Abstract:

The article describes a cybernetic model of improving the information security system (ISS) in an organization as a complex security system, whose functioning has been illustrated on the basis of a certain steering/control system with a loop feedback.  The cybernetic model of improving the information security system assumes that its organizational structure consists of the elements that minimize both internal and external threats - defense mechanisms, which also include good practices. The authors outlined a concept of applying good practices that concern various issues of improvement the information security system. In accordance with the assumptions of the control theory, the model may be divided into a controlled system and controller.