Information security as an object of risk-oriented management of sustainable business in the digital environment

Abstract

The article substantiates the conceptual foundations of risk-oriented information security management as a strategic tool for sustainable business development. It demonstrates the transformation of IS from a technical function into an economic category that determines the cyber resilience and competitiveness of enterprises in the digital economy. The aim of the work is to develop a model for integrating cyber risk management into the ESG (Environmental, Social, Governance) parameters system. Methods of system analysis, modelling and graphical interpretation are applied. The study systematises the main information security risks of digital business and demonstrates their impact on economic stability, business continuity and reputation capital. The interconnection between information security and ESG components is established, and the role of cybersecurity in strengthening corporate governance and building digital trust is substantiated. The main result is the development of an author's conceptual model for integrating risk-oriented information security management into the system of sustainable development of an enterprise. It is concluded that the implementation of a risk-oriented approach increases the cyber resilience of organisations and contributes to the formation of long-term competitive advantages in the digital economy.