In the context of systematic instability increases the dependence of national economies on the degree of information technology security, information security risks related to the growth of internal and external attacks targeted at the business of industrial enterprises appear. As a result, the core business processes of industrial enterprises are being affected: stopping or interruption of the operation of systems and services; damage, loss or compromise of data; direct financial losses as a

more »

... sult of illegal actions of internal staff and cybercriminals. According to Gemalto (Information Security, 2015) the number of data breaches in 2014 increased by 49% compared to 2013 year, and about one billion records were compromised for the purpose of identity theft. The situation is critical in all industries and sectors. Implementation of Information Security Management System is aimed at the systematic identification, analysis and mitigation of information security risks as a result of which information assets are losing confidentiality, integrity and availability. Keywords: information security risks of information infrastructure, information infrastructure protection, infrastructure optimization model of information security, the protection of information resources.