J. SELVIDGE

INFORMATION SECURITY INCIDENTS AND HOW TO PREVENT THEM

Abstract. An information security incident (IS) is any event that may compromise the confidentiality, integrity, or availability of systems or data, and therefore cause damage to an organization’s assets and operations. Such incidents can range from malware infections and phishing attempts to full-scale data breaches and ransomware attacks. The key is to identify incidents early: companies typically have less than an hour from the time they are first detected to prevent them from becoming a major problem. In this article are discussed the 14 types of IS-incidents and how to prevent them.

Keywords: information security, incident, cyber attack, threat prevention, training.

M.V. TEREKHOVA, A.A. GEORGIEVA

INFORMATION SECURITY OF THE ENTERPRISE: AUDIT, MONITORING, PENTEST

Abstract. Information security (IS) has long ceased to be an internal corporate matter: its regulatory framework is becoming more stringent every year, and mandatory requirements cover more and more areas and industries. Key issues on IS audit, IS monitoring and penetests of corporate IT-systems are set out in the proposed article.

Keywords: information security (IS) requirements, IS events and incidents, IS audit, IS monitoring, penetration testing.

E.O. BOBROVA, K.V. PITELINSKY, V.V. BRITVINA

DIGITAL CYBERSECURITY TOOLS: MACHINE LEARNING ALGORITHMS

Abstract. The increasing frequency and intensity of cyberattacks significantly complicate the task of their prompt blocking and prevention. Probably the most effective approach to solving it is the use of digital tools based on artificial intelligence (AI) algorithms. They can be successfully used to detect various types of anomalies, identify malware, monitor network traffic and analyze large amounts of data. The ability of such tools to self-learn, adapt to new types of threats and identify non-standard attacks makes them a powerful means of ensuring cybersecurity.

Keywords: cybersecurity, artificial intelligence (AI), machine learning, neural networks, payment protection.

A.YU. ROGATKIN

ECONOMIC ASPECTS OF INFORMATION SECURITY: GOST R 59503—2021

Abstract. Consideration of issues of economic impact and economic efficiency in management standards is a rare phenomenon. Most of them focus on effectiveness — the degree to which the intended results are achieved, rather than on efficiency — the price that the organization pays for it. In this regard, GOST R 59503, identical to the international document ISO/IEC TR 27016, which contains recommendations on the economic assessment of information security, is of considerable interest. In a practical sense, descriptions of such assessment methods, as well as examples of specific calculations are particularly useful.

Keywords: GOST R 59503—2021, information security, economic impact, effectiveness, efficiency.

V.A. KACHALOV

BRIGHTNESS AND LUSTER OF MANAGEMENT SYSTEMS STANDARDS. PART 3. PROCESSES APPROACH (CONTINUATION)

Abstract. In the preface to the first part of this article, it is noted that many approaches to quality management included in ISO 9001 as mandatory elements are not always fully implemented in practice, which does not allow them to play out all their faces. Based on extensive experience in conducting audits of various standardized management systems, the author presents his observations and recommendations on how to polish the application of some of them, fully ensuring their inherent brightness and brilliance. This part of the article is devoted to the second face of the process approach — the description of processes.

Keywords: process approach, process owner, process technology, process objective, process indicator.

K.N. FADEKOV, V.A. BEREZINA, A.V. BUZOV

EQUIPMENT CERTIFICATION UNDER THE QMS+ SCHEME IN VCS INTERGAZSERT

Abstract. The voluntary certification system VСS INTERGAZSERT was established in 2016 in order to confirm the quality of products/services and protect them from manufacturers who produce goods that do not meet consumer requirements. VСS INTERGAZSERT organizes and conducts work on conformity assessment of products, processes of survey, design, production, construction, installation, commissioning, operation (use), storage, transportation, sale and disposal, as well as management systems. In particular, the QMS+ scheme has been developed and actively applied within the framework of INTERGASERT for a comprehensive assessment of the quality management system and individual standard equipment.

Keywords: QMS, voluntary certification, documentation requirements, audit documents.

E.V. KONDRATYEV, N.A. KOROBKOVA

REGULAR MANAGEMENT PRACTICES: THREE-LEVEL PLANNING SESSIONS

Abstract. Planning is an operational tool for diagnostics, fine correction and structuring of the work process during one shift. The flexibility of the value stream and the level of losses depend on the accuracy of the information collected, the speed and validity of the response to identified problems, the ability of the manager to adjust tasks and set employees up for work. At the same time, enterprises often face the inability of managers at the grassroots and middle levels to competently interact with employees, the desynchronization of planning processes and the lack of improvement activity. What can be achieved by a well-organized structure and content of the gliders and on whom it depends, we will discuss in the article.

Keywords: planning meeting, problem solving, improvement, fractaling, leadership.

B.A. ITKIN

HOW TO MEASURE THE LOVE FOR A CUSTOMER?

Abstract. The paper provides comments on the article «Service Quality: No Measurer — No System!» by Olga Baybakova, published in the MQM journal, 2025 № 3. The author’s key thesis: if we talk about the love of the client or for the client, then the attempt to calculate the effect of transformations goes far beyond the application of formal metrics.

Keywords: relationships with customers, net promoter score, net promoter system.