Model of the life cycle of the information security system

When building an information security system, one of the key problems is the creation of regulatory documents. Regulators in the field of information security determine the list of necessary documentation mainly in relation to protection mechanisms (authentication, anti-virus protection, etc.) and practically do not take into account the stages of the life cycle of information security tools and personnel of the organization. The article proposes an approach to formalization of the list of information security management processes that need regulation. This approach allows the formation of information security policy to take into account the processes of personnel management and the complex of software and hardware information security, which is necessary to ensure a high level of security of critical information infrastructure