METHODS OF PROTECTING PERSONAL INFORMATION IN INFORMATION SYSTEMS

Abstract

In today's digital society, the protection of personal information becomes an extremely important task. With the development of information technologies and the growth of volumes of data processed by information systems, the risk of unauthorized access, theft and misuse of confidential data increases. The purpose of the work is the analysis of enterprises to identify factors affecting information security, as well as the development and theoretical substantiation of methods of depersonalization and de-personalization of personal data, which allow to ensure their confidentiality, as well as rules for organizing the processing of depersonalized data. This topic is relevant for information security specialists, software developers, as well as for organizations that operate large volumes of personal data, in order to ensure an adequate level of information protection and minimize the risks of cyber threats. The analysis of the methods of organizing the processing and protection of personal data showed that the proposed methods and the protection systems created on their basis require significant resources for implementation, have a strong dependence on the type of data and high redundancy in practical application for working with small data sets. Therefore, in a number of cases, it is advisable to apply methods that remove requirements for the confidentiality of personal data, which significantly reduces the costs of protection. The paper considers one of the effective and promising approaches to the protection of personal data in information systems - depersonalization. The methodology and rules for processing depersonalized personal data with the involvement of external operators have been developed, which allows protection of personal data both at the level of the operator and at the level of the user. The proposed method is particularly effective when using data centers and cloud computing technology to process personal data of various low-budget organizations.

Keywords: personal data, information systems, data protection, depersonalization, quality management, information security.

References
1. Żywiołek, J. Knowledge management about the occupational health and safety system in the enterprise. In: World Day for Safety and Health at Work, 2017. pp. 114.
2. Mottord, H.J. and Whitman, M.E. Management of Information Security, 2nd ed., Boston: Thomson. 2008.
3. Humphreys, E., Implementing the ISO/IEC 27001. Information Security Management System Standard, Artech House, Norwood.
4. Żywiołek, J. Monitoring of Information Security System Elements in the Metallurgical Enterprises, MATEC Web of Conferences. 2019. Available at: https://www.matec-conferences.org/articles/matecconf/pdf/2018/42/matecconf_qpi2018_01007.pdf.
5. Białas, A. Security of information and services in a modern institution and company. 2017. R. 550
6. Klasyfikatsiya avtomatyzovanykh system i standartni funktsionalʹni profili zakhyshchenosti obroblyuvanoyi informatsiyi vid nesanktsionovanoho dostupu. Zatverdzheno nak. Departamentu spetsialʹnykh telekomunikatsiynykh system ta zakhystu informatsiyi SB Ukrayiny vid 28 kvitnya 1999 r. №22. zi Zminoyu №1, zatverdzhenoyu nakazom Administratsiyi Derzhspetszvʺyazku vid 15.10.2008 № 172.: ND TZI 2.5-005-99. – 2008. – 20 s. http://www.dsszzi.gov.ua/dsszzi/control/uk/publish/article?showHidden=1&art_id=101870&cat_id=89734&ctime=1344501089407
7. Kryteriyi otsinky zakhyshchenosti informatsiyi v kompʺyuternykh systemakh vid nesanktsionovanoho dostupu. Zatv.nak. Departamentu spetsialʹnykh telekomunikatsiynykh system ta zakhystu informatsiyi SB Ukrayiny vid 28.04.1999 r. №22 iz zminamy z·hidno nak. Administratsiyi Derzhspetszv'yazku vid 28.12.2012 № 806: ND TZI 2.5-004-99. [elektronnyy resurs] – 2012. – Rezhym dostupu: www.dsszzi.gov.ua/dsszzi/doccatalog/document?id=106342
8. Shevchenko A.V. Stabilizatsiya funktsionalʹnoyi stiykosti informatsiynoyi systemy shlyakhom upravlinnya dynamikoyu rozvytku profiliv zakhyshchenosti / Tolubko V.B., Kurchenko O.A., Shevchenko A.V. // Suchasnyy zakhyst informatsiyi. – 2018. – №3. – S.51-57.