The activities of any company or government agency are closely linked to the use of communications information networks, which are built using electronic technologies for the transmission, storage, processing, and use of corporate information [ 1-4 ]. The reliable functioning of these systems directly affects the economic activity and financial condition of the corporation [ 5-9 ]. Corporate governance along with financial risks should also take into account those related to the information systems use. Therefore, in order to manage the risks, the information of the accounting system should be consolidated and all events that cause losses should be consolidated, the probabilities of their occurrence, the risks of spreading, the ways of their prevention should be determined. This task is extremely important in modern corporate activity; its solution is of paramount importance. The corporate network information security management system (NISMS) is related to the various factors influence of activity of the network users and is the basis of economic stability and maintaining a high level of corporate security. To protect corporate information, especially confidential information, administrators need to make timely and informed management decisions while processing consolidated information about threats and network weaknesses [1016]. Consolidated corporate network security information allows you to obtain comprehensive network status information and effectively monitor events, identify attacks, faults and vulnerabilities, and isolate corporate information security threats. Based on the consolidated information, diagnostics, control and adaptation of information security management, direct security control are carried out. Adaptation of information security management is necessary to meet the desired results, despite changing corporate governance goals, technological conditions, or expanding corporate operations. Based on the consolidated information [ 1-2, 17-21 ], the network vulnerability assessment and prevention of possible intrusions are created, the corporate information security management strategy [ 3-4, 22-29 ] is adjusted accordingly, the methods and data protection methods are determined, and the appropriate decisions are made to identify hidden information threats. 2

The classification of functional elements of network security and the categorization of network security technologies of basic functional elements provide the basis for a structured approach to the study of heterogeneous technologies that are rapidly evolving [ 30-35 ]. An organized, hierarchical view is used to represent all traditional, modern and emerging network security technologies. Fig. 1 shows a structure that reflects an organized, hierarchical view of the technology of functioning of corporate communications information security systems [ 5-6 ]. In order to maintain such architecture, the corporate communications information security system should be operated using consolidated security resources that arise throughout the system to prevent network attacks from progressing. By collecting all the data from each security technology into a single consolidated resource, it is possible to identify the weaknesses of the security system and accordingly take timely measures to enhance the security of vulnerable sites and be able to predict events.

The resultant task of network security is to secure the application systems and information used at the input and generated at the output. As a result, you can identify the basic functional elements of a corporate network security that are necessary to build and operate a NISMS [ 36-42 ]:  Confidentiality,  Authentication,  Authorization,  The integrity of the message and the inability to opt out of authorship / receive the message [ 7-8 ].

These functional corporate network security elements are used in both hardware and software execution on network devices (switches, servers, etc.) within the path defined by the two endpoints of the communication connection (preferably a client PC or terminal and server) [ 9-10 ]. It is important to note that not all of these functional elements are always contained in separate elements of a corporate network security system. In addition, there are network security services that are difficult to attribute to these functional elements, but that work together with them to provide the desired network security capabilities [ 11-12 ]. The relevance of theme is due to the need for constant monitoring of network security and effective response to factors that disrupt the network [ 43-51 ]. For information security management, consolidation of data on threats that negatively affect the state of the network is a prerequisite for work. This approach provides an opportunity to solve management problems: forecasting damage from threats, identifying weak links of information protection and, accordingly, contributes to the creation of projects of management decisions to improve the protection system [ 52-59 ]. Consolidated threat accounting resources are created not only for operational and current management, but also for the purpose of making long-term decisions and predicting malicious actions of attackers. The aim of the work is to substantiate the theoretical concept of consolidation of data on threats of the corporate communication network and integration of the results into the information security management system based on the analysis of consolidated resources, effective planning, control and decision-making by the information security management system. To achieve the goal, the following tasks were set:  To identify threats to the network;  Determine the activities of the NISMS;  To carry out the consolidation of identified threats;  Assess the risks of proliferation and impact of threats;  Research of weak links of a network.

Consolidated information is obtained from multiple sources and systematically integrated multifaceted information resources, which are collectively endowed with the features of integrity, completeness, consistency and constitute an adequate information problem area model for its processing, analysis and effective use in decision support processes. A corporate communications network management system must have procedures in place to monitor and monitor the quality of its work. These procedures determine the compliance of the corporate network with the strategic plan of the corporation and the analysis of the impact of specific risks on its overall activity. In particular, they include checking the functions of electronic channels of information delivery, their compliance with the strategic plan of activity; the ability of electronic tools to process the intended amount of information [ 13-14 ].

The management system procedures determine whether the corporation's management and responsible units receive the information they need and examine the functioning of each electronic system implemented, analyze it, including:  Determining whether various aspects of the functioning of electronic systems are taken into account, including analysis of critical cases, failures;  Definition for each electronic system that cooperates with the main operating system of the corporation, databases their compatibility and security;  Verification of the accuracy and intelligence of scheduling software, calculations, etc. available through the communications network;  Determining whether a duplicate system is in place for users in the event that eservices systems do not operate for an extended period;  Check for the developed procedures existence for notification of the management of the management system in case of technical problems of the network;  Checking for the distribution of physical access to computer equipment, software, communications equipment and communication lines with clearly identified personnel, depending on their functions and positions within the corporation [ 10 ]. The organization of the corporation's activities must be tailored to the conditions of use of electronic means, so incompetence of management or imperfect technology used can affect the economic condition of the institution. Also, an existing organization of activities may not provide sufficient protection for sensitive electronic information. Existing procedures and procedures may not take into account the speed of transactions and the extended reach of electronic channels that transmit corporate information. Therefore, the management system includes: 1. Observation of operating procedures and procedures, which is to determine their suitability in the conditions of use of electronic channels of information transmission. Determines whether the applicable work organization procedures for the applicable personnel meet the requirements of implementation in new corporate products and services; how electronic technologies affect information transmission channels. A corporation must have a proper security system that includes the following elements:  Control access and protection of confidential information of clients;  The methods for determining the right of request of each participant in electronic data transmission systems;  Highlighting information that may be accessible to third parties. 2. Determination of the ability to improve procedures and procedures in accordance with the use of electronic technologies to ensure access and change of confidential information:  What information and how it is allowed to be transmitted to third parties;  Whether confidential information is part of contracts and agreements with third parties that are hired by the corporation. 3. Determining the existence of mandatory authorization procedures. The presence of protection of tracking and prevention of duplicate transactions in each electronic system is confirmed. The quality of client training regarding security and safety when using electronic corporate systems is checked. Periodically, according to the established schedule, the entire spectrum of transactional corporate capabilities is checked, the resources of activity of each segment of the secure corporate communication network are consolidated, the operational procedures and procedures for conducting transactions and compliance with the requirements of protection and security of corporate information [ 15 ].

Effective management of information security requires understanding of network attacks. As a rule, attacks are carried out in several steps.

The first is research or network intelligence. The attacker collects information about the use of the target database and documents, the availability of monitoring tools for the corporate network. Then the attacker tries to identify vulnerabilities in the hardware, software or organizational information security, continues additional research and looks for a tool that can disrupt the work. Attack detection systems classify scans as low threat because they do not harm servers or corporation activity. Scanning is a prerequisite for attacks. If the port is found open or unsecured, then the attacker usually goes into the pre-attack phase. Some services and applications are targets for attack. Despite the use of security technology, network administrators must address the challenge of protecting systems from malicious attacks and accidental failures. One method called intelligence is used by hackers to select networks and domains to search for targets. Intelligence allows a hacker to identify targets for attack or use them for attack [ 16 ]. 4

The assessment of the risks associated with a breach of protection must identify, quantify and decide on their prevention. The results should guide and determine the appropriate management action and the risk management priorities associated with the breach of information security, as well as the implementation priorities of the selected management tools, to protect against these risks. The risk assessment and management selection process can be performed several times to cover different parts of the organization or individual NISMS.

The risk assessment should include a systematic assessing the magnitude method for the risks (risk analysis) and a process of comparing the predicted risks against the risk criteria in order to determine the significance of the risks. Risk assessments should also be undertaken periodically to take account of changes in security requirements and risk situations, such as assets, threats, weaknesses, negative impacts, risk assessment, and when significant changes occur. These risk assessments should be carried out in a methodological manner capable of producing comparisons and reproducible results. The assessment of risks associated with a breach of information security should have a clearly defined scope in order to be effective, and should include a linkage to risk assessments in other areas, where appropriate. In accordance with the requirements of ISO / IEC 27002: 2007, which defines the basic directions and general principles of development, implementation, support and improvement of management of information security of the organization, we will present the diagram of analysis of threats to the corporation network (Fig. 2) for their consolidation and definition information security management strategies (Fig. 3). Monitoring the use of corporate electronic information systems, in particular their technical components, is an extremely important factor in ensuring the reliability and efficiency of modern corporation activities. Electronic systems monitoring data, consolidation of primary data in the areas we define is one of the main sources of information for management decisions and risk management programs in corporate activities. The source [ 13 ] presents the stages of risk analysis and forecasting:

In the general case, the average over a certain period of time the combined risk of a dangerous event A can be calculated by the formula:

R(A)=P(A)Y(A), (1) where P(A) is a statistical probability of event A (or event risk), Y(A) is a one-time loss is possible (or, if P(A) = 1, cost risk). In turn, the event risk is equal: P( A)  v(t ) T , where v(t) is the number of occurrences of events of А over time t; Т is the observation period. where Mt is a number of affected elements, Ma is a total number of items, the total number of items that were in the affected area. Then a possible one-time loss Y(A) can be determined by the following formula: where Yn(A) is a conditional total loss, which is numerically equal to the number or value of all elements of the computer technology (or all elements that are in the area of damage). Thus, taking into account expression (2) and (4), formula (1) becomes: That is, the physical content of R(A) is the number or cost of risk during the element study period. We introduce a new characteristic - the degree of vulnerability to the impact of event А: This is a general formula for calculating risk. When considering the partial risks inherent in a particular type of network threat element (viruses, malware, trojans, C y ( A) 

M t ,

M a

Y ( A)  C y ( A)Yn ( A) , R( A)  v(t) T |A C y ( A)Yn ( A) . (2) (3) (4) (5) worms), the necessary modifications should be made. Then this formula looks like this: v(t)

T R f ( A)  |A P(H )Cc ( A)H , (6) where R f ( A) is a partial risk, Р(Н) is a probability of being of elements of a certain type in the affected area, Н is their number, Cc ( A) is a degree of affection of this group of elements. 5

Consolidation of network threats was carried out at ISN department. The study period covers 18 days. The network consists of 3 computers on which 5 software products are installed. During the study, the following threats were identified:  18 computers (network 5);  unauthorized access to information - 3;  malicious intent or mistakes of staff - 5;  external threats - 2.

A program for assessing the risks of threats (Fig. 4) was written, using formulas 1-6.  Four events (problems) were investigated:  Event I (technique) - failure, malfunctions, failures;  Event II (Interception / access to information) - Interception of information or obtained in a sociotechnical way;  Event III (malicious intent of the staff) - intentional or incorrect handling of information;  Event IV (technogenic threat) is a negative impact of the environment. The results are listed in the table (Fig. 4), where R is the average risk of an event; C is a degree of damage to the network elements; Ro is simultaneous losses; Ca is a partial degree of equipment damage; Cp is a partial degree of software vulnerability; Ra is a partial risk of an event for the hardware; Rp is a partial risk from event for the software.

As a result of calculations by formulas (1-6) the following results are obtained: 1. Average risks: (a) I event = 3.18 (b) II event = 0.54 (c) 3rd event = 0.9 (d) IV event = 0.36 2. Degree of involvement: (a) I event = 1.06 (b) II event = 0.18 (c) 3rd event = 0.3 (d) IV event = 0.12 3. One-time losses: (a) I event = 3.3708 (b) II event = 0.0972 (c) 3rd event = 0.27 (d) IV event = 0.0432 4. Combined losses = 3.7812 5. Combined average loss = 4.98 6. Partial degree of involvement 1 AZ = 0,265  Partial severity of 1 software = 0.265  Partial risk 1 AZ = 0.210675  Partial risk 1 software = 1.053375

7. Partial severity of 2 AZ = 0,09  Partial severity of 2 software = 0.09  Partial risk 2 AZ = 0.0243  Partial risk 2 software = 0.1221

8. Partial severity of 3 AZ = 0.3  Partial severity of 3 software = 0.3  Partial risk 3 AZ = 0.27  Partial risk 3 software = 1.35

9. Partial degree of involvement 4 AZ = 0,12  Partial severity of 4 software = 0.12  Partial risk 4 AZ = 0.0432  Partial risk 4 software = 0.216 10. Total risk = 3.28905 For certain risks, it is noticeable that the level of protection of the ISN department network is insufficient and the greatest threat to the network is the event I. Therefore, let us investigate in this aspect the threat using the system of finding logical rules. WithWhy (Demo, which has a limit on the number of records only), we derive logical rules based on the consolidated data about detected threats of event I (Fig. 4). We use the following rules, which revealed deficiencies in the security system, namely the distribution of access to the local network and the Internet in software products, which overloaded the operating system and spread viruses:

The information security management system aims to counter attacks from the outside and promote secure communication within the organization as well as beyond. The essence of the management system includes the need to consolidate information about the state of the computer system and effective ways of its use, and therefore the main task of the information security management system is the ability to solve problems with consideration of a number of specific limitations of the corporation, as well as to quickly and correctly diagnose and best troubleshoot systems.

It should be remembered that any measures taken to protect the information should not cost more than the information itself. Setting up physically isolated secure communication channels for secure information exchange between remote nodes is an extremely expensive and not always justifiable measure. Therefore, consolidated information resources on the state of corporate communications are the basis for the information security management system. 6

In order to coordinate the NISMS to address the problems of weak links in the communication network, it is necessary to distinguish from the general system of threats consolidation as an integral part of information security, which is the basis for preparing the necessary information for acquiring new knowledge. An important way to improve network security is to assess the risks of threats that are generated by consolidated threat resources. Using this approach creates the prerequisites for making optimal decisions at the SMIB planning stage and improving it. In order to organize the totality of threats according to the ISMS objectives, it is advisable to use consolidated resources, which forms the methodological basis of ISMS and allows obtaining the necessary information to solve specific problems. Quite often, security personnel are responsible for monitoring and analyzing the data presented in one system. Security personnel only periodically review the data and do not report in a timely manner the results of the analysis of the security management reports to all concerned.