Moscow, Moscow, Russian Federation
VAK Russia 5.2.1
VAK Russia 5.2.3
VAK Russia 5.2.4
VAK Russia 5.2.5
VAK Russia 5.2.6
VAK Russia 5.2.7
UDC 33
CSCSTI 06.81
Russian Classification of Professions by Education 10.00.00
Russian Classification of Professions by Education 38.00.00
Russian Library and Bibliographic Classification 1
Russian Trade and Bibliographic Classification 7
The article provides a comprehensive analysis of the problem of information security as a dynamic system covering all key stages of the information lifecycle: receipt, storage, transmission and processing. The work goes beyond a theoretical review, offering a structured methodology for risk assessment and management. Special attention is paid to the interrelationship of technical, organizational, managerial and legal aspects of protecting information assets in the context of digitalization. The study presents an original analytical model for quantifying the risks and cost-effectiveness of implemented protective measures. A concrete example with calculations, tables, and diagrams demonstrates the process of threat analysis, calculating potential damage, and justifying investments in information security systems. The results of the work allow us to formulate practical recommendations for building a balanced and economically feasible security system adapted to modern challenges. Using the example of Sberbank, the effectiveness of an integrated risk-based approach has been demonstrated, in which an end-to-end protection loop embedded in the data lifecycle ensures business sustainability in the face of digitalization and geopolitical instability. The study proves that investments in information security for the largest backbone bank are not costs, but a strategic asset that generates measurable economic benefits through damage prevention, operational efficiency and strengthening market confidence. The analysis revealed that the key driver of the return on investment in information security is the balance between the automation of basic processes, the development of a safety culture of personnel and the strategic costs of ensuring technological sovereignty and protection from future threats. The developed quantitative model of risk assessment and cost-effectiveness of protection measures confirms that a mature information security system transforms cyber risks from a source of potential catastrophic losses into a manageable factor of long-term sustainability and competitive advantage of the organization.
HR outsourcing, human resources management, economic efficiency, Aeroflot, vendor management
1. Federal Law of the Russian Federation "On Personal Data" dated 27.07.2006 No. 152-FZ (as amended).
2. The Information Security Doctrine of the Russian Federation : approved by By Decree of the President of the Russian Federation dated 05.12.2016 No. 646.
3. Averchenkov V. I. Network technologies and information security. Moscow : Infra—M, 2021. 312 p.
4. Bobrova, E. M. Internal and external control of an enterprise as elements of economic security on the example of PJSC Gazprom and PJSC Sberbank / E. M. Bobrova, E. V. Guryanova // Alley of Science. – 2017. – Vol. 1, No. 10. – pp. 513-515.
5. Vikharev A. A. Information risk management in an organization. — St. Petersburg : Peter, 2021. — 304 p.
6. Gunter, I. N. Problems of information security of a commercial bank in modern conditions / I. N. Gunter, Z. I. Dahova, E. G. Serova. Belgorod : Epicenter, 2025. 174 p. ISBN 978-5-605-45195-2.
7. Kamardina, A. I. Information technologies in Russian banks and data security / A. I. Kamardina, A. Y. Piskareva // Vector of Economics. – 2024. – № 2(92).
8. Karaeva, Yu. A. Ways to protect information in Sberbank / Yu. A. Karaeva, N. Yu. Saibel // Actual issues of modern economics. – 2021. – No. 2. – pp. 199-207. – DOIhttps://doi.org/10.34755/IROK.2021.94.95.026.
9. Kormakov A.V. Information security: theory and practice. Moscow : Yurait, 2022. 256 p.
10. Kuvaldina, T. B. Information security in banks / T. B. Kuvaldina, A. A. Sribnaya // Siberian Financial School. – 2025. – № 1(157). – Pp. 36-43. – DOIhttps://doi.org/10.34020/1993-4386-2025-1-36-43.
11. Levshin, M. A. Information technologies in Russian banks and data security / M. A. Levshin // Vector of Economics. – 2020. – № 12(54). – P. 65.
12. Markova, O. M. Digital sovereignty and ensuring information security of banks / O. M. Markova // Innovation and investment. – 2025. – No. 6. – pp. 494-497.
13. Stolbov V. I. Information protection in corporate systems. — M. : Finance and Statistics, 2020. — 280 p.
14. Sberbank's digital ecosystem:the main components and development trends / A. Yu. Koenig, K. D. Bychenkov, J. A. Tupikina, N. V. Grogulenko // Eurasian Law Journal. – 2021. – № 12(163). – Pp. 502-503.
15. Khusainova, E. A. Information security in banks / E. A. Khusainova, N. A. Serkina // Natural sciences and humanities research. – 2025. – № 1(57). – Pp. 408-411.
16. Using Cognitive Technologies to Ensure the Information Security of Banks in the Conditions of Digital Transformation and Development of Biometrical Identification / B. M. Fedorov, S. V. Fedorova, H. Zhang, N. A. Mamedova // WSEAS Transactions on Business and Economics. – 2023. – Vol. 20. – P. 382-387. – DOIhttps://doi.org/10.37394/23207.2023.20.35.
