Information Security Management: American Experience

Abstract

The purpose of the article is a comprehensive analysis of the American concept of threats to information security and determination of priority areas of the US’s activity in creating a secure national cyberspace. The methodological basis of the study is general scientific and special methods of cognition, in particular, systemic approach, analysis, synthesis, and logical method. Methods of content analysis, comparative and analytical monitoring of Internet resources of US government bodies responsible for information security are also used. The scientific novelty of the study consists in the expansion of ideas about theoretical aspects in the field of information security and the systematic analysis of instrumental, conceptual foundations and practical aspects of information security in the United States. Conclusions. The globalisation of information systems has created a completely new situation in the security field. In cyberspace the main threat to the US national security comes from states and intermediaries acting in their interests. They have the necessary skills and technologies to carry out destructive cyberattacks for military and political purposes, and also effectively use cyberespionage methods, which not only entails economic losses, but also causes great damage to strategically important industries for the US. The American concept covers such three key levels of cyber security as the state, private business and individual users. There are such defence priorities for the United States as ensuring the protection of critical infrastructure, information networks and systems; quality control of used IT equipment; formation of effective mechanisms of interlevel communication and raising awareness at all levels. An important component of the US National Cyber Strategy is international cooperation on information security issues. In this regard, at the international level the United States seeks to implement such opportunities as to encourage countries to increase responsibility for ensuring the security of information systems and networks at the national and global level; to create the legal regime necessary to ensure cross-border access to information; to form a regime of collective cyber defence within the framework of NATO and other bilateral and multilateral agreements with strategic partners; to preserve the maximum possible freedom of action in cyberspace in order to conduct all types of information operations both during military conflicts and in peacetime.