@ARTICLE{26583204_128092684_2014, author = {Alexander Baranov}, keywords = {, philosophy, reflection, security of interaction, information security, management efficiency, W.R.Ashby law, regulators, self-regulated organizationsinformation}, title = {Current state of information security management philosophy}, journal = {}, year = {2014}, number = {2 (28)}, pages = {7-14}, url = {https://bijournal.hse.ru/en/2014--2 (28)/128092684.html}, publisher = {}, abstract = {Alexander Baranov - Deputy CEO, Federal State Unitary Enterprise "Main Research Computing Center (GNIVC) of Federal Tax Service of Russia"Address: property 3, bdg. 1, Pohodnyi proezd, Moscow, 125373, Russian Federation.  E-mail: baranov.ap@yandex.ru      The paper elaborates a philosophical vision of the "information security management efficiency" concept. The concept is based on presentation of information as content of interacting systems’ reflection. This approach allows considering from a unified point of view the issues of information protection for technical, computer, social and political systems. The key point of the concept is formulation of systems’ interaction goals that may by profoundly different for different parts of the interaction.      The concept of information security management is proposed to be interpreted as management of the state of sufficiency of ensuring of information transfer that occurs during interaction of the systems. This definition is a special case of the traditional concept of system management, if the system is considered as a set of interacting objects performing the reflection process.      The approach expands the traditional view on information security management presented in the standards of various Russian and international organizations. The common approach appears to be a special case based on risk assessment or statutory regulations. In turn, the W.R. Ashby’s law appears to be applicable for evaluation of the information security management process, as a particular case of the system management process.      The approach allows discovering new possibilities to improve managing system efficiency for operative level of management. An example of the Portal for Government Services as government agency’s systems interaction with citizens is discussed. The conclusion about weak information protection of the people’s system in the process of mutual reflection of a government agency and society has been drawn. As a possible way to increase management effectiveness it is recommended to employ the potential of the self-regulatory organizations.}, annote = {Alexander Baranov - Deputy CEO, Federal State Unitary Enterprise "Main Research Computing Center (GNIVC) of Federal Tax Service of Russia"Address: property 3, bdg. 1, Pohodnyi proezd, Moscow, 125373, Russian Federation.  E-mail: baranov.ap@yandex.ru      The paper elaborates a philosophical vision of the "information security management efficiency" concept. The concept is based on presentation of information as content of interacting systems’ reflection. This approach allows considering from a unified point of view the issues of information protection for technical, computer, social and political systems. The key point of the concept is formulation of systems’ interaction goals that may by profoundly different for different parts of the interaction.      The concept of information security management is proposed to be interpreted as management of the state of sufficiency of ensuring of information transfer that occurs during interaction of the systems. This definition is a special case of the traditional concept of system management, if the system is considered as a set of interacting objects performing the reflection process.      The approach expands the traditional view on information security management presented in the standards of various Russian and international organizations. The common approach appears to be a special case based on risk assessment or statutory regulations. In turn, the W.R. Ashby’s law appears to be applicable for evaluation of the information security management process, as a particular case of the system management process.      The approach allows discovering new possibilities to improve managing system efficiency for operative level of management. An example of the Portal for Government Services as government agency’s systems interaction with citizens is discussed. The conclusion about weak information protection of the people’s system in the process of mutual reflection of a government agency and society has been drawn. As a possible way to increase management effectiveness it is recommended to employ the potential of the self-regulatory organizations.} }