Method for assessing efficiency of the information security management system

The article addresses the issue of efficiency assessment of the security system (SS) in terms of the Information Security Management System (information resources of the information system in an organization). It is assumed that the purpose of such security system is to achieve a declared level of protection of the information system resources. Therefore, the level of security of information system in a given organization shall be determined by the efficiency assessment of the security system. The efficiency of the security system mainly depends on the functional properties of its components and other factors occurring in its environment. The article mainly focuses on security configuration, i.e. technical configuration and security organization configuration. The thesis was adopted that the efficiency of the security system may be considered as a set-theoretic efficiency sum of the security configurations invoked in such system. Additionally, it was assumed that a prerequisite for the desired measures (indicators) of the efficiency assessment of the SS shall be to propose such measures and develop appropriate ways (methods) of their calculation. The efficiency measure for the SS as well as two methods of efficiency assessment of the SS were proposed in the article.