| |
The article examines the main problems of information security management in modern organizations operating in the context of digital transformation and the increasing complexity of cyber threats. The relevance of the research is due to the fundamental transformation of the role of information security: from a highly technical function, it has become a strategic priority of corporate governance that requires attention at the board of directors level. Based on the systematization of scientific sources, three groups of interrelated problems have been identified: strategic, related to the gap between technical approaches and the needs of digital business; organizational, due to the human factor, including the phenomenon of "shadow security" and insufficient transparency of communications; technological, reflecting the complexity of implementing modern incident monitoring and management systems. An analysis of empirical studies demonstrates that 95% of cyber attacks are made possible by human error, and the average cost of data leakage reaches 4.45 million dollars [8]. Special attention is paid to the problems of security management in remote work, decentralized structures and the increasing role of third-party vendors. The classification of risks into technical, personnel, process and third-party risks is proposed. The conclusion is substantiated that it is necessary to move from static protection models to adaptive, risk-oriented approaches that integrate technological, organizational and human aspects. The scientific novelty of the research lies in a comprehensive analysis of information security management issues through the prism of three dimensions – strategic, organizational and technological – taking into account current trends in digital transformation.
Keywords:information security, risk management, digital transformation, cyber threats, corporate governance.
|
LEGAL
INFORMATION:
