Global practice of corporate information security events management




informational security, information security incidents, international information security standards, information security management system, management of information security events.


Introduction. The accumulated experience in the field of information protection, as well as new requirements for the construction of the information security policy of companies allowed to develop quite effective recommendations for the construction of the information security management system.

Problem. The central process in the information security management system of corporations is the «Event Management» process. Only a competent organization of this process can ensure the proper level of the entire sequence of stages of the effective functioning of the corporate information protection system, covering all actions during the entire life cycle of an information security event; from planning, training and raising awareness to detection, response and training at information security events.

The aim of the article is theoretical and methodological substantiation of the expediency of introducing the Information Security Event Management process in the context of the analysis of the global practice of the corporate information protection system.

Methods. The following methods were used in the course of research: the methods of the system approach, theoretical generalization and comparison, analysis and synthesis. The information base is the author’s own research, international standards of information security of the ISO/IEC 2700x series, pub­lica­tions in scientific editions and Internet resources.

Results. Within the framework of this study, the two most effective options (USA and Europe) for the organization of the Event Management process were analyzed. The conducted analysis made it possible to identify the peculiarities of the organization of each process, its advantages and disadvantages, proved the need for the formation of a compre­hensive approach to the organization of processes.

It is justified that a comprehensive approach to the organization of the Event Management process should take into account the interconnection with other management processes and be harmonized with international information security standards.

The implementation of this algorithm makes it possible to minimize the potential risks associated with the possible loss of information resources of the corporation. And, therefore, minimizes the potential economic damage caused by non-compliance with the corporation’s information security policy.

Conclusions. The conducted research makes it possible to practically fill potential information gaps when creating a system for managing information security of corporations. An additional advantage of the proposed solution is the possibility of using this sub-process as an independent one, which simplifies the procedure of managing information security of the corporation as a whole and contributes to reducing the cost of its construction.

Author Biography

Vitаliу CHUBAIEVSKYI, State University of Trade and Economics

PhD (Politics), Associate Professor, Associate Professor of the Engineering Department of software and cyber security


How to Cite

CHUBAIEVSKYI В. 2022. Global practice of corporate information security events management. Foreign trade: economics, finance, law. 125, 6 (Dec. 2022), 73–82. DOI:

