Abstract

Usage of information technologies in service and trade industry is increasing daily which is accompanied by information leakage risks. Information security system can prevent threats from employee’s lack of skills and detect vulnerabilities on early stages. To implement information security system, general steps are to build conceptual model of the subject area, build a semantic network to follow decision making process, adept current situation in company to ISO 27001 requirements and choose information system to atomize business processes. EPC diagram given in this paper shows the steps that service and trade companies can follow to get ISO 27001 certificate. The article describes such security information and event management systems as IBM QRadar security intelligence platform, Splunk Enterprise Security and RSA NetWitness Suite. The results of the research show how implementation of information security policy impact company’s indicators and reputation. Cyber security system’s implementation can lead to low expenses caused by interruption in service or data leakage, increased reliability and security of systems and improved business processes’ optimization.