In the article the problem of identification and evaluation of personnel exposure of information security is considered. The developed method of identification of personnel exposure of company information security on the basis of personal competence of its employees is presented. The mathematical model of evaluation of personnel exposure of information security is developed.

information security, personnel security, personnel exposure, competence, evaluation of personnel, risk management

1. Astahov, A.M. Iskusstvo upravleniya informacionnymi riskami. – M.: DMK Press, 2010. – 312 s.
2. GOST R ISO/MEHK 31010–2011. Menedzhment riska. Metody ocenki riska (Risk management. Risk assessment methods). Data vvedeniya v dejstvie: 01.12.2012. – M., 2012.
3. Standart CB RF STO BR IBBS-1.0-2010. Obespechenie informacionnoj bezopasnosti organizacij bankovskoj sistemy RF. Obshchie polozheniya. – M., 2010.
4. Standart CB RF STO BR IBBS-1.2-2010. Obespechenie informacionnoj bezopasnosti organizacij bankovskoj sistemy RF. Metodika ocenki sootvetstviya informacionnoj bezopasnosti organizacij bankovskoj sistemy Rossijskoj Federacii trebovaniyam STO BR IBBS-1.0. – M., 2010.
5. ISO/IEC 27001:2005/BS 7799-2:2005. Information technology. Security techniques. Information security management systems. Requirements – Informacionnye tekhnologii. Metody obespecheniya bezopasnosti. Sistemy upravleniya informacionnoj bezopasnost'yu. Trebovaniya. – M., 2005.
6. ISO/IEC 27002:2005, BS 7799-1:2005,BS ISO/IEC 17799:2005. Information technology. Security techniques. Code of practice for information security management – Informacionnye tekhnologii. Metody obespecheniya bezopasnosti. Prakticheskie pravila upravleniya informacionnoj bezopasnost'yu. – M., 2005.
7. HOGAN. – http://www.hoganassessments.com

Bulletin of the South Ural State University. Ser. Computer Technologies, Automatic Control, Radio Electronics, 2013, vol. 13, no. 1, pp. 79-83. (in Russ.) (The main)