SECURITY MANAGEMENT PLAN FOR INFORMATION ASSETS OF OBJECTS OF THE AVIATION TRANSPORT COMPLEX OF UKRAINE
Keywords:information security, risk level, air transport complex, policies, confidentiality, availability, integrity, terms of reference, security systems
Governing documents International Civil Aviation Organization (ICAO) define a safety management system as an element of corporate governance responsibility that defines a company's safety policy and its intentions to manage safety as an integral part of its overall business. Thus, the security management system (Security Management System, SeMS) is a part of the overall information asset management system of the aviation enterprise, which is based on risk analysis and is intended for the design, implementation, control, monitoring and improvement of measures in the field of information security. This system consists of organizational structures, policies, planning actions, responsibilities and procedures, processes and resources, and much more. An analysis of modern management measures of the information security system of air transport facilities based on international standards of the ISO series was carried out. A scenario for the implementation of the plan for managing the security of information assets of the air transport complex is proposed, which is based on the best experience of foreign countries.
Менеджмент у сфері захисту інформації/ Ромака В.А., Корж Р.О., Гарасим Ю.Р// Підручник: Львів: ЗУКЦ, 2013. 462 с.
Міщенко А.В., Козловський В.В., Васянович В.В. Методологія інформаційної безпеки в авіатранспортному комплексу// Вісник Хмельницького національного університету. Серія: технічні науки. 2015. № 2 (223). С. 178-181.
ICAO Aviation Security Manual (Doc 8973 – Restricted).
ДСТУ ISO/IEC 27001:2023. «Information security, cybersecurity and privacy protection. Information security management systems. Requirements».
ДСТУ ISO 9001:2018. «Системи управління якістю. Вимоги».
ДСТУ ISO/IEC 27701:2022. «Методи безпеки. Розширення до ISO/IEC 27001 та ISO/IEC 27002 для керування конфіденційною інформацією. Вимоги та настанови».
LicenseAuthors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).