International Scientific Journals
of Scientific Technical Union of Mechanical Engineering "Industry 4.0"

In recent years, information security and data protection have become key factors in ensuring the stability, trust, and continuity of operations in any organization. With the expansion of the process of digitalization and the increasing dependance on information technologies, the need for reliable mechanisms to protect data and prevent cyber threats becomes ever more critical. Security breaches lead not only to significant financial losses but also to serious damage to an organization’s reputation and the trust of its business partners. This paper describes the processes involved in building an effectively functioning information security system and outlines the key aspects of developing an information security policy. The presentation examines the fundamental principles, approaches, and technologies that ensure the integrity, confidentiality, and availability of information. Emphasis is placed on risk analysis, vulnerability assessment, and the implementation of adequate protection measures tailored to the specific organizational structure and its resources.

Many of the devices in the IoT group process personal information or information enabling profiling or revealing the identity of natural persons. Naturally, the question of the security of this information and compliance with the legal requirements for the protection of the personal data of natural persons and their inviolability arises. The study defined the main issues related to the protection of personal data, identified threats and risks to the security and privacy of information processed by IoT devices.