Enterprise Information Security Strategy: Monitoring and Management
https://doi.org/10.17747/2618-947X-2026-1-73-83
Abstract
The security of an economic entity’s information and the infrastructure that supports it remains one of the key challenges at the current stage of economic relations. Unauthorized access to information, accidental or malicious impacts on information, and third-party intrusion into the operation of the supporting infrastructure threaten to reduce economic benefits and cause damage to economic entities, both legal entities and individuals. Under these conditions, one of the tasks of an organization’s economic security service is to prevent threats and mitigate risks related to unauthorized access to sensitive and financial information about the enterprise and to employees’ personal data. The objective of the study is to develop methodological recommendations for organizing the process of managing enterprise information security risks. In the course of the study, the authors obtained the following scientific results: the elements of information security (information protection, access restriction, encryption, security system, two-factor authentication, information transfer, document forgery, verification of the vulnerability of the information source, and information authenticity) were examined comparatively, considering both their current state and their historical development; information on participants involved in information theft and methods of unauthorized access was systematized; factors limiting compliance with personal data protection principles were analyzed; and information security risks were systematized in the context of object-vulnerability-threat. The practical significance of the research results lies in the possibility of integrating them into an organization’s management system and developing an internal control system to minimize threats and mitigate the risks of unauthorized access to sensitive and financial information and employees’ personal data.
About the Authors
T. A. RudakovaRussian Federation
Cand. Sci. (Econ.), Associate Professor, Department of Economics, Altai State Technical University named after I.I. Polzunov (Barnaul, Russia); Associate Professor, Department of Economic Security, Accounting, Analysis and Audit, Altai State University (Barnaul, Russia). ORCID: 0000-0002-8735-7058.
Research interests: digital finance, economic security, risk management, accounting and analytical aspects of bankruptcy, reliability of accounting and reporting information, risks of the real sector of the economy.
O. Yu. Rudakova
Russian Federation
Cand. Sci. (Econ.), Associate Professor, Head of the Department of Management, Business Organization and Innovation, Altai State University (Barnaul, Russia). ORCID: 0000-0001-9714-2483.
Research interests: anti-crisis management, change and development management, economic security, management consulting, innovation.
References
1. Borhalenko V.A. (2015). Verification of the pci DSS 3.1 Standard for Compliance with the Requirements of the Legislation of the Russian Federation. Cyberspace Issues, 5(13): 11-15. (In Russ.)
2. Lapina M.A., Medvedeva A.S., Lapin V.G., Boikov N.S., Ledyan D.I. (2024). Information Security Risk Analysis of Economic Information Systems. Audience, 2(42). https://.cyberleninka.ru/article/n/analiz-riskov-informatsionnoy-bezopasnosti-ekonomicheskih-informatsionnyh-sistem. (In Russ.)
3. Larin D.A. (2010). Information Protection in Ancient Russia. History and Archives, 12(55): 13-35. (In Russ.)
4. Savelyev A.I. (2015). Problems of the Application of Legislation on Personal Data in the Era of Big Data. Law. HSE Journal, 1: 43-66. (In Russ.)
5. Selivanova E.S., Konopiy A.S. (2025). Legally Significant Features of Artificial Intelligence and Their Impact on the Legal Status of Decisions Made by Intelligent Systems. Law and Management. XXI Century, 21(3): 49-61 (In Russ.)
6. Tsyplakova A.D. (2025). Countering Cybercrime in Selected Countries of the Global South: Current State, Problems and Prospects. Law and Management. XXI Century, 21(3): 62-75. (In Russ.)
7. Yastrebova A.Yu. (2025). The Concept and Protection of Personal Data in the Context of the International Legal Regulation of the Digital Space. Law and Management. XXI Century, 21(2): 15-25. (In Russ.)
8. Arthur C. (2013). Tech Giants May Be Huge, but Nothing Matches Big Data. Guardian, August 23. https://www.theguardian.com/technology/2013/aug/23/tech-giants-data/
9. Cristea L.M. (2020). Current Security Threats in the National and International Context. Journal of Accounting and Management Information Systems, 19(2): 351-378.
10. Jouini M.A. (2015). Multidimensional Approach towards a Quantitative Assessment of Security Threats. Procedia Computer Science, 52: 507-514.
11. Lee Y.J. (2011). Profit-Maximizing Firm Investments in Customer Information Security. Decision Support Systems, 51(4): 904-920.
12. Sujiwana R.K., Ridho A.F.A., Aryanti D.C., Rakhmawati N.A. (2024). Analisis Bibliometrik Mengenai Serangan Phishing dan Whatsapp menggunakan Vosviewer. Jurnal Esensi Sistem Informasi dan Sistem Komputer, 8(1): 101-105.
13. Van Deursen N., Buchanan W.J., Duff A. (2013). Monitoring Information Security Risks within Health Care. Computers & Security, 37: 31-45.
14. Yaz Ö., Süzen А.А. (2023). Kurumsal Ağlara Yapılan Saldırılarda Açıklanabilir Yapay Zekânın Yeri. International Conference on Applied Engineering and Natural Sciences, 1(1): 528-534.
Review
For citations:
Rudakova T.A., Rudakova O.Yu. Enterprise Information Security Strategy: Monitoring and Management. Strategic decisions and risk management. 2026;17(1):73-83. https://doi.org/10.17747/2618-947X-2026-1-73-83


































