Approaches to ensuring information security

The article analyzes situational, integration, and integration and innovation approaches that have emerged among domestic enterprises in today's market to ensure information security. The following differences between them have been identified: the situational approach involves the point implementation of information security systems, decentralized management, the lack of a unified approach to system design, and inertia in system implementation; the integration ap-proach involves the presence of planning and information security provisioning services, the formulation of unified requirements for information security, analysis of the criticality of in-formation assets, risk and threat management, and the design of information security from business processes of the enterprise; the integration and innovation approach includes the pres-ence of security operation centers, operational response centers, centralized information securi-ty monitoring systems, the creation of Business Continuity Plans and Disaster Recovery Plans, and the formation of fault-tolerant protection systems. Some existing problems in choosing methods and information protection technologies are presented in the paper. The ways and means for ensuring effective information security in an enterprise are discussed. These are next-generation network firewalls, SIEM systems, DLP systems, as well as a cloud access security broker – CASB. Using CASB to ensure information security in the cloud allows for addressing the following tasks: access control; data protection; detection and response to threats; compli-ance with regulatory requirements; monitoring and auditing; and security policy management. Analyzing the approaches to ensuring information security in domestic enterprises, we can con-clude that it should be based on a comprehensive approach and effective integration of all ele-ments of IT infrastructure at different levels of their interaction.