Annotation

Annotation: The object of analysis given by the subject of analysis of this article is the international standard ISO-IEC 27001-2013. The authors considered the structure of the standard, its components, including the requirements for the construct ion and operation of information security management systems of the organization in the current business environment and trends . The relevance of this work is supported by the analysis of the standard not only from the point of view of an information secur ity specialist, but also from the point of view of enterprise management . Given the growing risks and threats to information security and the crisis of confidence that is generated by commercial organizations that do not pay enough attention to security ma nagement, the analysis of this standard is aimed at identifying and disclosing the main advantages and disadvantages of the standard at the current state of commercial activities and information systems. A separate emphasis in the article is on the interac tion between the management of the enterprise and the information security department.