Improvement of the Methodology for Assessing the Safety of the Economic and Information Interests of the Enterprise

The object of research is the process of assessing the safety of the economic and information interests of the enterprise. The work clarifies its definition. It has been taken into account that the key objects of protection are information, as well as the level of use of information systems at which they fulfill all the tasks assigned to them, which contributes to the achievement of the common current and strategic economic interests of the enterprise. Given this, it is proposed as part of this type of security to differentiate information security and information system security. It is substantiated that the assessment of the level of security of the economic and information interests of the enterprise should take into account the economic consequences of not achieving its desired level, which are manifested in the lack of profit before tax, which occurs due to the use of outdated information systems (compared with competing enterprises) and insufficient funding functioning of existing information systems. The indicators of the safety components of the economic and information interests of the enterprise are established. An example of the choice of indicators for enterprises in the extractive industry is given. It is shown that such an indicator widespread among scientists as the amount of information costs used in absolute terms does not adequately reflect the state of the level of ensuring the economic and information interests of the enterprise and, accordingly, their safety. For the first time, a coefficient of the level of security of economic and information interests is proposed as the ratio of the lack of profit before tax to the minimum amount of profit necessary for the enterprise. The scale of translation of the obtained values into linguistic terms is determined. In contrast to generally accepted practice, it is shown that the minimum and catastrophic safety levels are low and medium hazard levels, respectively.<br><br>The result of this study is an improved methodology for assessing the level of security of the economic and information interests of the enterprise, which takes into account the economic consequences for the enterprise from non-compliance with this type of security. Application of the developed concept expands the capabilities of managerial analytics, allowing more adequately assess the level of security of economic and information interests for making managerial decisions aimed at increasing it.


Introduction
The information component of the economic security of the enterprise is important for the successful functioning of the enterprise, therefore it occupies a key place in the structure of economic security [1,2]. So, at the end of June 2017, Ukrainian enterprises of various forms of ownership and sectors of the economy, as well as business entities of other countries subjected to largescale hacker attacks: their work was blocked by the DOS/Petya.A virus. The number of cases of computer infection with this virus as a percentage of the total in Ukraine is 75.24 %, Germany -9.06 %, countries outside Europe -2.94 % [3]. Despite the influence of information systems on the results of not only managerial work, but also of the entire production process, there are no unified approaches to assessing their safety, justifies the relevance of the study. So, the object of research is the process of assessing the safety of the economic and information interests of the enterprise. The aim of research is improvement of the methodology for assessing the security of economic and information inte rests of the enterprise.

Methods of research
The dialectic method, the analysis and synthesis method are used -in the study and generalization of scientific concepts for determining and evaluating the information component of the economic security of an enterprise.

Research results and discussion
The security of economic and information interests is characterized by a state in which such a level of use of ISSN 2664-9969 information systems is achieved that they fulfill all the tasks assigned to them, contributes to the achievement of the current and strategic economic interests of the enter prise. This, unlike the existing ones, in particular [4,5], does not contain an emphasis on users of the system. Given the concretization of the objects of protection, let's believe that it is more appropriate to differentiate infor mation security and information system security within this type of security.
Noncompliance with the regime for ensuring the se curity of economic and information interests depends on the level of costs of informatization [6,7]. However, it is obvious that the implementation of threats to this type of security generate a loss of profit. Therefore, the concept of assessing the security of economic and information in terests has been proposed, in contrast to the wellknown assessment of the protection of computer systems and in formation technologies [8,9] based on the methodology of the authors of [10]. This technique involves the assess ment of the lack of profit obtained in case of failure to achieve the relevant safety indicators of their normative values. However, paradoxically, its developers did not apply this technique to the information component of security.
Using the principle underlying it, instead of the lack of operating profit or the ЕВІТDА value as in [10], let's consider it more expedient to assess the lack of the ЕВТ indicator -earnings before tax. The choice of this par ticular indicator is due primarily to the fact that it has the same analytical advantages and net profit, but it can be applied to enterprises with different tax systems. So, let's propose the shortcoming of the electronic computer for the safety of the economic and information interests of the enterprise to be defined as the maximum shortcoming, estimated by its components: where ΔЕВТ(SEII) -the lack of the ЕВТ sum for the safety of economic and information interests of the enterprise, c. u.; ΔЕВТ(SE) -the lack of the amount of electronic com puters for the security of enterprise information, c. u.; ΔЕВТ(SEI) -the lack of the amount of ЕВТ for the se curity of the enterprise information system, c. u. In order to assess the indicators of the shortage of electronic computers, it is necessary to establish appropri ate indicators that embody a specific type of economic interest, which corresponds to a certain type of security. It is advisable to take into account that at industrial enterprises (such as, for example, mining enterprises), those decisionmakers are highly qualified and experien ced specialists in their field. The same applies to ana lysts and other management personnel responsible for processing incoming information. The above is due to a balanced personnel policy of these enterprises. At the same time, many scientists propose indicators such as coefficients of completeness, accuracy, inconsistency, or relevance of information to assess the safety associated with information. Let's believe that their use is more appropriate when choosing management measures, while being significant in the financial sector (including bud geting) and in making strategic decisions. However, for industrial enterprises, the observance of high values of these coefficients is difficult only in individual critical cases associated with a lack of time and the need for a quick response from the management team of the en terprise. In general, in the mode of current functioning, the information exchange on the operational activities of Ukrainian industrial enterprises is established in such a way that it does not adversely affect their economic security. Therefore, the above coefficients are not consid ered in this paper. But it is more appropriate to update the assessment of indicators related to the impact on the economic interests of the enterprise of the consequences of the implementation of information threats. These include: a round of insider information, loss of resources through unscrupulous actions of individuals through manipula tions in the information space, as well as failures in the operation of information systems. It is possible to assess the effect of a leak of insider information (trade secrets) on the lack of an EBT indicator, as well as on other economic indicators, if there is a realized fact of such a leak. The consequences of nonobservance of trade se crets differ depending on two groups of circumstances. The first group is determined by the content of infor mation that was disclosed without the consent of its disclosure or lost in another way. The second group is determined by the fact that competitors (or other in terested parties) will have time to use such information before the company implements appropriate measures to minimize (eliminate) these consequences. It should be borne in mind that the information classified by the enterprise as a trade secret may contain a variety of data: terms of mergers and acquisitions, terms of business contracts, loan terms and the like. So the cost of this information and the severity of the consequences of its disclosure are different. At the same time, the presence of laidoff workers for disclosing insider information is not an indicator that clearly characterizes the decrease in security associated with information. On the one hand, on the contrary, such an indicator testifies to the purposeful activity of the enterprise to identify such persons, and therefore to work to maintain a certain level of secu rity. In addition, working employees of the enterprise are not the only source of information leakage, besides them, previously dismissed employees, buyers, suppliers and other stakeholders of the enterprise may be such entities. Moreover, in modern conditions of development of information technologies, the technical capabilities of unauthorized (illegal) seizure of information constituting a commercial secret are expanding. On the other hand, as indicated above, the deterioration of the economic results of the enterprise due to unauthorized information leakage is probabilistic, and the extent of such deterio ration depends on the content of the information and the specifics of the enterprise. The most sensitive to the consequences of the disclosure of insider information (trade secrets) are enterprises which shares are quoted on the market. In addition, to assess the security of information, it is advisable to have a certain data set of a retrospec tive nature, while at the industrial enterprises of the extractive industry such incidents are practically absent, which makes it impossible to accumulate statistical data. Given all of the above, information security assessment is updated for enterprises which shares are listed on the stock market, as well as those enterprises which value is significantly affected by their reputation. In this regard, for enterprises that are investigated in this work, this type of security is not further evaluated.

ISSN 2664-9969
The security of an information system can be assessed using various indicators. To determine the most appro priate of them, it is necessary to take into account the goal of ensuring this security subspecies. This goal is to contribute to the achievement of the economic interests of the enterprise by directly qualitatively and efficiently fulfilling all the tasks assigned to it by the enterprise information system. Obviously, achieving such a goal re quires corresponding costs, which can be onetime and systematic. Onetime costs are mainly capital costs for the acquisition, installation of an information system, consulting services for training personnel to use it, and some others.
When a company management decides to acquire a new, modern information system that would contribute to the achievement of its strategic interests, it is necessary to evaluate the amount of relevant investments. However, unlike the authors of [7], let's believe that it is impractical to consider the absolute amount of costs for an informa tion system. Without taking into account the additional effect obtained from the use of this information system, such an amount will only reduce the financial result of the period in which it is incurred. In addition, the introduction of modern information systems at industrial enterprises is a largescale investment project, which will take se veral years to recoup. In this regard, the amount of such investments is not advisable to take into account when assessing the security of the current economic interests of the enterprise. Instead, it is more appropriate to take into account those expenses that are mainly systematic and arise in the current period.
Systematic costs associated with maintaining the func tioning of this information system at a high level and its development, which includes the costs of its maintenance, maintenance (including the cost of labor of the relevant IT specialists), modernization, if necessary, and the like. However, they should be taken into account in relation to a specific base by determining a certain coefficient. However, not all existing coefficients are considered ap propriate for use. In particular, let's consider the use of the profitability of the information system, in which net profit and expenses related to the functioning of the informa tion system to be related, to be insufficiently justified to assess the security of economic and information interests or its parts. This is explained by the fact that an increase in this profitability can be achieved by reducing costs associated with the content of the information system. However, such measures usually lead to an increase in the vulnerability of the latter and, as a result, a decrease in the overall level of security.
It should be noted that at Kryvbas mining and processing plants (except for the jointstock company Southern Mining and Processing Plant, Kryvyi Rih, Ukraine), automated SAP ERP systems are introduced, which are one of the most advanced not only in managing financial flows, but also in production and technological processes. Therefore, their use helps to increase the overall productivity of the enterprise, obviously. In this regard, let's propose to take into account the coefficient of labor productivity ratio in the current amount of expenses for maintaining the infor mation system at the proper level (ІТs) when assessing the deficiency of the ЕВТ indicator for the security of the information system. At the same time, the sum of such expenses should not be equal to zero: ІТs ≠ 0. If a situa tion does occur, then a conclusion is drawn about the danger in the enterprise information system. Otherwise, it is advisable to evaluate the value of the ratio of la bor productivity (LPr) to the current amount of expenses for maintaining the information system at the proper level (ІТs). As the limiting (minimum) value of this coef ficient (L(K ІТ )), let's establish its industry average value during the evaluation period. Provided that the obtained liminal values (L(K ІТ )) exceed the actual value of this coefficient (K ІТ a): L(K ІТ )>K ІТ a, it is necessary to establish the amount of shortage of the ЕВТ indicator according to the proposed formula: where ∆ЕВТ(K ІТ ) -the lack of the ЕВТ indicator by the ratio of labor productivity to the current cost of main taining the information system at the proper level, c. u.; K ІТ -the value of the ratio of labor productivity in the current amount of expenses for the maintenance of the information system at the proper level, h. In addition, one should take into account the fact that the authors of [10] point out that enterprises in the extractive industry, use less modern information systems compared to SAP ERP, annually lose 10 % of the profit ability of their activities. Therefore, for such enterprises, it is necessary to additionally determine the magnitude of the ЕВТ shortage obtained by using outdated information systems (∆ЕВТ(ІТ)): where ОСa -the actual amount of operating costs. The amount of shortage of the ЕВТ indicator for the security of the enterprise information system (ΔЕВТ(SEI)) will be determined by the expression: Due to the fact that it is proposed not to separately determine information for industrial enterprises, in par ticular for enterprises of the extractive industry, the total amount of shortage of the ЕВТ indicator for the safety of economic and information interests (ΔЕВТ(SEII)) is equal to the lack of an ЕВТ for information system security: In the future, it is necessary to assess the limiting value of the ЕВТ indicator for the safety of economic and information interests (EBT (SEII)l): where ЕВТa -the actual ЕВТ value, c. u. Let's offer the level of security of the economic and information interests of the enterprise (Р(SEII)) determi ned by the expression: Electronic copy available at: https://ssrn.com/abstract=3659039

Conclusions
The definition of security of economic and informa tion interests and its classification has been clarified. The methodology for assessing this type of security has been improved based on the ratio of the maximum amount of shortfalls in the profit of electronic computers resulting from the use of outdated information systems and insufficient funding to ensure the functioning of existing information systems in the limiting value of electronic computers. Ap plication of the developed concept expands the capabilities of managerial analytics, allowing more adequately assess the level of security of economic and information interests for making managerial decisions aimed at increasing it.