨ ɜɢɹɜɥɟɧɧɹ ɩɨɦɢɥɨɤ ɜ ɪɟɡɭɥɶɬɚɬɚɯ ɨɛɪɨɛɤɢ, ɲɜɢɞɤɨʀ ɿɞɟɧɬɢɮɿɤɚɰɿʀ ɩɨɪɭɲɟɧɶ ɛɟɡɩɟɤɢ, ɧɚɞɚɧɧɹ ɤɟɪɿɜɧɢɰɬɜɭ ɿɧɮɨɪɦɚɰɿʀ, ɫɩɪɢɹɧɧɹ ɜɢɹɜɥɟɧɧɸ ɩɨɞɿɣ ɧɟɛɟɡɩɟɤɢ ɿ ɡɚɩɨɛɿɝɚɧɧɹ ɜɢɧɢɤɧɟɧɧɹ ɿɧɰɢɞɟɧɬɿɜ ɡɚɝɪɨɡ ɿɧɮɨɪɦɚɰɿɣɧɿɣ ɬɚ ɿɧɲɢɦ ɜɢɞɚɦ ɛɟɡɩɟɤɢ ɩɿɞɩɪɢɽɦɫɬɜɚ ɡɚ ɞɨɩɨɦɨɝɨɸ ɜɢɤɨɪɢɫɬɚɧɧɹ ɜɿɞɩɨɜɿɞɧɨʀ ɫɢɫɬɟɦɢ ɤɪɢɬɟɪɿʀɜ; ɪɟɝɭɥɹɪɧɿ ɩɟɪɟɜɿɪɤɢ ɟɮɟɤɬɢɜɧɨɫɬɿ ɫɢɫɬɟɦɢ ɦɟɧɟɞɠɦɟɧɬɭ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ (ɜɤɥɸɱɚɸɱɢ ɞɨɬɪɢɦɚɧɧɹ ɩɨɥɿɬɢɤɢ ɿ ɞɨɫɹɝɧɟɧɧɹ ɰɿɥɟɣ ɫɢɫɬɟɦɢ ɦɟɧɟɞɠɦɟɧɬɭ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ, ɩɟɪɟɜɿɪɤɭ ɡɚɫɨɛɿɜ ɤɨɧɬɪɨɥɸ ɛɟɡɩɟɤɢ), ɜɪɚɯɨɜɭɸɱɢ ɪɟɡɭɥɶɬɚɬɢ ɚɭɞɢɬɿɜ ɛɟɡɩɟɤɢ, ɿɧɰɢɞɟɧɬɿɜ, ɪɟɡɭɥɶɬɚɬɢ ɜɢɦɿɪɸɜɚɧɶ ɟɮɟɤɬɢɜɧɨɫɬɿ, ɩɪɨɩɨɡɢɰɿʀ ɭɫɿɯ ɡɚɰɿɤɚɜɥɟɧɢɯ ɫɬɨɪɿɧ; ɩɟɪɟɝɥɹɞ ɨɰɿɧɤɢ ɪɿɜɧɹ ɪɢɡɢɤɭ ɱɟɪɟɡ ɡɚɩɥɚɧɨɜɚɧɿ ɿɧɬɟɪɜɚɥɢ ɱɚɫɭ, ɚ ɬɚɤɨɠ ɜɢɡɧɚɱɟɧɧɹ ɡɚɥɢɲɤɨɜɢɯ ɪɢɡɢɤɿɜ ɬɚ ɿɞɟɧɬɢɮɿɤɚɰɿɹ ɩɪɢɣɧɹɬɧɢɯ ɪɿɜɧɿɜ ɪɢɡɢɤɭ ɜɿɞɩɨɜɿɞɧɨ ɞɨ ɡɦɿɧ ɜ ɨɪɝɚɧɿɡɚɰɿʀ ɬɚ ɜ ʀʀ ɨɩɟɪɚɰɿɣɧɨɦɭ ɿ ɛɿɡɧɟɫ-ɫɟɪɟɞɨɜɢɳɿ; ɡɞɿɣɫɧɟɧɧɹ ɜɧɭɬɪɿɲɧɿɯ ɚɭɞɢɬɿɜ ɞɿɹɥɶɧɨɫɬɿ ɫɢɫɬɟɦɢ ɦɟɧɟɞɠɦɟɧɬɭ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ; ɡɞɿɣɫɧɟɧɧɹ ɩɟɪɟɜɿɪɤɢ ɤɟɪɿɜɧɢɰɬɜɨɦ ɫɢɫɬɟɦɢ ɦɟɧɟɞɠɦɟɧɬɭ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ ɞɥɹ ɩɿɞɬɜɟɪɞɠɟɧɧɹ ɚɞɟɤɜɚɬɧɨɫɬɿ ɫɮɟɪɢ ʀʀ ɞɿʀ ɿ ɟɮɟɤɬɢɜɧɨɫɬɿ ɡɚɯɨɞɿɜ ɳɨɞɨ ɜɞɨɫɤɨɧɚɥɟɧɧɹ ɫɢɫɬɟɦɢ ɦɟɧɟɞɠɦɟɧɬɭ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ [8, ɫ. 86]. ȼ ɬɚɛɥɢɰɿ 2 ɧɚɜɟɞɟɧɨ ɯɚɪɚɤɬɟɪɢɫɬɢɤɭ ɨɫɧɨɜɧɢɯ ɦɿɠɧɚɪɨɞɧɢɯ ɫɬɚɧɞɚɪɬɿɜ ɡ ɭɩɪɚɜɥɿɧɧɹ ɿɧɮɨɪɦɚɰɿɣɧɢɦɢ ɪɢɡɢɤɚɦɢ ɧɚ ɤɨɦɟɪɰɿɣɧɨɦɭ ɩɿɞɩɪɢɽɦɫɬɜɿ. Ɍɚɛɥɢɰɹ 2 – Ɇɿɠɧɚɪɨɞɧɿ ɫɬɚɧɞɚɪɬɢ ɡ ɤɟɪɭɜɚɧɧɹ ɦɟɬɨɞɿɜ ɞɥɹ ɜɢɡɧɚɱɟɧɧɹ ɿɧɮɨɪɦɚɰɿɣɧɢɯ ɪɢɡɢɤɿɜ ɬɚ ʀɯ ɤɨɪɨɬɤɚ ɯɚɪɚɤɬɟɪɢɫɬɢɤɚ ɋɬɚɧɞɚɪɬ ɇɚɡɜɚ ɫɬɚɧɞɚɪɬɭ Ʉɨɪɨɬɤɚ ɯɚɪɚɤɬɟɪɢɫɬɢɤɚ 1 2 3 ISO/IEC ȱɧɫɬɪɭɤɰɿɹ ɡ ɐɟɣ ɫɬɚɧɞɚɪɬ ɧɚɞɚɽ ɞɨɞɚɬɤɨɜɿ ɪɟɤɨɦɟɧɞɚɰɿʀ ɡ 27002-2012 ɦɟɧɟɞɠɦɟɧɬɭ ɪɟɚɥɿɡɚɰɿʀ ɬɚ ɦɟɧɟɞɠɦɟɧɬɭ ȱȻ ɜ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ ɬɟɥɟɤɨɦɭɧɿɤɚɰɿɣɧɢɯ ɨɪɝɚɧɿɡɚɰɿɹɯ. ȼɢɡɧɚɱɚɽ ɞɥɹ ɬɟɥɟɤɨɦɭɧɿɤɚɰɿɣɧɢɯ ɰɿɥɿ, ɜɢɦɨɝɢ ɨɰɿɧɤɢ ɪɢɡɢɤɭ ɞɨ ɫɢɫɬɟɦɢ ȱȻ ɬɚ ɨɪɝɚɧɿɡɚɰɿɣ ɡɚɛɟɡɩɟɱɭɽ ɤɨɧɬɪɨɥɶ ɭɩɪɚɜɥɿɧɧɹ. Ⱦɿɸɱɢɣ Ɇɿɠɧɚɪɨɞɧɢɣ ɫɬɚɧɞɚɪɬ ɩɪɨɩɨɧɭɽ ɪɟɤɨɦɟɧɞɚɰɿʀ ɬɚ ɨɫɧɨɜɧɿ ɩɪɢɧɰɢɩɢ ɜɜɟɞɟɧɧɹ, ɪɟɚɥɿɡɚɰɿɸ, ɩɨɥɿɩɲɟɧɧɹ ɦɟɧɟɞɠɦɟɧɬɭ ȱȻ ISO/IEC ȱɧɫɬɪɭɤɰɿɹ ɡ ɪɟɚɥɿɡɚɰɿʀ ɍ ɰɶɨɦɭ Ɇɿɠɧɚɪɨɞɧɨɦɭ ɫɬɚɧɞɚɪɬɿ 27003-2012 ɫɢɫɬɟɦɢ ɦɟɧɟɞɠɦɟɧɬɭ ȱȻ ɪɨɡɝɥɹɞɚɸɬɶɫɹ ɧɚɣɜɚɠɥɢɜɿɲɿ ɚɫɩɟɤɬɢ, ɧɟɨɛɯɿɞɧɿ ɞɥɹ ɭɫɩɿɲɧɨʀ ɪɨɡɪɨɛɤɢ ɬɚ ɜɩɪɨɜɚɞɠɟɧɧɹ ɜ ɋɆȱȻ ɜɿɞɩɨɜɿɞɧɨ ɡɿ ɫɬɚɧɞɚɪɬɨɦ ISO/IEC 27001:2005, ɹɤɢɣ ɪɨɡɝɥɹɞɚɽ ɩɪɨɰɟɫ ɜɢɡɧɚɱɟɧɧɹ ɬɚ ɪɨɡɪɨɛɤɭ ɋɆȱȻ ɜɿɞ ɩɨɱɚɬɤɭ ɞɨ ɫɬɚɧɭ ɜɩɪɨɜɚɞɠɟɧɧɹ 223 ISSN 2663-1636 (ɪ) ISSN 2663-1644 (o) 1 ISO/IEC 27004-2011 ISO/IEC 27005-2010 ISO/IEC TR 13335-2: 1997 ɐɟɧɬɪɚɥɶɧɨɭɤɪɚʀɧɫɶɤɢɣ ɧɚɭɤɨɜɢɣ ɜɿɫɧɢɤ. ȿɤɨɧɨɦɿɱɧɿ ɧɚɭɤɢ, 2019, ɜɢɩ. 3(36) ɉɪɨɞɨɜɠɟɧɧɹ ɬɚɛɥɢɰɿ 2 2 3 Ɇɟɧɟɞɠɦɟɧɬ ɐɟɣ ɫɬɚɧɞɚɪɬ ɦɿɫɬɢɬɶ ɪɟɤɨɦɟɧɞɚɰɿʀ ɡ ɪɨɡɪɨɛɤɢ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ ɬɚ ɜɢɤɨɪɢɫɬɚɧɧɹ ɜɢɦɿɪɸɜɚɧɶ ɿ ɡɚɯɨɞɿɜ ɜɢɦɿɪɸɜɚɧɧɹ ɜɢɦɿɪɸɜɚɧɧɹ ɞɥɹ ɩɪɨɜɟɞɟɧɧɹ ɨɰɿɧɤɢ ɟɮɟɤɬɢɜɧɨɫɬɿ ɪɟɚɥɿɡɨɜɚɧɨʀ ɋɆȱȻ. ɉɪɨɰɟɫ ɜɢɦɿɪɸɜɚɧɧɹ ɪɟɚɥɿɡɭɽɬɶɫɹ ɭ ɜɢɝɥɹɞɿ ɩɪɨɝɪɚɦɢ, ɩɨɜ’ɹɡɚɧɢɣ ɡ ȱȻ. ɉɪɨɝɪɚɦɚ ɜɢɦɿɪɸɜɚɧɶ ɧɚɞɚɽ ɞɨɩɨɦɨɝɭ ɤɨɪɢɫɬɭɜɚɱɭ ɭ ɜɢɹɜɥɟɧɧɿ ɿ ɨɰɿɧɸɜɚɧɧɿ ɜɢɦɨɝ, ɹɤɢɦ ɧɟ ɜɿɞɩɨɜɿɞɚɽ ɩɪɨɰɟɫ ɟɮɟɤɬɢɜɧɨɫɬɿ ɤɨɧɬɪɨɥɸ ɿ ɭɩɪɚɜɥɿɧɧɹ ɋɆȱȻ, ɚ ɬɚɤɨɠ ɜɢɡɧɚɱɟɧɧɹ ɩɪɿɨɪɢɬɟɬɿɜ ɞɿɣ, ɫɩɪɹɦɨɜɚɧɢɯ ɧɚ ɭɞɨɫɤɨɧɚɥɟɧɧɹ ɚɛɨ ɡɦɿɧɭ ɰɢɯ ɩɪɨɰɟɫɿɜ Ɇɟɧɟɞɠɦɟɧɬ ɪɢɡɢɤɭ ɐɟɣ ɫɬɚɧɞɚɪɬ ɩɨɞɚɧɢɣ ɭ ɜɢɝɥɹɞɿ ɞɨɞɚɬɤɭ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ ɩɪɢɤɥɚɞɭ ɬɢɩɨɜɢɯ ɡɚɝɪɨɡ, ɭɪɚɡɥɢɜɨɫɬɟɣ ɬɚ ɹɤɢɣ ɤɨɧɤɪɟɬɢɡɭɽ ɩɨɬɪɟɛ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ. ɉɪɨɛɥɟɦɚ ɩɨɧɹɬɬɹ ɿɧɮɨɪɦɚɰɿɣɧɨɝɨ ɨɰɿɧɸɜɚɧɧɹ ɬɚ ɞɨɫɥɿɞɠɟɧɧɹ ɿɧɮɨɪɦɚɰɿɣɧɢɯ ɪɢɡɢɤɭ ɪɢɡɢɤɿɜ ɧɚɫɚɦɩɟɪɟɞ ɚɫɨɰɿɸɽɬɶɫɹ ɡ ɛɪɢɬɚɧɫɶɤɢɦ ɫɬɚɧɞɚɪɬɨɦ BS 7799, ɚ ɫɚɦɟ ɡ ɣɨɝɨ ɞɜɨɦɚ ɱɚɫɬɢɧɚɦɢ: ɩɟɪɲɨɸ – BS 7799-1 «Ɂɜɿɬ ɩɪɚɜɢɥ ɡ ɦɟɧɟɞɠɦɟɧɬɭ ɛɟɡɩɟɤɢ ɿɧɮɨɪɦɚɰɿʀ» ɬɚ ɞɪɭɝɨɸ – BS 7799-2 «ɋɢɫɬɟɦɢ ɦɟɧɟɞɠɦɟɧɬɭ ɛɟɡɩɟɤɨɸ ɿɧɮɨɪɦɚɰɿʀ», ɭ ɹɤɢɯ ɜɩɟɪɲɟ ɩɢɬɚɧɧɹ ɚɧɚɥɿɡɭ ɫɬɚɧɭ ɛɟɡɩɟɤɢ ɿɧɮɨɪɦɚɰɿʀ ɬɚ ɮɨɪɦɭɜɚɧɧɹ ʀʀ ɡɚɯɢɫɬɭ ɛɭɥɢ ɧɚɩɪɹɦɭ ɩɨɜ’ɹɡɚɧɿ ɡ ɿɧɮɨɪɦɚɰɿɣɧɢɦɢ ɪɢɡɢɤɚɦɢ. Ɉɞɧɚɤ, ɛɟɡɩɨɫɟɪɟɞɧɶɨ, ɚɫɩɟɤɬɢ ɨɰɿɧɸɜɚɧɧɹ ɬɚ ɭɩɪɚɜɥɿɧɧɹ ɪɢɡɢɤɚɦɢ ɛɭɥɢ ɞɨɤɥɚɞɧɿɲɟ ɪɨɡɝɥɹɧɭɬɿ ɭ ɬɪɟɬɿɣ ɱɚɫɬɢɧɿ ɫɬɚɧɞɚɪɬɭ BS 7799-3 «ɇɚɫɬɚɧɨɜɢ ɡ ɦɟɧɟɞɠɦɟɧɬɭ ɪɢɡɢɤɚɦɢ ɛɟɡɩɟɤɢ ɿɧɮɨɪɦɚɰɿʀ» ɇɚɫɬɚɧɨɜɢ ɡ ɤɟɪɭɜɚɧɧɹ ɇɚɞɚɬɢ ɪɟɤɨɦɟɧɞɚɰɿʀ, ɚ ɧɟ ɤɨɧɤɪɟɬɧɿ ɪɿɲɟɧɧɹ ɡ ɛɟɡɩɟɤɨɸ ɿɧɮɨɪɦɚɰɿɣɧɢɯ ɤɟɪɭɜɚɧɧɹ ɛɟɡɩɟɤɨɸ ɿɧɮɨɪɦɚɰɿɣɧɢɯ ɬɟɯɧɨɥɨɝɿɣ (IT) ɬɟɯɧɨɥɨɝɿɣ (IT). Ʉɜɚɥɿɮɿɤɚɰɿɹ ɨɫɿɛ, ɜɿɞɩɨɜɿɞɚɥɶɧɢɯ ɡɚ ɛɟɡɩɟɤɭ IT ɭ ɦɟɠɚɯ ɨɪɝɚɧɿɡɚɰɿɣ ɩɨɜɢɧɧɚ ɛɭɬɢ ɞɨɫɬɚɬɧɶɨɸ ɞɥɹ ɚɞɚɩɬɭɜɚɧɧɹ ɦɚɬɟɪɿɚɥɿɜ, ɩɨɞɚɧɢɯ ɭ ɰɶɨɦɭ ɫɬɚɧɞɚɪɬɿ, ɞɨ ɤɨɧɤɪɟɬɧɢɯ ɩɨɬɪɟɛ ɨɪɝɚɧɿɡɚɰɿɣ Ⱦɠɟɪɟɥɨ: [4, ɫ. 222]. ISO/IEC 27001:2015 Information technology – Security techniques – Information security management systems – Requirements (ȱɧɮɨɪɦɚɰɿɣɧɿ ɬɟɯɧɨɥɨɝɿʀ. Ɇɟɬɨɞɢ ɡɚɯɢɫɬɭ. ɋɢɫɬɟɦɢ ɭɩɪɚɜɥɿɧɧɹ ɿɧɮɨɪɦɚɰɿɣɧɨɸ ɛɟɡɩɟɤɨɸ. ȼɢɦɨɝɢ). ɐɟɣ ɫɬɚɧɞɚɪɬ ɫɬɜɨɪɟɧɢɣ ɞɥɹ ɜɢɡɧɚɱɟɧɧɹ ɜɢɦɨɝ ɞɥɹ ɪɨɡɪɨɛɥɟɧɧɹ, ɜɩɪɨɜɚɞɠɟɧɧɹ, ɮɭɧɤɰɿɨɧɭɜɚɧɧɹ, ɦɨɧɿɬɨɪɢɧɝɭ, ɩɟɪɟɝɥɹɞɭ, ɩɿɞɬɪɢɦɭɜɚɧɧɹ ɬɚ ɩɨɫɬɿɣɧɨɝɨ ɜɞɨɫɤɨɧɚɥɟɧɧɹ ɫɢɫɬɟɦɢ ɭɩɪɚɜɥɿɧɧɹ ɿɧɮɨɪɦɚɰɿɣɧɨɸ ɛɟɡɩɟɤɨɸ (ɋɍȱȻ). ɉɪɢɣɧɹɬɬɹ ɫɢɫɬɟɦɢ ɭɩɪɚɜɥɿɧɧɹ ɿɧɮɨɪɦɚɰɿɣɧɨɸ ɛɟɡɩɟɤɨɸ ɽ ɫɬɪɚɬɟɝɿɱɧɢɦ ɪɿɲɟɧɧɹɦ ɞɥɹ ɨɪɝɚɧɿɡɚɰɿʀ. ɇɚ ɩɪɨɟɤɬɭɜɚɧɧɹ ɬɚ ɜɩɪɨɜɚɞɠɟɧɧɹ 224 ISSN 2663-1636 (ɪ) ISSN 2663-1644 (o) ɐɟɧɬɪɚɥɶɧɨɭɤɪɚʀɧɫɶɤɢɣ ɧɚɭɤɨɜɢɣ ɜɿɫɧɢɤ. ȿɤɨɧɨɦɿɱɧɿ ɧɚɭɤɢ, 2019, ɜɢɩ. 3(36) ɫɢɫɬɟɦɢ ɭɩɪɚɜɥɿɧɧɹ ɿɧɮɨɪɦɚɰɿɣɧɨɸ ɛɟɡɩɟɤɨɸ ɨɪɝɚɧɿɡɚɰɿʀ ɜɩɥɢɜɚɸɬɶ ɩɨɬɪɟɛɢ ɬɚ ɰɿɥɿ ɨɪɝɚɧɿɡɚɰɿʀ, ɜɢɦɨɝɢ ɳɨɞɨ ɛɟɡɩɟɤɢ, ɡɚɫɬɨɫɨɜɭɜɚɧɿ ɨɪɝɚɧɿɡɚɰɿɣɧɿ ɩɪɨɰɟɫɢ, ɪɨɡɦɿɪ ɿ ɫɬɪɭɤɬɭɪɚ ɨɪɝɚɧɿɡɚɰɿʀ. ɋɢɫɬɟɦɚ ɭɩɪɚɜɥɿɧɧɹ ɿɧɮɨɪɦɚɰɿɣɧɨɸ ɛɟɡɩɟɤɨɸ ɡɚɛɟɡɩɟɱɭɽ ɡɛɟɪɟɠɟɧɧɹ ɤɨɧɮɿɞɟɧɰɿɣɧɨɫɬɿ, ɰɿɥɿɫɧɨɫɬɿ ɣ ɞɨɫɬɭɩɧɨɫɬɿ ɿɧɮɨɪɦɚɰɿʀ ɡɚ ɞɨɩɨɦɨɝɨɸ ɡɚɩɪɨɜɚɞɠɟɧɧɹ ɩɪɨɰɟɫɭ ɭɩɪɚɜɥɿɧɧɹ ɪɢɡɢɤɚɦɢ ɬɚ ɧɚɞɚɽ ɜɩɟɜɧɟɧɨɫɬɿ ɡɚɰɿɤɚɜɥɟɧɢɦ ɫɬɨɪɨɧɚɦ, ɳɨ ɪɢɡɢɤɚɦɢ ɧɚɥɟɠɧɢɦ ɱɢɧɨɦ ɭɩɪɚɜɥɹɸɬɶ [6, ɫ. 5]. Ɋɨɡɝɥɹɧɟɦɨ ɫɭɬɧɿɫɬɶ ɬɚ ɦɟɬɭ ɫɮɟɪɢ ɿɧɮɨɪɦɚɰɿɣɧɨɝɨ ɦɟɧɟɞɠɦɟɧɬɭ. ɋɮɟɪɚ ɿɧɮɨɪɦɚɰɿɣɧɨɝɨ ɦɟɧɟɞɠɦɟɧɬɭ – ɰɟ ɫɭɤɭɩɧɿɫɬɶ ɧɟɨɛɯɿɞɧɢɯ ɞɥɹ ɭɩɪɚɜɥɿɧɧɹ ɪɿɲɟɧɶ ɧɚ ɜɫɿɯ ɟɬɚɩɚɯ ɠɢɬɬɽɜɨɝɨ ɰɢɤɥɭ ɩɿɞɩɪɢɽɦɫɬɜɚ, ɳɨ ɜɤɥɸɱɚɽ ɞɿʀ ɬɚ ɨɩɟɪɚɰɿʀ, ɩɨɜ'ɹɡɚɧɿ ɡ ɿɧɮɨɪɦɚɰɿɽɸ ɭ ɪɿɡɧɢɯ ɮɨɪɦɚɯ ɿ ɫɬɚɧɚɯ, ɬɚ ɡ ɩɿɞɩɪɢɽɦɫɬɜɨɦ ɭ ɰɿɥɨɦɭ. ɉɪɢ ɰɶɨɦɭ, ɜɢɪɿɲɭɸɬɶɫɹ ɡɚɜɞɚɧɧɹ ɜɢɡɧɚɱɟɧɧɹ ɰɿɧɧɨɫɬɿ ɣ ɟɮɟɤɬɢɜɧɨɫɬɿ ɜɢɤɨɪɢɫɬɚɧɧɹ ɿɧɮɨɪɦɚɰɿʀ ɿ ɡɧɚɧɶ (ɳɨɛ ɭɫɿ ɦɟɧɟɞɠɟɪɢ ɨɬɪɢɦɭɜɚɥɢ ɬɿɥɶɤɢ ɪɟɥɟɜɚɧɬɧɭ ɿɧɮɨɪɦɚɰɿɸ), ɚ ɬɚɤɨɠ ɰɿɧɧɨɫɬɿ ɬɚ ɿɧɲɢɯ ɪɟɫɭɪɫɿɜ ɩɿɞɩɪɢɽɦɫɬɜɚ, ɳɨ ɜɯɨɞɹɬɶ ɭ ɤɨɧɬɚɤɬ ɿɡ ɿɧɮɨɪɦɚɰɿɽɸ: ɬɟɯɧɨɥɨɝɿɱɧɢɯ, ɤɚɞɪɨɜɢɯ, ɮɿɧɚɧɫɨɜɢɯ [12, ɫ. 15]. Ɂɚɜɞɚɧɧɹ ɿɧɮɨɪɦɚɰɿɣɧɨɝɨ ɦɟɧɟɞɠɦɟɧɬɭ: ɮɨɪɦɭɜɚɧɧɹ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɫɮɟɪɢ ɩɿɞɩɪɢɽɦɫɬɜɚ (ɨɪɝɚɧɿɡɚɰɿʀ); ɪɨɡɜɢɬɨɤ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɫɢɫɬɟɦɢ ɬɚ ɡɚɛɟɡɩɟɱɟɧɧɹ ʀʀ ɨɛɫɥɭɝɨɜɭɜɚɧɧɹ; ɩɥɚɧɭɜɚɧɧɹ ɜ ɿɧɮɨɪɦɚɰɿɣɧɨɦɭ ɫɟɪɟɞɨɜɢɳɿ; ɮɨɪɦɭɜɚɧɧɹ ɨɪɝɚɧɿɡɚɰɿɣɧɨʀ ɫɬɪɭɤɬɭɪɢ ɭ ɫɜɿɬɥɿ ɿɧɮɨɪɦɚɬɢɡɚɰɿʀ; ɜɢɤɨɪɢɫɬɚɧɧɹ ɿɧɮɨɪɦɚɰɿɣɧɢɯ ɫɢɫɬɟɦ; ɮɨɪɦɭɜɚɧɧɹ ɿɧɧɨɜɚɰɿɣɧɨʀ ɩɨɥɿɬɢɤɢ ɬɚ ɪɟɚɥɿɡɚɰɿɹ ɿɧɧɨɜɚɰɿɣɧɢɯ ɩɪɨɝɪɚɦ; ɭɩɪɚɜɥɿɧɧɹ ɩɟɪɫɨɧɚɥɨɦ ɜ ɿɧɮɨɪɦɚɰɿɣɧɿɣ ɫɢɫɬɟɦɿ ɩɿɞɩɪɢɽɦɫɬɜɚ; ɭɩɪɚɜɥɿɧɧɹ ɤɚɩɿɬɚɥɨɜɤɥɚɞɟɧɧɹɦɢ ɜ ɿɧɮɨɪɦɚɰɿɣɧɭ ɫɢɫɬɟɦɭ ɩɿɞɩɪɢɽɦɫɬɜɚ; ɮɨɪɦɭɜɚɧɧɹ ɿ ɡɚɛɟɡɩɟɱɟɧɧɹ ɤɨɦɩɥɟɤɫɧɨɝɨ ɡɚɯɢɫɬɭ ɿɧɮɨɪɦɚɰɿɣɧɢɯ ɪɟɫɭɪɫɿɜ [12, ɫ. 15-16]. Ɇɟɬɨɸ ɿɧɮɨɪɦɚɰɿɣɧɨɝɨ ɦɟɧɟɞɠɦɟɧɬɭ ɽ ɡɚɛɟɡɩɟɱɟɧɧɹ ɟɮɟɤɬɢɜɧɨɝɨ ɪɨɡɜɢɬɤɭ ɤɨɦɟɪɰɿɣɧɨɝɨ ɩɿɞɩɪɢɽɦɫɬɜɚ ɡɚ ɞɨɩɨɦɨɝɨɸ ɨɩɟɪɚɬɢɜɧɨɝɨ ɿ ɝɧɭɱɤɨɝɨ ɪɟɝɭɥɸɜɚɧɧɹ ɪɿɡɧɢɯ ɜɢɞɿɜ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɞɿɹɥɶɧɨɫɬɿ (ɩɨɲɭɤ, ɡɛɿɪ, ɚɧɚɥɿɡ, ɫɢɧɬɟɡ, ɨɛɪɨɛɤɚ, ɩɟɪɟɞɚɱɚ, ɡɛɟɪɿɝɚɧɧɹ ɬɚ ɜɢɤɨɪɢɫɬɚɧɧɹ ɪɿɡɧɨʀ ɿɧɮɨɪɦɚɰɿʀ). ɍ ɫɮɟɪɿ ɿɧɮɨɪɦɚɰɿɣɧɢɯ ɬɟɯɧɨɥɨɝɿɣ ɦɟɧɟɞɠɟɪ ɡ ɛɟɡɩɟɤɢ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɞɿɹɥɶɧɨɫɬɿ ɤɨɦɟɪɰɿɣɧɨɝɨ ɩɿɞɩɪɢɽɦɫɬɜɚ ɩɨɜɢɧɟɧ ɛɭɬɢ ɞɨɛɪɟ ɨɛɿɡɧɚɧɢɦ ɡ ɬɚɤɢɯ ɨɫɧɨɜɧɢɯ ɩɢɬɚɧɶ: ɤɨɦɩ’ɸɬɟɪɧɟ ɨɛɥɚɞɧɚɧɧɹ, ɤɨɧɮɿɝɭɪɚɰɿɹ ɬɟɥɟɤɨɦɭɧɿɤɚɰɿɣɧɢɯ ɫɢɫɬɟɦ ɬɚ ɦɟɪɟɠ; ɜɜɟɞɟɧɧɹ, ɜɢɜɟɞɟɧɧɹ ɬɚ ɩɨɲɭɤ ɿɧɮɨɪɦɚɰɿʀ; ɨɰɿɧɤɚ ɟɮɟɤɬɢɜɧɨɫɬɿ ɤɨɦɩ’ɸɬɟɪɧɢɯ ɫɢɫɬɟɦ; ɬɟɧɞɟɧɰɿʀ ɪɨɡɜɢɬɤɭ ɿɧɮɨɪɦɚɰɿɣɧɢɯ ɬɟɯɧɨɥɨɝɿɣ; ɦɟɬɨɞɢ ɬɚ ɫɩɨɫɨɛɢ ɡɚɯɢɫɬɭ ɿɧɮɨɪɦɚɰɿʀ ɬɚ ɤɨɦɩ’ɸɬɟɪɧɢɯ ɦɟɪɟɠ; ɩɪɨɟɤɬɭɜɚɧɧɹ ɛɚɡ ɞɚɧɢɯ ɬɚ ɭɩɪɚɜɥɿɧɧɹ ɧɢɦɢ; ɚɧɚɥɿɡ, ɧɚɥɚɲɬɭɜɚɧɧɹ ɿ ɤɨɧɬɪɨɥɶ ɡɚ ɿɧɮɨɪɦɚɰɿɣɧɢɦɢ ɫɢɫɬɟɦɚɦɢ; ɬɟɯɧɨɥɨɝɿʀ ɨɛɪɨɛɤɢ ɬɚ ɩɟɪɟɞɚɱɿ ɿɧɮɨɪɦɚɰɿʀ; ɨɫɧɨɜɢ ɭɩɪɚɜɥɿɧɧɹ ɫɢɫɬɟɦɚɦɢ ɬɟɥɟɤɨɦɭɧɿɤɚɰɿɣ. Ⱥɧɚɥɿɡ ɧɚɩɪɚɰɸɜɚɧɶ ɜ ɞɚɧɿɣ ɫɮɟɪɿ ɞɨɡɜɨɥɢɜ ɜɢɡɧɚɱɢɬɢ, ɳɨ ɫɬɚɧɞɚɪɬɧɿɣ ɫɢɫɬɟɦɿ ɭɩɪɚɜɥɿɧɧɹ ɿɧɮɨɪɦɚɰɿɣɧɨɸ ɛɟɡɩɟɤɨɸ ɩɿɞɩɪɢɽɦɫɬɜɚ ɩɪɢɬɚɦɚɧɧɿ ɜɫɿ ɡɚɝɚɥɶɧɿ ɞɥɹ ɫɢɫɬɟɦ ɦɟɧɟɞɠɦɟɧɬɭ ɟɥɟɦɟɧɬɢ. ɉɪɢ ɰɶɨɦɭ, ɞɨɫɜɿɞ ɜɢɤɨɪɢɫɬɚɧɧɹ ɫɬɚɧɞɚɪɬɢɡɨɜɚɧɢɯ ɜɢɦɨɝ ɞɨ ɫɢɫɬɟɦɢ ɦɟɧɟɞɠɦɟɧɬɭ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ ɜɢɡɧɚɱɢɜ ɨɫɧɨɜɧɿ ɮɚɤɬɨɪɢ ɞɥɹ ɡɚɛɟɡɩɟɱɟɧɧɹ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ ɧɚ ɫɭɱɚɫɧɨɦɭ ɩɿɞɩɪɢɽɦɫɬɜɿ: 225 ISSN 2663-1636 (ɪ) ISSN 2663-1644 (o) ɐɟɧɬɪɚɥɶɧɨɭɤɪɚʀɧɫɶɤɢɣ ɧɚɭɤɨɜɢɣ ɜɿɫɧɢɤ. ȿɤɨɧɨɦɿɱɧɿ ɧɚɭɤɢ, 2019, ɜɢɩ. 3(36) ɩɨɥɿɬɢɤɚ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ, ɰɿɥɿ ɬɚ ɡɚɯɨɞɢ, ɳɨ ɜɿɞɨɛɪɚɠɚɸɬɶ ɰɿɥɿ ɛɿɡɧɟɫɭ ɫɭɛ’ɽɤɬɚ ɝɨɫɩɨɞɚɪɸɜɚɧɧɹ; ɩɿɞɯɿɞ ɿ ɫɬɪɭɤɬɭɪɚ ɪɟɚɥɿɡɚɰɿʀ, ɩɿɞɬɪɢɦɤɢ ɦɨɧɿɬɨɪɢɧɝɭ ɬɚ ɜɞɨɫɤɨɧɚɥɟɧɧɹ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ, ɭɡɝɨɞɠɭɸɬɶɫɹ ɡ ɤɭɥɶɬɭɪɨɸ ɨɪɝɚɧɿɡɚɰɿʀ; ɩɿɞɬɪɢɦɤɚ ɿ ɩɪɢɯɢɥɶɧɿɫɬɶ ɤɟɪɿɜɧɢɰɬɜɚ ɜɫɿɯ ɪɿɜɧɿɜ; ɪɨɡɭɦɿɧɧɹ ɜɢɦɨɝ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ, ɨɰɿɧɤɚ ɪɢɡɢɤɭ ɬɚ ɧɚɹɜɧɿɫɬɶ ɪɢɡɢɤɦɟɧɟɞɠɦɟɧɬɭ; ɟɮɟɤɬɢɜɧɿ ɡɚɯɨɞɢ ɳɨɞɨ ɮɨɪɦɭɜɚɧɧɹ ɤɨɦɩɟɬɟɧɬɧɨɫɬɿ ɡ ɩɢɬɚɧɶ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ ɞɥɹ ɧɚɥɟɠɧɨɝɨ ɭɫɜɿɞɨɦɥɟɧɧɹ; ɩɨɲɢɪɟɧɧɹ ɧɚɫɬɚɧɨɜ (ɿɧɫɬɪɭɤɰɿɣ) ɡ ɩɨɥɿɬɢɤɢ ɬɚ ɫɬɚɧɞɚɪɬɿɜ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ ɫɟɪɟɞ ɜɫɿɯ ɤɟɪɿɜɧɢɤɿɜ, ɫɥɭɠɛɨɜɰɿɜ ɬɚ ɿɧɲɢɯ ɤɨɧɬɪɚɝɟɧɬɿɜ; ɡɚɛɟɡɩɟɱɟɧɧɹ ɮɿɧɚɧɫɭɜɚɧɧɹ ɡɚɯɨɞɿɜ ɦɟɧɟɞɠɦɟɧɬɭ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ; ɡɚɛɟɡɩɟɱɟɧɧɹ ɜɿɞɩɨɜɿɞɧɨʀ ɿɧɮɨɪɦɨɜɚɧɨɫɬɿ, ɧɚɜɱɚɧɧɹ ɿ ɨɫɜɿɬɢ; ɜɫɬɚɧɨɜɥɟɧɧɹ ɟɮɟɤɬɢɜɧɨɝɨ ɩɪɨɰɟɫɭ ɦɟɧɟɞɠɦɟɧɬɭ ɿɧɰɢɞɟɧɬɿɜ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ; ɨɰɿɧɸɜɚɧɧɹ ɫɢɫɬɟɦɢ, ɹɤɟ ɜɢɤɨɪɢɫɬɨɜɭɽɬɶɫɹ ɞɥɹ ɨɰɿɧɤɢ ɟɮɟɤɬɢɜɧɨɫɬɿ ɮɭɧɤɰɿɨɧɭɜɚɧɧɹ ɦɟɧɟɞɠɦɟɧɬɭ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ ɿ ɩɪɨɩɨɡɢɰɿɣ ɳɨɞɨ ɜɞɨɫɤɨɧɚɥɟɧɧɹ [8, ɫ. 85]. Ɉɬɠɟ, ɫɢɫɬɟɦɚ ɭɩɪɚɜɥɿɧɧɹ ɿɧɮɨɪɦɚɰɿɣɧɨɸ ɛɟɡɩɟɤɨɸ ɤɨɦɟɪɰɿɣɧɨɝɨ ɩɿɞɩɪɢɽɦɫɬɜɚ, ɩɨɛɭɞɨɜɚɧɚ ɧɚ ɨɫɧɨɜɿ ɜɢɦɨɝ ɦɿɠɧɚɪɨɞɧɢɯ ɫɬɚɧɞɚɪɬɿɜ ISO, ɞɨɡɜɨɥɢɬɶ ɦɟɧɟɞɠɟɪɚɦ ɨɪɝɚɧɿɡɭɜɚɬɢ ɟɮɟɤɬɢɜɧɭ ɫɢɫɬɟɦɭ ɞɥɹ ɫɬɜɨɪɟɧɧɹ, ɭɩɪɚɜɥɿɧɧɹ, ɤɨɧɬɪɨɥɸ ɿ ɡɚɯɢɫɬɭ ɜɚɠɥɢɜɨʀ ɿɧɮɨɪɦɚɰɿʀ ɬɚ ɞɨɤɭɦɟɧɬɿɜ. ȼɢɫɧɨɜɤɢ ɬɚ ɩɟɪɫɩɟɤɬɢɜɢ ɩɨɞɚɥɶɲɢɯ ɞɨɫɥɿɞɠɟɧɶ. Ɂɚ ɪɟɡɭɥɶɬɚɬɚɦɢ ɩɪɨɜɟɞɟɧɨɝɨ ɞɨɫɥɿɞɠɟɧɧɹ, ɩɪɢɫɜɹɱɟɧɨɝɨ ɩɪɨɛɥɟɦɿ ɦɟɧɟɞɠɦɟɧɬɭ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ ɤɨɦɟɪɰɿɣɧɨɝɨ ɩɿɞɩɪɢɽɦɫɬɜɚ, ɛɭɥɨ ɧɚɜɟɞɟɧɨ ɜɢɡɧɚɱɟɧɧɹ ɩɨɧɹɬɬɸ «Ɇɟɧɟɞɠɦɟɧɬ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ», ɜɢɞɿɥɟɧɨ ɮɭɧɤɰɿʀ ɿɧɮɨɪɦɚɰɿɣɧɢɯ ɫɢɫɬɟɦ ɩɿɞɩɪɢɽɦɫɬɜɚ, ɚ ɬɚɤɨɠ ɩɪɨɚɧɚɥɿɡɨɜɚɧɚ ɨɫɧɨɜɧɿ ɦɿɠɧɚɪɨɞɧɿ ɫɬɚɧɞɚɪɬɢ ɡ ɭɩɪɚɜɥɿɧɧɹ ɿɧɮɨɪɦɚɰɿɣɧɨɸ ɛɟɡɩɟɤɨɸ ɨɪɝɚɧɿɡɚɰɿʀ. ȼɢɹɜɥɟɧɨ ɩɟɪɟɜɚɝɢ ɞɥɹ ɤɨɦɟɪɰɿɣɧɨɝɨ ɩɿɞɩɪɢɽɦɫɬɜɚ ɜɿɞ ɜɩɪɨɜɚɞɠɟɧɧɹ ɫɢɫɬɟɦɢ ɭɩɪɚɜɥɿɧɧɹ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ: ɡɚɯɢɫɬ ɿɧɮɨɪɦɚɰɿʀ ɬɚ ɞɨɤɭɦɟɧɬɿɜ ɜɿɞ ɤɪɚɞɿɠɨɤ; ɩɿɞɜɢɳɟɧɧɹ ɞɨɜɿɪɢ ɡ ɛɨɤɭ ɞɿɥɨɜɢɯ ɩɚɪɬɧɟɪɿɜ, ɜɩɟɜɧɟɧɢɯ ɜ ɡɚɯɢɫɬɿ ʀɯɧɶɨʀ ɤɨɦɟɪɰɿɣɧɨʀ ɿɧɮɨɪɦɚɰɿʀ, ɫɟɤɪɟɬɿɜ ɜɢɪɨɛɧɢɰɬɜɚ ɬɚ ɛɿɡɧɟɫɭ; ɩɨɤɪɚɳɟɧɧɹ ɩɨɡɢɬɢɜɧɨɝɨ ɿɦɿɞɠɭ ɩɿɞɩɪɢɽɦɫɬɜɚ; ɩɨɫɢɥɟɧɧɹ ɤɨɧɤɭɪɟɧɬɧɢɯ ɩɟɪɟɜɚɝ ɡɚ ɪɚɯɭɧɨɤ ɡɚɯɢɫɬɭ ɿɧɮɨɪɦɚɰɿʀ; ɫɬɜɨɪɟɧɧɹ ɞɿɽɜɨɝɨ ɭɩɪɚɜɥɿɧɫɶɤɨɝɨ ɦɟɯɚɧɿɡɦɭ ɞɥɹ ɜɢɹɜɥɟɧɧɹ ɪɢɡɢɤɿɜ ɬɚ ɭɩɪɚɜɥɿɧɧɹ ɧɢɦɢ ɩɪɢ ɡɚɛɟɡɩɟɱɟɧɧɿ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ ɤɨɦɟɪɰɿɣɧɨɝɨ ɩɿɞɩɪɢɽɦɫɬɜɚ. Ɍɚɤɢɦ ɱɢɧɨɦ ɜɫɬɚɧɨɜɥɟɧɨ, ɳɨ ɦɿɠ ɫɢɫɬɟɦɨɸ ɿɧɮɨɪɦɚɰɿʀ ɿ ɫɬɪɭɤɬɭɪɨɸ ɭɩɪɚɜɥɿɧɧɹ ɜ ɤɨɦɟɪɰɿɣɧɨɦɭ ɩɿɞɩɪɢɽɦɫɬɜɿ ɿɫɧɭɽ ɨɪɝɚɧɿɱɧɢɣ ɜɡɚɽɦɨɡɜ'ɹɡɨɤ ɿ ɜɡɚɽɦɨɡɚɥɟɠɧɿɫɬɶ. ɉɟɪɫɩɟɤɬɢɜɨɸ ɩɨɞɚɥɶɲɢɯ ɞɨɫɥɿɞɠɟɧɶ ɦɨɠɟ ɛɭɬɢ ɩɨɛɭɞɨɜɚ ɦɨɞɟɥɿ ɫɢɫɬɟɦɢ ɭɩɪɚɜɥɿɧɧɹ ɿɧɮɨɪɦɚɰɿɣɧɨɸ ɛɟɡɩɟɤɨɸ ɧɚ ɤɨɦɟɪɰɿɣɧɨɦɭ ɩɿɞɩɪɢɽɦɫɬɜɿ. ɋɩɢɫɨɤ ɥɿɬɟɪɚɬɭɪɢ 1. 2. Ȼɭɱɢɤ ɋ. ɋ., ɒɚɥɚɽɜ ȼ. Ɉ. Ⱥɧɚɥɿɡ ɿɧɫɬɪɭɦɟɧɬɚɥɶɧɢɯ ɦɟɬɨɞɿɜ ɜɢɡɧɚɱɟɧɧɹ ɪɢɡɢɤɿɜ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ ɿɧɮɨɪɦɚɰɿɣɧɨ-ɬɟɥɟɤɨɦɭɧɿɤɚɰɿɣɧɢɯ ɫɢɫɬɟɦ. ɇɚɭɤɨɽɦɧɿ ɬɟɯɧɨɥɨɝɿʀ. 2017. ʋ 3. ɋ. 215-225. URL: http://nbuv.gov.ua/UJRN/Nt_2017_3_6. (ɞɚɬɚ ɡɜɟɪɧɟɧɧɹ 19.11.2019) Ⱦɨɪɨɮɟɟɜ Ⱥ. ȼ., Ɇɚɪɤɨɜ Ⱥ. ɋ. Ɇɟɧɟɞɠɦɟɧɬ ɢɧɮɨɪɦɚɰɢɨɧɧɨɣ ɛɟɡɨɩɚɫɧɨɫɬɢ: ɨɫɧɨɜɧɵɟ ɤɨɧɰɟɩɰɢɢ ȼɨɩɪɨɫɵ ɤɢɛɟɪɛɟɡɨɩɚɫɧɨɫɬɢ. 2014. ʋ1 (2). ɋ. 67-73. 226 ISSN 2663-1636 (ɪ) ISSN 2663-1644 (o) 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. ɐɟɧɬɪɚɥɶɧɨɭɤɪɚʀɧɫɶɤɢɣ ɧɚɭɤɨɜɢɣ ɜɿɫɧɢɤ. ȿɤɨɧɨɦɿɱɧɿ ɧɚɭɤɢ, 2019, ɜɢɩ. 3(36) ȾɋɌɍ ISO/IEC 27001:2015 Ɇɟɬɨɞɢ ɡɚɯɢɫɬɭ ɫɢɫɬɟɦɢ ɭɩɪɚɜɥɿɧɧɹ ɿɧɮɨɪɦɚɰɿɣɧɨɸ ɛɟɡɩɟɤɨɸ: ɜɢɦɨɝɢ. [ɑɢɧɧɢɣ ɜɿɞ 18-12-2015]. Ʉɢʀɜ, 2015. 28 ɫ. URL: https://www.assistem.kiev.ua/doc/dstu_ISOIEC_27001_2015.pdf (ɞɚɬɚ ɡɜɟɪɧɟɧɧɹ 20.10.2019) (ɇɚɰɿɨɧɚɥɶɧɢɣ ɫɬɚɧɞɚɪɬ ɍɤɪɚʀɧɢ) Ʉɨɪɦɢɱ Ȼ. Ⱥ. Ɉɪɝɚɧɿɡɚɰɿɣɧɨ-ɩɪɚɜɨɜɿ ɨɫɧɨɜɢ ɩɨɥɿɬɢɤɢ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ ɍɤɪɚʀɧɢ : ɚɜɬɨɪɟɮ. ɞɢɫ. ɧɚ ɡɞɨɛ. ɧɚɭɤ. ɫɬɭɩɟɧɹ ɞ. ɸɪ. ɧɚɭɤ : ɫɩɟɰ. 12.00.07 / ɏɇɍȼɋ. ɏɚɪɤɿɜ, 2004. 42 c. Ɇɚɪɤɿɧɚ ȱ. Ⱥ., Ⱦɹɱɤɨɜ Ⱦ. ȼ. Ɉɫɧɨɜɢ ɮɨɪɦɭɜɚɧɧɹ ɫɢɫɬɟɦɢ ɦɟɧɟɞɠɦɟɧɬɭ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ ɩɿɞɩɪɢɽɦɫɬɜɚ. ɉɪɨɛɥɟɦɢ ɿ ɩɟɪɫɩɟɤɬɢɜɢ ɪɨɡɜɢɬɤɭ ɩɿɞɩɪɢɽɦɧɢɰɬɜɚ. 2016. ʋ3 (1). ɋ. 80-88 . URL: http://nbuv.gov.ua/UJRN/piprp_2016_3(1)_18. (ɞɚɬɚ ɡɜɟɪɧɟɧɧɹ 24.11.2019) Ɇɚɬɜɿɽɧɤɨ Ɉ. ȼ., ɐɢɜɿɧ Ɇ. ɇ. Ɉɫɧɨɜɢ ɦɟɧɟɞɠɦɟɧɬɭ ɿɧɮɨɪɦɚɰɿɣɧɢɯ ɫɢɫɬɟɦ : ɧɚɜɱɚɥɶɧɢɣ ɩɨɫɿɛɧɢɤ. Ʉɢʀɜ : ɐɟɧɬɪ ɧɚɜɱɚɥɶɧɨʀ ɥɿɬɟɪɚɬɭɪɢ, 2005. 176 ɫ. ɇɢɡɟɧɤɨ ȿ. ȱ., Ʉɚɥɟɧɹɤ ȼ. ɉ. Ɂɚɛɟɡɩɟɱɟɧɧɹ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ ɩɿɞɩɪɢɽɦɧɢɰɬɜɚ : ɧɚɜɱ. ɩɨɫɿɛ. Ʉɢʀɜ : ɆȺɍɉ, 2006. 134 ɫ. ɋɟɜɟɪɢɧɚ ɋ. ȼ. ȱɧɮɨɪɦɚɰɿɣɧɚ ɛɟɡɩɟɤɚ ɬɚ ɦɟɬɨɞɢ ɡɚɯɢɫɬɭ ɿɧɮɨɪɦɚɰɿʀ ȼɿɫɧɢɤ Ɂɚɩɨɪɿɡɶɤɨɝɨ ɧɚɰɿɨɧɚɥɶɧɨɝɨ ɭɧɿɜɟɪɫɢɬɟɬɭ. ȿɤɨɧɨɦɿɱɧɿ ɧɚɭɤɢ. 2016. ʋ1. ɋ. 155-161. URL: http://nbuv.gov.ua/UJRN/Vznu_eco_2016_1_21. (ɞɚɬɚ ɡɜɟɪɧɟɧɧɹ 28.11.2019) ɋɩɪɿɧɫɹɧ ȼ. Ƚ., Ȼɿɪɸɤɨɜɚ Ɍ. Ʌ. Ɋɟɫɭɪɫɢ ɬɚ ɬɟɯɧɨɥɨɝɿʀ ɿɧɮɨɪɦɚɰɿɣɧɨɝɨ ɦɟɧɟɞɠɦɟɧɬɭ : ɧɚɜɱɚɥɶɧɢɣ ɩɨɫɿɛɧɢɤ. Ɉɞɟɫɚ : Ɉɇɉɍ, 2012. 248 ɫ. Ɍɭɪɱɢɧ Ɉ. ȱ. ȱɧɮɨɪɦɚɰɿɣɧɚ ɛɟɡɩɟɤɚ ɩɪɨɰɟɫɿɜ ɦɟɧɟɞɠɦɟɧɬɭ ɿɧɬɟɝɪɨɜɚɧɢɯ ɫɢɫɬɟɦ. Ɇɨɞɟɥɸɜɚɧɧɹ ɪɟɝɿɨɧɚɥɶɧɨʀ ɟɤɨɧɨɦɿɤɢ. 2010. ʋ2. ɋ. 347-352. URL: http://nbuv.gov.ua/UJRN/Modre_2010_2_42. (ɞɚɬɚ ɡɜɟɪɧɟɧɧɹ 25.10.2019) ɑɟɪɟɜɤɨ Ɉ. ȼ. Ɍɟɨɪɟɬɢɱɧɿ ɡɚɫɚɞɢ ɩɨɧɹɬɬɹ ɿɧɮɨɪɦɚɰɿɣɧɨʀ ɛɟɡɩɟɤɢ ɬɚ ɤɥɚɫɢɮɿɤɚɰɿɹ ɡɚɝɪɨɡ ɫɢɫɬɟɦɿ ɿɧɮɨɪɦɚɰɿɣɧɨɝɨ ɡɚɯɢɫɬɭ. ȿɮɟɤɬɢɜɧɚ ɟɤɨɧɨɦɿɤɚ. 2014. ʋ5. URL: http://nbuv.gov.ua/UJRN/efek_2014_5_103. (ɞɚɬɚ ɡɜɟɪɧɟɧɧɹ 12.11.2019) Campbell T. Practical Information Security Management : A Complete Guide to Planning and Implementation. New York-Australia : «Science+Business». 2015. 385 ɪ. ISO 27001:2013. Information technology – Security techniques – Information security management systems – Requirements. URL: http://www.teamprevent.com.ua/ua/poslugi/sistemi_menedzhmentu/ iso_27001_sistema_menedzhmentu_ informaciinoji_bezpeki.html (18.11.2019) Tipton Harold F., Micki Krause Information security management handbook. 6th ed. USA : Boca Raton : «Taylor & Francis Group». 2017. 458 p. References 1. 2. 3. 4. 5. 6. 7. 8. Buchyk, S. S. & Shalaiev, V. O. (2017). Analiz instrumental'nykh metodiv vyznachennia ryzykiv informatsijnoi bezpeky informatsijno-telekomunikatsijnykh system [Analysis of instrumental methods for determining information security risks of information and telecommunication systems.]. Naukoiemni tekhnolohii – Technology-intensive. 3, 215-225 Retrieved from http://nbuv.gov.ua/UJRN/Nt_2017_3_6. (data zvernennja 19.11.2019) [in Ukrainian]. Dorofeev, A. V. & Markov, A. S.(2014). Menedzhment informacionnoj bezopasnosti: osnovnye koncepcii [Information security management: basic concepts]. Voprosy kiberbezopasnosti – Cybersecurity issues, 1 (2), 67-73 [in Russian]. Metody zakhystu systemy upravlinnia informatsijnoiu bezpekoiu: vymohy [Methods of protection of information security management system: requirements] (2015). DSTU ISO/IEC 27001:2015 from18th December 2015. Kyiv: Natsional'nyj standart Ukrainy. Retrieved from https://www.assistem.kiev.ua/doc/dstu_ISO-IEC_27001_2015 [in Ukrainian]. Kormych, B. A. (2004). Orhanizatsijno-pravovi osnovy polityky informatsijnoi bezpeky Ukrainy [Organizational and legal bases of information security policy of Ukraine]. Extended abstract of Doctor's thesis. KhNUVS. Kharkiv, 2004. 42 c. . [in Ukrainian]. Markina, I. A. & Diachkov, D. V. (2016). Osnovy formuvannia systemy menedzhmentu informatsijnoi bezpeky pidpryiemstva [Fundamentals of formation of enterprise information security management system]. Problemy i perspektyvy rozvytku pidpryiemnytstva – Problems and prospects of entrepreneurship development, 3 (1), 80-88. Retrieved from http://nbuv.gov.ua/UJRN/piprp_2016_3(1)_18. (data zvernennja 24.11.2019) [in Ukrainian]. Matviienko, O. V. & Tsyvin, M. N. (2005). Osnovy menedzhmentu informatsijnykh system [Fundamentals of Information Systems Management]. Kyiv : Tsentr navchal'noi literatury [in Ukrainian]. Nyzenko, E. I. & Kaleniak, V. P. (2006). Zabezpechennia informatsijnoi bezpeky pidpryiemnytstva [Ensuring information security of entrepreneurship]. Kyiv : MAUP [in Ukrainian]. Severyna, S. V. (2016). Informatsijna bezpeka ta metody zakhystu informatsii [Information security and methods of information protection]. Visnyk Zaporiz'koho natsional'noho universytetu. Ekonomichni nauky 227 ISSN 2663-1636 (ɪ) ISSN 2663-1644 (o) 9. 10. 11. 12. 13. 14. ɐɟɧɬɪɚɥɶɧɨɭɤɪɚʀɧɫɶɤɢɣ ɧɚɭɤɨɜɢɣ ɜɿɫɧɢɤ. ȿɤɨɧɨɦɿɱɧɿ ɧɚɭɤɢ, 2019, ɜɢɩ. 3(36) – Visnyk of Zaporizhzhya National University. Economic sciences, 1, 155-161. Retrieved from http://nbuv.gov.ua/UJRN/Vznu_eco_2016_1_21 [in Ukrainian]. Sprinsian, V. H. & Biriukova, T. L. (2012). Resursy ta tekhnolohii informatsijnoho menedzhmentu [Information management resources and technologies: a textbook]. Odesa : ONPU [in Ukrainian]. Turchyn, O. I. (2010). Informatsijna bezpeka protsesiv menedzhmentu intehrovanykh system [Information security of integrated systems management processes]. Modeliuvannia rehional'noi ekonomiky – Modeling of regional economy, 2, 347-352. Retrieved from http://nbuv.gov.ua/UJRN/Modre_2010_2_42 [in Ukrainian]. Cherevko, O. V. (2014). Teoretychni zasady poniattia informatsijnoi bezpeky ta klasyfikatsiia zahroz systemi informatsijnoho zakhystu [Theoretical principles of the concept of information security and classification of threats to the information security system]. Efektyvna ekonomika – An efficient economy, 5. Retrieved from http://nbuv.gov.ua/UJRN/efek_2014_5_103 [in Ukrainian]. Campbell, T. (2015). Practical Information Security Management : A Complete Guide to Planning and Implementation. New York-Australia : «Science+Business» [in English]. Information technology – Security techniques – Information security management systems – Requirements. (2019). ISO 27001:2013 from 18th November 2019. Retrieved from http://www.teamprevent.com.ua/ua/poslugi/ sistemi_menedzhmentu/iso_27001_sistema_menedzhmentu_ informaciinoji_bezpeki.html [in Ukrainian] Tipton Harold F., Micki Krause (2017). Information security management handbook. 6th ed. USA : Boca Raton : «Taylor & Francis Group» [in English]. Volodymyr Panchenko, Associate Professor, Doctor in Economics (Doctor of Economic Sciences) ɋentral Ukrainian Pedagogical University named after Volodymyr Vynnychenko, Kropyvnytskyi, Ukraine Information Security Management of a Commercial Enterprise The basic concepts of information security such as properties, threats, vulnerabilities, risks, controls are reviewed. The classification and examples of information security threats are given. The information security management system is described. The measures of security in the context of ISO 27001 are discussed. The article considers the preconditions of enterprise information security and the control features are defined by it, that associated with the continuous development of enterprise information infrastructure, the provision of various types of information services, automation of financial and operational performance, as well as the business processes of modern organizations. It was determined that the purpose of information management is to ensure the effective development of a business enterprise through the prompt and flexible regulation of various types of information activities (search, collection, analysis, synthesis, processing, transmission, storage and use of various information). The advantages for the commercial enterprise from the introduction of the information security management system are revealed: (a) protecting information and documents against theft; (b) increasing the confidence of business partners who are confident in protecting their business information, production secrets and business; (c) improving the positive image of the company; (d) increasing competitive advantage by protecting information; (e) creating an effective management mechanism for identifying and managing risks while ensuring information security of a business enterprise. Determined concept, purpose and methods of information security improvements of enterprise information environment at the present stage of development economics. Classification and unification of the most commonly used methods for information security. In order to ensure the confidentiality of information were provided recommendations for improving the information security of domestic enterprises. threat, information systems, information security, security controls, CISSP, information security management, ISMS, threats, information systems Ɉɞɟɪɠɚɧɨ (Received) 11.12.2019 ɉɪɨɪɟɰɟɧɡɨɜɚɧɨ (Reviewed) 18.12.2019 ɉɪɢɣɧɹɬɨ ɞɨ ɞɪɭɤɭ (Approved) 23.12.2019 228