STRATEGIC INFORMATION SECURITY PROVISION FOR AN ENTERPRISE

No. 47 (2025), ARTICLES
No. 47 (2025)

STRATEGIC INFORMATION SECURITY PROVISION FOR AN ENTERPRISE

ARTICLES
https://doi.org/10.32782/2522-1256-2025-47-16
Igor Sosnov
National Technical University «Kharkiv Polytechnic Institute»
https://orcid.org/0000-0003-0027-5488
Yevhenii Ippolitov
National Technical University «Kharkiv Polytechnic Institute»
https://orcid.org/0009-0001-3165-4141
PDF (Українська)

Keywords

enterprise information security
economic subsystem
strategic management
cyber threats
risk management
overall enterprise strategy

How to Cite

Sosnov, I., & Ippolitov, Y. (2025). STRATEGIC INFORMATION SECURITY PROVISION FOR AN ENTERPRISE. Entrepreneurship and Trade, (47), 141-149. https://doi.org/10.32782/2522-1256-2025-47-16
APA Chicago Harvard

Download Citation

BibTeX

Abstract

The article analyzes strategic aspects of ensuring enterprise information security, focusing on the economic subsystem. The relevance of the problem is substantiated in the context of digital transformation of the economy and increasing cyber threats. The methodological foundation of the research comprises systemic, process-based, and risk-oriented approaches, utilizing a complex of general scientific methods: analysis and synthesis, comparative analysis, and structural-functional analysis. A literature review of works by domestic and foreign scholars investigating issues of economic security, information security provision, and strategic risk management has been conducted. The structure of threats to the enterprise's economic infrastructure has been identified, encompassing external cyber threats and internal risks. Strategic principles of information security provision have been determined: defense in depth, least privilege, business continuity, and proactive risk management. Particular attention is given to the economic justification of investments in information security and the assessment of protective measures' effectiveness. The relationship between information security strategy and the overall corporate and competitive strategies of the enterprise has been examined. Practical recommendations regarding strategic planning, organizational mechanisms, technological solutions, and ensuring continuity of the economic subsystem have been formulated. When providing recommendations, the specificity of Ukrainian enterprises that have experienced armed aggression and combined cyberattacks has been considered. Ensuring continuity of the economic subsystem is a critically important aspect of information security strategy. The strategic approach to ensuring information security presupposes a balance between technical protection means and organizational mechanisms. It has been determined that the economic justification of investments in information security must account for not only direct financial losses from potential incidents but also indirect costs. The research results have practical significance for forming an effective strategy for protecting the infrastructure of Ukrainian enterprises.

https://doi.org/10.32782/2522-1256-2025-47-16
PDF (Українська)

References

Softlist. Кібератаки в Україні: зростання на 70% та як захистити бізнес у 2025 році. 2025. URL: https://softlist.ua/cases/cyberattacksinukraine

Schneier B. Click Here to Kill Everybody: Security and Survival in a Hyper-connected World. W. W. Norton & Company, 2019. 336 p.

Anderson R. Security Engineering: A Guide to Building Dependable Distributed Systems. 3rd ed. Wiley, 2020. 1232 p.

Rinaldi S.M., Peerenboom J.P., Kelly T.K. Identifying, understanding, and analyzing critical infrastructure interdependencies. IEEE Control Systems Magazine. 2001. Vol. 21. No. 6. P. 11-25. DOI: https://doi.org/10.1109/37.969131

Медвідь В.Ю., Правдивець О.М., Кривчун Р.Ю. Теоретико-методичні засади формування системи управління інформаційною безпекою підприємства. Агросвіт. 2023. № 1. С.24-30. DOI: https://doi.org/10.32702/2306-6792.2023.1.24

Задоя В.О. Інституційні та управлінські аспекти забезпечення економічної безпеки бізнесу в умовах цифрової економіки. Ефективна економіка. 2025. № 7. DOI: https://doi.org/10.32702/2307-2105.2025.7.71%20

Терзі О. Принципи забезпечення інформаційної безпеки держави: досвід України та зарубіжних країн. Право та державне управління. 2024. № 3. С. 51-57. DOI: https://doi.org/10.32782/pdu.2024.3.7

Топалов В. М. Стратегічні орієнтири забезпечення інформаційної безпеки суб'єктів малого підприємництва. Економіка та суспільство. 2025. Вип. 75. DOI: https://doi.org/10.32782/2524-0072/2025-75-92

Кібербезпека в інформаційному суспільстві: Інформаційно-аналітичний дайджест / відп. ред. О. Довгань; упоряд. О. Довгань, Л. Литвинова, С. Дорогих; Державна наукова установа «Інститут інформації, безпеки і права НАПрН України»; Національна бібліотека України ім. В.І.Вернадського. Київ, 2025. № 10. 166 с.

«Про захист інформації в інформаційно-телекомунікаційних системах». Закон України від 05.07.1994 № 80/94-ВР. URL: https://zakon.rada.gov.ua/laws/sho/80/94-вр

«Про критичну інфраструктуру». Закон України від 16.11.2021 № 1882-IX. URL: https://zakon.rada.gov.ua/laws/show/1882-20

ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection – Information security management systems – Requirements. International Organization for Standardization, 2022.

Payment Card Industry Data Security Standard (PCI DSS) v4.0. PCI Security Standards Council, 2022. 362 p.

Softlist (2025), "Cyberattacks in Ukraine: 70% increase and how to protect business in 2025", available at: https://softlist.ua/cases/cyberattacksinukraine

Schneier, B. (2019), Click Here to Kill Everybody: Security and Survival in a Hyper-connected World, W. W. Norton & Company, New York, USA.

Anderson, R. (2020), Security Engineering: A Guide to Building Dependable Distributed Systems, 3rd ed., Wiley, Hoboken, USA.

Rinaldi, S. M., Peerenboom, J. P. and Kelly, T. K. (2001), "Identifying, understanding, and analyzing critical infrastructure interdependencies", IEEE Control Systems Magazine, vol. 21, no. 6, pp. 11–25, DOI: https://doi.org/10.1109/37.969131

Medvid, V. Yu., Pravdyvets, O. M. and Kryvchun, R. Yu. (2023), "Theoretical and methodological principles of forming an information security management system for an enterprise", Ahrosvit, vol. 1, pp. 24–30, DOI: https://doi.org/10.32702/2306-6792.2023.1.24

Zadoia, V.O. (2025), "Institutional and managerial aspects of ensuring economic security of business in the digital economy", Efektyvna ekonomika, vol. 7, DOI: https://doi.org/10.32702/2307-2105.2025.7.71

Terzi, O. (2024), "Principles of ensuring state information security: experience of Ukraine and foreign countries", Pravo ta derzhavne upravlinnia, vol. 3, pp. 51–57, DOI: https://doi.org/10.32782/pdu.2024.3.7

Topalov, V. M. (2025), "Strategic guidelines for ensuring information security of small business entities", Ekonomika ta suspilstvo, vol. 75, DOI: https://doi.org/10.32782/2524-0072/2025-75-92

Dovhan, O., Lytvynova, L. and Dorohykh, S. (2025), Kiberbezpeka v informatsiinomu suspilstvi: Informatsiino-analitychnyi daidzhest [Cybersecurity in the Information Society: Information and Analytical Digest], Derzhavna naukova ustanova «Instytut informatsii, bezpeky i prava NAPrN Ukrainy»; Natsionalna biblioteka Ukrainy im. V.I.Vernadskoho, Kyiv, Ukraine, vol. 10, 166 p.

The Verkhovna Rada of Ukraine (1994), The Law of Ukraine "On the protection of information in information and telecommunication systems", available at: https://zakon.rada.gov.ua/laws/show/80/94-вр

The Verkhovna Rada of Ukraine (2021), The Law of Ukraine "On critical infrastructure", available at: https://zakon.rada.gov.ua/laws/show/1882-20

ISO/IEC 27001:2022 (2022), Information security, cybersecurity and privacy protection – Information security management systems – Requirements, International Organization for Standardization, Geneva, Switzerland.

PCI Security Standards Council (2022), Payment Card Industry Data Security Standard (PCI DSS) v4.0, PCI Security Standards Council, Wakefield, USA, 362 p.