INFORMATION SECURITY IN THE FUNCTION OF CORPORATE MANAGEMENT OF INFORMATION TECHNOLOGIES

Abstract

It is known that the three basic elements of information security are protection against confidentiality, integrity and availability of information. The ISO/IEC 27001 standard helps companies protect information in any form. The new version of the ISO/IEC 27001:2022 standard follows new trends in IT and introduces new security controls. Information security is not the same in 2022 as it was in 2013, as many companies have embraced remote work and are using virtual applications. The standards of the ISO/IEC 27000 series represent answers to the increasing challenges of implementing information security measures in the company. The paper researched, analyzed and proposed the conceptual framework of information security in the function of corporate management of information resources, services and business values. The goal is to show that there is a strong connection between information security and company operations. The recommendations and guidelines of the COBIT 2019 management framework were used for information technology management. An important feature of the development and application of the COBIT framework is its flexibility and alignment with many relevant standards.