Software and hardware means of protection against unauthorized access include measures of identification, authentication and access control to the information system.

Identification is the assignment of unique identifiers to access subjects.

This includes radio frequency tags, biometric technologies, magnetic cards, universal magnetic keys, logins for entering the system, etc.

Authentication - verification of the ownership of the access subject to the presented identifier and confirmation of its authenticity.

Authentication procedures include passwords, pin codes, smart cards, usb keys, digital signatures, session keys, etc. The procedural part of the means of identification and authentication is interconnected and, in fact, represents basic framework all software and hardware information security, since all other services are designed to serve specific subjects correctly recognized by the information system. In general terms, identification allows the subject to identify himself to the information system, and with the help of authentication, the information system confirms that the subject is really who he claims to be. Based on the passage of this operation, an operation is performed to provide access to the information system. Access control procedures allow authorized entities to perform actions permitted by the regulations, and the information system to control these actions for the correctness and correctness of the result obtained. Access control allows the system to hide from users data to which they do not have access.

The next means of software and hardware protection is logging and auditing of information.

Logging includes the collection, accumulation and storage of information about events, actions, results that took place during the operation of the information system, individual users, processes and all software and hardware that are part of the enterprise information system.

Since each component of the information system has a predetermined set of possible events in accordance with the programmed classifiers, the events, actions and results are divided into:

• external, caused by the actions of other components,
• internal, caused by the actions of the component itself,
• client, caused by the actions of users and administrators.

Information audit consists in carrying out operational analysis in real time or in a given period.

Based on the results of the analysis, either a report is generated on the events that have taken place, or an automatic response to an emergency situation is initiated.

The implementation of logging and auditing solves the following tasks:

• ensuring accountability of users and administrators;
• enabling the reconstruction of the sequence of events;
• detection of attempts to violate information security;
• providing information to identify and analyze problems.

Often, information protection is impossible without the use of cryptographic tools. They are used to provide encryption, integrity and authentication services when the means of authentication are stored in encrypted form by the user. There are two main encryption methods: symmetric and asymmetric.

Integrity control allows you to establish the authenticity and identity of an object, which is a data array, individual portions of data, a data source, and also to ensure the impossibility of marking the action performed in the system with an array of information. The implementation of integrity control is based on data conversion technologies using encryption and digital certificates.

Another important aspect is the use of shielding, a technology that allows, by delimiting the access of subjects to information resources, to control all information flows between the enterprise information system and external objects, data arrays, subjects and counter-subjects. Flow control consists in filtering them and, if necessary, transforming the transmitted information.

The task of shielding is to protect internal information from potentially hostile external factors and actors. The main form of shielding implementation is firewalls or firewalls of various types and architectures.

Since one of the signs of information security is the availability of information resources, ensuring a high level of availability is an important direction in the implementation of software and hardware measures. In particular, two areas are divided: ensuring fault tolerance, i.e. failover of the system, the ability to work when errors occur, and the provision of safe and fast recovery from failures, i.e. serviceability of the system.

The main requirement for information systems is that they always work with a given efficiency, minimum downtime and response speed.

In accordance with this, the availability of information resources is ensured by:

• the use of a structural architecture, which means that individual modules can be disabled or quickly replaced if necessary without affecting other elements of the information system;
• ensuring fault tolerance due to: the use of autonomous elements of the supporting infrastructure, the introduction of excess capacity in the configuration of software and hardware, hardware redundancy, replication of information resources within the system, data backup, etc.
• ensuring maintainability by reducing the time for diagnosing and eliminating failures and their consequences.

Another type of information security means is secure communication channels.

The functioning of information systems is inevitably associated with the transfer of data, therefore, it is also necessary for enterprises to ensure the protection of transmitted information resources using secure communication channels. The possibility of unauthorized access to data during the transmission of traffic through open communication channels is due to their general availability. Since "communications throughout their entire length cannot be physically protected, therefore it is better to initially proceed from the assumption of their vulnerability and provide protection accordingly" . For this, tunneling technologies are used, the essence of which is to encapsulate data, i.e. pack or wrap the transmitted data packets, including all service attributes, in their own envelopes. Accordingly, the tunnel is a secure connection through open communication channels, through which cryptographically protected data packets are transmitted. Tunneling is used to ensure traffic confidentiality by hiding service information and ensuring the confidentiality and integrity of transmitted data when used together with cryptographic elements of an information system. The combination of tunneling and encryption makes it possible to implement a virtual private network. At the same time, the endpoints of tunnels that implement virtual private networks are firewalls that serve the connection of organizations to external networks.

Firewalls as points of implementation of virtual private networks service

Thus, tunneling and encryption are additional transformations performed in the process of filtering network traffic along with address translation. Tunnel ends, in addition to corporate firewalls, can be personal and mobile computers employees, more precisely, their personal firewalls and firewalls. Thanks to this approach, the functioning of secure communication channels is ensured.

Information security procedures

Information security procedures are usually divided into administrative and organizational levels.

• Administrative procedures include general actions taken by the organization's management to regulate all work, actions, operations in the field of ensuring and maintaining information security, implemented by allocating the necessary resources and monitoring the effectiveness of the measures taken.
• The organizational level represents the procedures for ensuring information security, including personnel management, physical protection, maintaining the health of the software and hardware infrastructure, promptly eliminating security breaches and planning recovery work.

On the other hand, the distinction between administrative and organizational procedures is meaningless, since the procedures of one level cannot exist separately from another level, thereby violating the relationship between physical level protection, personal and organizational protection in the concept of information security. In practice, while ensuring information security, organizations do not neglect administrative or organizational procedures, therefore it is more logical to consider them as an integrated approach, since both levels affect the physical, organizational and personal levels of information protection.

The basis of complex procedures for ensuring information security is the security policy.

Information security policy

Information security policy in an organization, it is a set of documented decisions made by the management of the organization and aimed at protecting information and its associated resources.

In organizational and managerial terms, the information security policy can be a single document or drawn up in the form of several independent documents or orders, but in any case it should cover the following aspects of protecting the organization's information system:

• protection of information system objects, information resources and direct operations with them;
• protection of all operations related to the processing of information in the system, including processing software;
• protection of communication channels, including wired, radio channels, infrared, hardware, etc.;
• protection of the hardware complex from side electromagnetic radiation;
• management of the security system, including maintenance, upgrades and administrative actions.

Each of the aspects should be described in detail and documented in the internal documents of the organization. Internal documents cover three levels of the protection process: upper, middle and lower.

Top-level information security policy documents reflect the organization's basic approach to protecting its own information and compliance with national and/or international standards. In practice, there is only one top-level document in an organization, entitled "Information Security Concept", "Information Security Regulation", etc. Formally, these documents are not of confidential value, their distribution is not limited, but they can be issued in an edition for internal use and open publication.

The middle-level documents are strictly confidential and relate to specific aspects of the information security of the organization: the means of information protection used, the security of databases, communications, cryptographic tools and other information and economic processes of the organization. Documentation is implemented in the form of internal technical and organizational standards.

Documents of the lower level are divided into two types: work regulations and operating instructions. The work regulations are strictly confidential and are intended only for persons who, on duty, carry out work on the administration of individual information security services. Operating instructions can be either confidential or public; they are intended for the organization's personnel and describe the procedure for working with individual elements of the organization's information system.

World experience shows that the information security policy is always documented only in large companies that have a developed information system that imposes increased requirements for information security, medium-sized enterprises most often have only a partially documented information security policy, and small organizations in the vast majority do not care at all about documenting the security policy. Regardless of whether the documentation format is holistic or distributed, the basic aspect is the security mode.

There are two different approaches that form the basis information security policy:

1. "Everything that is not forbidden is allowed."
2. "Everything that is not allowed is prohibited."

The fundamental defect of the first approach is that in practice it is impossible to foresee all dangerous cases and prohibit them. Without a doubt, only the second approach should be used.

Organizational level of information security

From the point of view of information security, organizational procedures for ensuring information security are presented as "regulation of production activities and relationships between performers on a legal basis that excludes or significantly hinders the misappropriation of confidential information and the manifestation of internal and external threats" .

Personnel management measures aimed at organizing work with personnel in order to ensure information security include the separation of duties and the minimization of privileges. The division of duties prescribes such a distribution of competencies and areas of responsibility, in which one person is not able to disrupt a process that is critical to the organization. This reduces the chance of errors and abuse. Privilege minimization dictates that users be given only the level of access that is appropriate for their job function. This reduces the damage from accidental or intentional incorrect actions.

Physical protection means the design and implementation of measures for the direct protection of buildings that house informational resources organizations, adjacent territories, infrastructure elements, computer science, data carriers and hardware communication channels. These include physical access control, fire protection, supporting infrastructure protection, eavesdropping protection, and mobile system protection.

Maintaining the health of the software and hardware infrastructure is to prevent stochastic errors that threaten to damage the hardware complex, disrupt programs and lose data. The main directions in this aspect are to provide user and software support, configuration management, backup, media management, documentation and preventive maintenance.

Rapid resolution of security breaches has three main objectives:

1. Incident localization and damage reduction;
2. Identification of the offender;
3. Prevention of repeated violations.

Finally, recovery planning allows you to prepare for accidents, reduce damage from them and maintain at least a minimal amount of ability to function.

The use of software and hardware and secure communication channels should be implemented in the organization on the basis of an integrated approach to the development and approval of all administrative and organizational regulatory procedures for ensuring information security. Otherwise, the adoption of separate measures does not guarantee the protection of information, and often, on the contrary, provokes leaks of confidential information, loss of critical data, damage to the hardware infrastructure and disruption of the software components of the organization's information system.

Information security methods

Modern enterprises are characterized by a distributed information system that allows you to take into account the distributed offices and warehouses of the company, financial accounting and management control, information from the customer base, taking into account the selection of indicators, and so on. Thus, the array of data is very significant, and the vast majority of it is information that is of priority importance for the company in commercial and economic terms. In fact, ensuring the confidentiality of data that has commercial value is one of the main tasks of ensuring information security in the company.

Ensuring information security at the enterprise should be regulated by the following documents:

1. Information security regulation. It includes the formulation of goals and objectives for ensuring information security, a list of internal regulations on information security tools and a regulation on the administration of a company's distributed information system. Access to the regulations is limited to the management of the organization and the head of the automation department.
2. Regulations for the technical support of information protection. Documents are confidential, access is limited to employees of the automation department and higher management.
3. Regulations for the administration of a distributed information protection system. Access to the regulations is limited to employees of the automation department responsible for administering the information system and senior management.

At the same time, these documents should not be limited, but the lower levels should also be worked out. Otherwise, if the enterprise does not have other documents related to information security, this will indicate an insufficient degree of administrative information security, since there are no lower-level documents, in particular, instructions for operating individual elements of the information system.

Mandatory organizational procedures include:

• the main measures to differentiate personnel by the level of access to information resources,
• physical protection of the company's offices from direct penetration and threats of destruction, loss or interception of data,
• maintaining the functionality of the hardware and software infrastructure is organized in the form of automated backup, remote verification of storage media, user and software support is provided upon request.

This should also include regulated measures to respond to and eliminate cases of information security violations.

In practice, it is often observed that enterprises are not sufficiently attentive to this issue. All actions in this direction are carried out exclusively in working order, which increases the time for eliminating cases of violations and does not guarantee the prevention of repeated violations of information security. In addition, the practice of planning actions to eliminate the consequences after accidents, information leaks, data loss and critical situations is completely absent. All this significantly worsens the information security of the enterprise.

At the level of software and hardware, a three-level information security system should be implemented.

Minimum criteria for ensuring information security:

1. Access control module:

• a closed entrance to the information system has been implemented, it is impossible to enter the system outside of verified workplaces;
• access with limited functionality from mobile personal computers was implemented for employees;
• authorization is carried out according to logins and passwords formed by administrators.

2. Encryption and integrity control module:

• an asymmetric encryption method for transmitted data is used;
• arrays of critical data are stored in databases in encrypted form, which does not allow access to them even if the company's information system is hacked;
• integrity control is provided by a simple digital signature of all information resources stored, processed or transmitted within the information system.

3. Shielding module:

• implemented a filter system in firewalls, which allows you to control all information flows through communication channels;
• external connections to global information resources and public communication channels can only be made through a limited set of verified workstations that have a limited connection to the corporate information system;
• secure access from employees' workplaces to perform their official duties is implemented through a two-level system of proxy servers.

Finally, with the help of tunneling technologies, the enterprise must implement a virtual private network in accordance with the typical construction model to provide secure communication channels between different departments of the company, partners and customers of the company.

Despite the fact that communications are directly carried out over networks with potentially low level trust, tunneling technologies, thanks to the use of cryptographic tools, ensure reliable protection of all transmitted data.

conclusions

The main goal of all measures taken in the field of information security is to protect the interests of the enterprise, one way or another related to the information resources that it has. Although the interests of enterprises are not limited to a specific area, they all center around the availability, integrity and confidentiality of information.

The problem of ensuring information security is explained by two main reasons.

1. The information resources accumulated by the enterprise are valuable.
2. Critical dependence on information technologies causes their wide application.

Given the wide variety of existing threats to information security, such as the destruction of important information, unauthorized use of confidential data, interruptions in the operation of the enterprise due to violations of the information system, we can conclude that all this objectively leads to large material losses.

In ensuring information security, a significant role is played by software and hardware tools aimed at controlling computer entities, i.e. hardware, software elements, data, forming the last and highest priority frontier of information security. The transmission of data must also be secure in the context of maintaining its confidentiality, integrity and availability. Therefore, in modern conditions, tunneling technologies are used in combination with cryptographic means to provide secure communication channels.

Literature

1. Galatenko V.A. Information security standards. - M.: Internet University of Information Technologies, 2006.
2. Partyka T.L., Popov I.I. Information Security. – M.: Forum, 2012.

Information plays a special role in the development of civilization. The possession of information resources and their rational use create the conditions for optimal management of society. And vice versa, the distortion of information, blocking its receipt, the use of unreliable data lead to erroneous decisions.

One of the main factors ensuring efficiency in the management of various spheres of public life is the correct use of information of a different nature. The pace of progress today, and even more so tomorrow, largely depends on the state of affairs in the field of information and computing services for the most important areas of activity - science, technology, production and management.

Particularly relevant is the problem of using economic information in the field of material production management, where the growth of the information flow is in quadratic dependence on the industrial potential of the country. In its turn, fast development automation processes, the use of computers in all spheres of modern life, in addition to the undoubted advantages, led to the emergence of a number of specific problems. One of them is the need to ensure effective information protection. Based on this, the creation of legal norms that fix the rights and obligations of citizens, collectives and the state to information, as well as the protection of this information, become the most important aspect. information policy states. Information security, especially in the economic sphere, is a very specific and important activity. Suffice it to say that in the world the average amount of damage from one bank theft using electronic means is estimated at $9,000. Annual losses from computer crimes in the United States and Western Europe reach $140 billion. computer networks will lead to the ruin of 20% of medium-sized companies within a few hours, 40% of medium-sized and 16% large companies will fail in a few days, 33% of banks will fail in 2–5 hours, 50% of banks in 2–3 days.

Of interest is information about data protection problems that led to material losses in US companies:

network outages (24%);

software errors (14%);

computer viruses (12%);

malfunctions in computers (11%);

data theft (7%);

sabotage (5%);

unauthorized introduction into the network (4%);

others (23%).

The rapid development and spread of computer systems and information networks, serving banks and exchanges, is accompanied by an increase in offenses related to theft and unauthorized access to data stored in computer memory and transmitted over communication lines.

Computer crimes occur today in all countries of the world and are common in many areas of human activity. They are characterized by high secrecy, the difficulty of collecting evidence on the established facts of their commission and the difficulty of proving such cases in court. Offenses in the field of computer information can be committed in the form of:

fraud by computer manipulation of the data processing system in order to obtain financial gain;

computer espionage and software theft;

computer sabotage;

theft of services (time), misuse of data processing systems;

illegal access to data processing systems and "hacking" them;

traditional crimes in the field of business (economy) committed with the help of data processing systems.

Computer crimes are committed, as a rule, by highly qualified system and bank programmers, specialists in the field of telecommunication systems. A serious threat to information resources is hackers And crackers, penetrating computer systems and networks by hacking security software. Crackers, moreover, can delete or change the data in the information bank in accordance with their interests. Over the past decades, a powerful generation of highly trained potential hackers has appeared in the countries of the former USSR, who worked in organizations and departments engaged in information piracy at the state level in order to use information received from the West in military and economic interests.

What do hackers steal? A potential object can be any information embedded in a computer, passing through computer networks or located on computer media and capable of bringing profit to a hacker or his employer. This information includes almost all information constituting the commercial secret of firms, ranging from developments and know-how to payrolls, from which it is easy to "calculate" the company's turnover, the number of employees, etc.

Of particular value is information on banking transactions and loans, carried out by e-mail, as well as transactions on the stock exchange. Of great interest to hackers are software products that are valued on the modern market in thousands or even millions of dollars.

Crackers - "computer terrorists" - are engaged in damaging programs or information using viruses - special programs that ensure the destruction of information or failures in the system. The creation of "viral" programs is a very profitable business, as some manufacturers use viruses to protect their software products from unauthorized copying.

For many firms, obtaining information through the introduction of a hacker-programmer to competitors is the most simple and profitable business. Introducing special equipment to rivals, constantly monitoring their office for radiation with the help of special equipment is an expensive and dangerous business. In addition, a competing firm, upon detection of technical means, can start a game in response, giving false information. Therefore, your own hacker-programmer in the “enemy camp” is the most reliable way fight against competitors.

Thus, the ever-increasing danger of computer crime, primarily in the financial and credit sphere, determines the importance of ensuring the security of automated information systems.

Under The security of an automated information system of an organization (institution) is understood as its protection from accidental or deliberate interference in the normal functioning process, as well as from attempts to steal, modify or destroy its components. System security is achieved by ensuring the confidentiality of information processed by it, as well as the integrity and availability of system components and resources.

Confidentiality of computer information - this property of information to be known only to admitted and verified (authorized) subjects of the system (users, programs, processes, etc.).

Integrity component (resource) of the system - the property of the component (resource) to be unchanged (in the semantic sense) during the functioning of the system.

Availability component (resource) of the system - the property of the component (resource) to be available for use by authorized subjects of the system at any time.

System security is ensured by a set of technological and administrative measures applied to hardware, programs, data and services in order to ensure the availability, integrity and confidentiality of computer-related resources; this also includes procedures for checking that the system performs certain functions in strict accordance with their planned work order.

The system security system can be divided into the following subsystems:

computer security;

data security;

secure software;

communications security.

Computer security is provided by a set of technological and administrative measures applied to computer hardware in order to ensure the availability, integrity and confidentiality of resources associated with it.

Data security is achieved by protecting data from unauthorized, accidental, intentional or negligent modification, destruction or disclosure.

Safe Software is a general-purpose and application programs and tools that perform secure data processing in the system and safely use system resources.

Communication security It is provided through telecommunications authentication by taking measures to prevent the provision of critical information to unauthorized persons, which can be issued by the system in response to a telecommunications request.

TO information security objects in an enterprise (firm) include:

information resources containing information classified as commercial secrets, and confidential information, presented in the form of documented information arrays and databases;

informatization tools and systems - computer and organizational equipment, networks and systems, general system and application software, automated enterprise (office) management systems, communication and data transmission systems, technical means for collecting, registering, transmitting, processing and displaying information, as well as their informative physical fields.

In the modern world, information resources have become one of the powerful levers for the economic development of enterprises (firms) that play an important role in entrepreneurial activity. Moreover, the lack of effective computer and modern information technologies in the sphere of domestic business, which are the basis for the functioning of "fast" economies, significantly slows down the transition to new forms of management.

In information and automated management systems for an enterprise (firm), the foreground is to ensure an effective solution to the problems of marketing management, i.e., the tasks of accounting and analyzing contracts and contacts of an enterprise (firm), searching for business partners, organizing advertising campaigns for promoting goods, providing intermediary services, developing a market penetration strategy, etc.

Without the support of various political, commercial and official power structures, it is usually possible to carry out any serious operation qualitatively only by hiding one's true activity (“illegal deeds”) and one's true face (“illegal persons”).

This applies both to an amateur individual and to an informal grouping specially created to solve some delicate tasks that do not enjoy universal approval.

The same problem arises when, for some reason, a person needs to hide from various services of a commercial, state, criminal, political kind.

You can become a typical illegal immigrant both intentionally and involuntarily. In any case, however, it is necessary to know at least a minimum of standard security tactics in order to successfully slip through this period without losing physical or mental freedom, and sometimes life itself, due to sheer stupidity.

The level of insurance measures used depends strongly both on the degree of desired secrecy of a person (or group), and on the situation, environment and, of course, on the capabilities of the insured themselves.

Separate personal safety techniques should become a natural habit and be performed regardless of the needs of the momentary situation.

What is presented here is not exhaustive. possible means ordinary insurance, the criterion for the application of which is always a high opinion of the enemy and, of course, the common sense of the insurers themselves.

The following types of security are typical:

External (during communication with outsiders);

Internal (when contacting in one's environment and group);

Local (in various situations and actions).

Let's consider all this in a little more detail.

External Security

Various troubles can arise when communicating with ordinary people and government agencies, but a lot here can be foreseen and avoided using the banal principle of three “not”: do not annoy, do not get involved, do not stand out.

Necessary:

Do not draw too much attention to yourself (tactics of "dissolving in the environment"):

- do not stand out in appearance (ordinary haircut, decent clothes, the absence of anything "loud"; if, however, your environment is extravagant, then - be like them ...);

- do not get involved in quarrels and scandals (this, firstly, attracts unnecessary attention to you, and secondly, it can simply be a provocation aimed at detention or "punishment");

– carefully pay all utility bills and other state duties; always pay for travel in public transport;

- try to follow exactly the pattern of the chosen social role and not have complaints about work (and not stand out against the general collective background there ...);

- do not inflame the obsessive curiosity of neighbors with an unusual lifestyle or visits from different people;

- do not show excessive awareness of anything, unless, of course, your role requires it (do not forget the ancients: “The vigilant must have a law of three nos: “I don’t know”, “I didn’t hear”, “I don’t understand”) .

Do not generate any hostility in neighbors, colleagues and acquaintances, but arouse their sympathy:

- not to be a "black sheep" (people are always disposed to by the one who reveals himself from a side that they understand ...);

- develop a demeanor that does not cause possible alertness in others (excessive curiosity, “mind” or obsession ...) or hostility (tactlessness, tediousness, pride, rudeness ...);

- be even and amiable with everyone around and, if possible, provide them with minor (but not lackey!) services;

– not to do anything that may cause discontent and curiosity of neighbors (slamming the door at night, an excess of visitors, returning home by taxi, women visiting, calling late on the phone in a shared apartment ...).

Carefully control all your connections and contacts (remember that “the most dangerous enemy is the one you don’t suspect”):

- to keep secrets from their neighbors (wife, friends, relatives, mistresses ...);

- with habitual alertness (“why and why?”) Always perceive attempts to get close to you (accidental acquaintance, someone's recommendations ...);

- be attentive to all employees of repair services, advertising and service, look through their documents and politely, but reasonably, verify their identity by phone, and then with “colleagues”;

- be careful with everyone who offers seemingly “disinterested” services (loans money, actively helps in something, provides something you need on the cheap ...).

Find out your own vulnerabilities and know how you can play it safe here:

- analyze your whole life and highlight those dubious moments that can be used for blackmail or discredit;

- really appreciate possible consequences from the disclosure of such facts to all those to whom they may be communicated;

- estimate who and for what reason is able to know compromising evidence and how it is possible to neutralize such awareness;

- identify the objects of your vulnerability (woman, children, moral principles ...), because through them you can be pressured;

- identify your weaknesses (hobbies, wine, sex, money, character traits ...) and remember that they can always be used against you.

- Do not get involved in dubious scams that are not related to the common cause. In risky adventures related to the case, but only with permission from above.

Contacts in your own environment cannot be considered secure. Remember that "the greatest harm usually comes from two conditions: from divulging a secret and trusting the treacherous."

Preservation of the secret of identity:

– instead of real names, pseudonyms are always used (usually nominal, but also numeric, alphabetic or “nicknames”); in each direction, the “players” go under a separate pseudonym, although it is possible to work under several options, as well as to act under a common pseudonym of several different persons;

– team members, if possible, know each other only under pseudonyms; only trusted persons should be aware of real names, home addresses and telephone numbers;

- with the impending possibility of failure and decryption, all used pseudonyms, as a rule, change;

- you should not give anyone any intimate or other information about your own person;

- try to create (using hints or rumors) a fictional, but outwardly plausible "legend" about yourself;

- no one in the group should show excessive interest in the activities, habits and intimate life of their comrades;

- no one should disclose any data about partners to others, unless it is required by an urgent need;

- in some cases, it makes sense to visually change the appearance (hairstyle, beard, makeup, wigs, tattoos, skin color, glasses with plain or smoky glasses and different frames, inserts that change voice and gait ...);

- you need to get into the habit of not leaving behind any material traces indicating that you were here (cigarette butts, discarded pieces of paper, footprints, contrasting odors, noticeable changes in the environment ...).

Keeping the case secret:

- active working contacts are maintained with a strictly limited set of people (a system of triples or fives, depending on the tasks being solved ...), while the partners should not know what exactly the partners are doing;

- everyone specializes in only two or three areas, after it became too dangerous for him to engage in activities in one of them - a respite is possible, as well as a transition to another direction;

- it is necessary to strictly distinguish between operational and informational work: let everyone do only their own business;

- the best way is to mask the preparation for a specific action of the event to implement another;

- you can tell others about your activities only if it is necessary for them for the cause; remember that the secret is kept by a maximum of five people;

- it is necessary to transfer the received information only to those who obviously need it (showing excessive awareness of something can reveal the source of information, and this can lead to its neutralization);

– be careful when using means of communication that provide clear opportunities for intercepting information (postal messages, radio - and telephone conversations ...);

– never write real addresses, names and settings in plain text in letters, do not mention them in conversations conducted on the street or on the phone;

- use codes and pseudonyms even during intra-group communication, changing them from time to time;

- the group should have 2-3 separate ciphers known to different people;

- rely more on memory than on recording; in the latter case, you must use your personal code and cipher;

- try not to have compromising papers written in your own handwriting or printed on your own office equipment;

- when communicating with "exposed" persons, refrain from direct contacts, using, if necessary, bystanders or other means of communication;

- always take into account and remember that there is a possibility of information leakage or betrayal, and be ready for appropriate counter-actions.

The best guarantee of success is usually a safety net, and therefore it is desirable to carry out any actions taking into account all possible troubles on the part of the enemy or bystanders who accidentally turn up.

General rules for direct communication.

try not to conduct informative conversations in plain text on a crowded street or in public transport;

real surnames, first names, well-known nicknames and addresses should not be mentioned in an open conversation, and also “alarming” terminology should not be used;

use code names to designate individual actions;

the most secret aspects of the conversation (real addresses, passwords, dates) are written on paper, which is then destroyed;

it is necessary to navigate the technical capabilities of eavesdropping systems and know the elementary measures to counter them (see the section on obtaining information ...);

if one of the interlocutors notices something alarming during the conversation, the partner is warned by a special word (“atas” ...) or by a gesture (finger to lips ...), and the whole conversation is transferred to a neutral channel;

if you know that you are being eavesdropped on, it is better not to conduct informative negotiations or use them for disinformation;

when they supposedly “listen” to you, but still need to communicate, they use conditional language, where harmless sentences have a completely different meaning; phrases are also used that should not be taken into account (they are usually reported by some agreed gesture, for example, crossing fingers ...), and often standard tricks (coughing, liners in the mouth ...) that make it difficult to identify the speaker;

when it is necessary to ensure the complete secrecy of communication in a crowded place, methods of conditional (non-verbal) communication are used, such as the language of gestures, body movements and finger gestures, as well as codes based on clothing attributes (different positions of a headdress, tie clip, handkerchief ...) or to manipulate improvised objects (watches, cigarettes, keys…).

A. PERSONAL SAFETY:

- try to negotiate the time of other people's and your own calls and limit the frequency of contacts;

- do not abuse conversations on your own phone (considering that it can be tapped) and do not give others your number without a clear need (knowing that it is easy to get to your address using it);

- take into account that they can listen to everyone phone conversation(when connected on the line ...), and only what you are talking about (a planted "bug" or a neighbor outside the door ...);

- it is useful to build in the device the simplest "control" (fixing the voltage drop ...) for connecting someone else's equipment to the line;

- use ANI (automatic caller ID), but it would be better to use “anti-anti-caller” so as not to advertise your number when calling others;

– do not rely on the reliability of any radiotelephones;

- long-distance and other fixed contacts are best made from someone else's "number" via a cellular "double" or radio extension cable (see the section on blackmail ...), as well as through a direct connection to any pair of contacts in the switchboard;

- for greater secrecy of negotiations, scramblers can be used (at least simple impromptu inverters and scramblers), although their use can sharply stimulate the attention of others;

– one should not rely too much on protection by means of “noise” or “voltage rise in the line”;

– if you do not want to “decipher” the interlocutor, then you can try to change your voice (through mechanical and electronic tricks, or by simply coughing, pulling and spreading your lips, pinching your nose ...) and the stylistic pattern of the conversation (using jargon ...);

- do not forget that sometimes payphones are tapped, the location of which is easily calculated, like all other phones;

- if you need someone else's call, but there is no desire to give your coordinates, an intermediate one is used - with an answering machine or a live "dispatcher", who may either know or not know (one-way option ...) your private number - telephone;

- in some cases, wordless use of the phone is possible, when one, and more often several "empty" calls in a certain rhythm show some code;

- a specific signal can sometimes be just the fact of a call from a certain person during the most trifling conversation, as well as the code mention of conditional names in case of a “mistake number”.

B. VERBAL SAFETY:

- do not conduct business conversations in plain text;

- do not give real dates, names, addresses;

- use code names for individual actions;

- use conditional language in which harmless phrases have a completely different meaning;

- call only when necessary, although it is also possible to have frequent “irrelevant” conversations with the same person (the tactic of “information dissolution”).

B. CONVERSATION WITH OUTSIDERS:

- the partner conducts the entire dialogue, and you just say “yes” or “no” so that those standing next to you do not understand and do not know;

- the fact that outsiders are nearby is reported in plain text or verbal code; the conversation after this should be conducted by a partner who is not appropriate to ask any questions that require detailed answers;

- when there is direct control of a not very friendly person, the partner is warned about this by a negotiated phrase-code (preferably in a greeting ...), after which the whole conversation is carried on in an empty or disinformation style;

- if one of the interlocutors believes that his phone is being tapped, he immediately tries to warn those who call him about this by means of a well-known phrase (“teeth hurt” ...), and the conversation then turns into a neutral channel.

D. USE OF A COMMON PHONE (AT APARTMENT, AT WORK…):

- use such a phone as little as possible (especially “at the reception”), if this is not related to the role being played (dispatcher, advertising agent ...);

- call to this phone must be the same person;

– try not to call too late and too early;

- when outsiders try to identify the voice of the caller ("Who asks?" ...), answer politely and neutrally ("colleague" ...) and, if the callee is not there, immediately stop further conversation;

- in fact, it is not difficult to make a separate telephone using, for example, a code splitter, so that in this case a specific dialing of a common number will reliably ensure that only your telephone is called, without affecting the neighboring one in any way.

The level of security measures required in specific cases depends on the desired degree of secrecy of the contact, on the degree of legality of its participants and the possible control of it by outsiders.

A. SELECTION OF THE MEETING PLACE:

- when looking for suitable places for contact, they usually rely on the principles of naturalness, validity and chance;

- frequent meetings are easiest to carry out at the place of a fan party (fitting into its pattern ...), in the hall of the sports section, in the working room ...;

- especially serious gatherings can be realized in hunting grounds, specially rented dachas, in baths, resort sanatoriums, at all kinds of sports bases, on foreign beaches;

- pair meetings are scheduled in the subway and squares, in toilets and in cars, on sparsely busy streets, in zoos, museums and at exhibitions; crossings in such places are unlikely, and therefore they are less dangerous;

– one should refrain from conspiratorial meetings in a well-known restaurant, trendy cafe and train station, given that such points are usually controlled;

- it is possible to hold “random” meetings in private apartments of third parties for a justified reason (funeral, anniversary, “washing” of some event ...);

- you should not carry out any meetings (except for the usual ones) in stereotypical communal apartments;

- extremely limited use of their own apartments for contacting;

- in some cases it makes sense to rent a special safe house, if possible in the house where there is a duplicate exit;

– when inspecting the meeting place, make sure that it is possible to get there unnoticed and how it is possible to escape safely from there; remember the old truth: “If you don’t know how to leave, don’t try to enter!”

B. MEETING INFORMATION:

- the places of a possible meeting are usually discussed in advance, and all of them are given a code - alphabetic, digital or "false" - name, with several options for each;

- the intended contact is communicated to others by phone, pager, letter, and also through a messenger;

- when arranging a meeting on the lines of "open" communication, they use the code name of the place, an encrypted date (for example, the day before the specified one) and a shifted time (by a constant or rolling number);

– before the due date, it is necessary to issue a confirmation of contact either in plain text or by signaling;

- if waiting is acceptable at the meeting (at a public transport stop, in line at a gas station ...), it is advisable to indicate a specific period of time after which it is no longer necessary to wait.

B. HOLDING A MEETING:

- to crowded meetings, one should arrive not in a crowd, but dispersed and not leaving all personal cars in one place;

- try to avoid the presence of any outsiders and extra persons at the training camp;

– realizing that those who don’t need to know about crowded secret meetings are likely to know, you should not take obviously compromising things with you (weapons, forged documents ...) and remember that they can sometimes be slipped;

- control of the place of communication is highly desirable special people before, during and after the meeting, so that, if necessary, they can warn of an emerging danger using any agreed (considering their capture) signals;

- with all contact, you need to figure out how you can be spied on or overheard, stubbornly asking yourself short questions: "Where? How? Who?";

- especially secret conversations should be carried out in local isolated points, checked and secured against all possibilities of eavesdropping, peeping and undermining;

- it is desirable to have at least simple indicators that report the radiation of radio microphones or the presence of a recording voice recorder on the interlocutor;

- it is useful to use even "clumsy" spark silencers, as well as magnetic record erasure generators;

- classic illegal doubles matches are always calculated to the minute and are held as "random";

- in order to arrive at the meeting point at exactly the appointed time, it is necessary to time the movement in advance and give some margin of time for all sorts of surprises (blocking the route, tying an outsider, a traffic accident ...);

- if the meeting is scheduled on the street, then it does not interfere with walking there an hour before the meeting, carefully looking at every passer-by and all parked cars; if something worries you, then the contact must be postponed, informing your partner about this using camouflaged signal communication techniques;

– when meeting with unfamiliar persons, the latter are recognized by a description of their appearance, a specific posture or gesture, a mention of things held in their hands, and best of all, by a photograph, with further confirmation of identity with a verbal (and other) password;

- it is necessary to be located in the hospital in such a way that at all times it is necessary to control the obvious places of occurrence of the threat (say, in a cafe - facing the entrance, while watching what is happening outside the window and being located not far from the open service passage ...);

- remember and follow all the previously indicated rules of verbal communication.

D. ORGANIZATION OF CLOSED MEETINGS (NEGOTIATIONS).

The organization of any event, including meetings and negotiations, is associated with its preparation. There are no single infallible rules in this direction. However, the following variant of the scheme for such preparation is recommended: planning, collection of material and its processing, analysis of the collected material and its editing.

At the initial stage of planning, the topic or issues that are desirable to be discussed, and possible participants in the business conversation are determined. In addition, the most opportune moment is chosen, and only then do they agree on the place, time of the meeting and the organization of the security of the enterprise (as a rule, such conversations are conducted tete-a-tete, confidentially, without the participation of outsiders).

When the meeting is already scheduled, a plan is drawn up for its holding. First, you should determine the goals facing the entrepreneur, and then develop a strategy for achieving them and tactics for conducting a conversation.

Such a plan is a clear program of actions for preparing and conducting a specific conversation. Planning allows you to mitigate, neutralize the impact of unexpectedly emerging new facts or unforeseen circumstances on the course of the conversation.

The plan includes those responsible for the implementation of each item of the plan and the following measures to organize the security of the meeting (negotiations):

1. Meeting with the client of the guests arriving for the meeting.

2. Coordination of the actions of the main guards and bodyguards of invited persons.

3. Protection of clothes, belongings of guests and their cars in the surrounding area.

4. Prevention of incidents between guests at a meeting.

5. Monitoring the status of drinks, snacks and other treats (trained dogs are used for these purposes).

6. Identification of suspicious persons at the event or in adjacent premises.

7. Cleaning of premises (negotiation hall and adjoining rooms) prior to negotiations in order to remove eavesdropping and explosive devices.

8. Establishment of posts for fixing and monitoring persons:

a) those who come to a business reception or meeting with bundles, briefcases, etc.;

b) bringing audio or video equipment to the event;

c) who come to a business reception or meeting for a short time or leave the event unexpectedly.

9. Prevention of listening to the conversations of the organizers of the event and guests in the premises and on the phone.

10. Development of fallback options for negotiations (in a private apartment, in a hotel, in a car, on a boat, in a bathhouse (sauna), etc.)

This list of activities is not exhaustive. It can be significantly expanded and specified depending on the conditions of the object of protection, the nature of the event and other conditions agreed with the client.

Among the general tasks that are solved during a meeting (negotiations) or other public events include:

1) the premises for negotiations are selected in such a way that they are located on the first or last floors and are located between those premises that are controlled by the security service;

2) familiarization with the object of protection, establishing the state of the criminal situation around it;

3) establishing interaction with the police during the period of the events;

4) establishment of a pass regime in order to prevent the carrying of weapons, explosives, combustible and poisonous substances, drugs, heavy objects and stones to the protected object;

5) prevention of passage to the protected area or to the protected premises of persons with dogs;

6) control and maintenance of order in the adjacent territory and in adjacent premises;

7) distribution of roles among the guards of the reinforcement (support) group;

8) determination of the equipment of the guards, including their weapons and communications;

9) establishment of open and "encrypted" control and observation posts;

10) preparation of transport in case of extreme circumstances and evacuation of participants in the event;

11) checking the stability of communication on the territory of the facility in order to identify the so-called "dead zones";

12) checking the possibility of using gas weapons and tear gas canisters in order to identify the direction of air movement, drafts and eddies, so that the guards themselves do not suffer as a result of the use of special means;

13) checking the coherence of the guards by practicing various introductory tasks.

During the working stage of protection, the security service (security company) employees must accurately fulfill their duties stipulated at the preparation stage.

In doing so, special attention is paid to the following questions:

1) the arrival of late participants of the event who rely on a weak access control after the start of the meeting (negotiations);

2) mandatory inspection of the contents of briefcases and bulky bags or the use of hand-held metal detectors, explosive vapor detectors used to detect mines, grenades, heavy bombs and other explosives;

3) vehicles entering and leaving the protected area should be subjected to special inspection, at least visually. This is especially important in order to prevent outsiders from entering the protected facility and to exclude the mining of vehicles of the participants in the meeting (negotiations);

4) control of passenger compartments and luggage compartments of departing vehicles can prevent the kidnapping of persons arriving at the event in order to extort the organizers of the meeting (negotiations);

5) protection of outerwear and personal belongings of the participants of the event in order to exclude its theft and establish radio bugs;

6) despite the desire of the leaders of the event to have a beautiful view from the window, it must be taken into account that the area should be convenient for control by the security service (security company);

7) cars should not be parked under the windows of the negotiation rooms, in which there may be equipment for picking up information from radio bookmarks;

8) creation of security zones of the premises intended for negotiations, and equipping it with special equipment, screens, noise generators, etc.;

9) when negotiating for the purpose of preserving trade secrets, all "secret" information is presented in writing, and its discussion is in Aesopian.

At the final stage of the event, it is required to remain vigilant by the security service (security company), despite the outwardly seeming insignificance of the events taking place at the facility, which can be very deceptive.

Checking the object after the completion of the event can be associated with no less risk to life than work at the previous stages. During this period, the final cleaning of the object is carried out according to the same methodology as during the preparatory measures. At the same time, it is necessary to search for persons who can hide at the facility, or victims of criminals who need health care. Close attention is drawn to forgotten objects and things.

Souvenirs and gifts presented to the head of the organization (company), other participants of the event are subjected to control inspection.

Everything found by the security at the facility that does not belong to the employees of the organization (firm) is subject to transfer to the client or the administration of the protected premises along with one copy of the inventory. The second copy of the inventory with the signature of the person who accepted the things for storage is in the security service (security company).

An apartment, a car, a street, a restaurant cannot be reliable "defenders" of trade secrets. Therefore, it is worth listening to the advice of professionals.

When holding business meetings, it is imperative to close windows and doors. It is desirable that an isolated room, such as a hall, serve as a meeting room.

Competitors, if they want, can easily listen to conversations, located in neighboring rooms, for example, in an apartment on the floor above or below. The times when scouts of all countries and peoples drilled holes in ceilings and walls are long gone - especially sensitive microphones allow you to receive necessary information almost unhindered.

For negotiations, it is necessary to choose rooms with insulated walls, get to know the neighbors living on the floor above and below; find out if they rent their apartment (room) to strangers. It is worth turning neighbors into allies, but at the same time take into account that they can play a double game or quietly turn from well-wishers into blackmailers.

The activity of competitors depends, first of all, on the seriousness of their intentions. If necessary, listening devices ("bugs") can be installed directly in the entrepreneur's apartment - and neither iron doors, nor imported locks, nor well-trained security will help here.

A business person should ask his relatives to invite home only well-known people, if possible, control their behavior. Doors must be closed during receptions. home office on the key, and in order not to tempt children, the VCR and computer should be in an accessible place for them. The computer, of course, should be without working programs and confidential information.

If it is suspected that your vehicle is “equipped”, a “clean vehicle” operation must be carried out in it before negotiations.

On the eve of a business meeting, one of the employees of the company or a friend of the entrepreneur, whom he fully trusts, must leave the car at the agreed place. A few minutes after that, the business man changes from his car to the abandoned one and, without stopping anywhere, goes to the negotiations. In this case, you should not forget to take a power of attorney for the right to drive someone else's car!

During negotiations, the car must be in motion, and its windows tightly closed. At stops (for example, at a traffic light), it is better not to discuss confidential issues.

Let's analyze where else a business person can hold an important business meeting?

On the street. To listen to conversations, two types of microphones can be used - highly directional and built-in. The former allow you to take information at a distance of up to a kilometer within the line of sight. The built-in microphones function in the same way as radio tabs.

To effectively combat highly directional microphones, it is necessary to move all the time, sharply changing direction, using public transport, organizing counter-surveillance - with the help of security services or hired agents of private detective firms.

At the restaurant. The static position allows you to control conversations in the general restaurant halls. Therefore, a reliable maitre d' is essential for holding such business meetings. At a convenient time for the entrepreneur and unexpectedly for competitors, a table or a separate office is reserved, which, in turn, must be under the reliable control of the company's security service. Attempts to drown out the conversation with the sounds of a restaurant orchestra, as, by the way, with the sound of water, are ineffective.

In a hotel room. Booking a hotel room for negotiations must be carried out discreetly. After the start of a business meeting, security officers must keep under control not only neighbors, but also all people living on the floor above and below.

All of the above methods and countermeasures are effective provided that misinformation of others about the time and nature of the planned meetings (negotiations) is well organized. When the circle of employees dedicated to the full list of planned events is as narrow as possible and each of those participating in them knows exactly as much as is necessary for the scope of his duties, then you can count on success in any business.

The general classification of threats to the automated information system of an object is as follows:

Threats to data and software privacy. They are implemented in case of unauthorized access to data (for example, to information about the status of accounts of bank customers), programs or communication channels.

Information processed on computers or transmitted over local networks data transmission, can be removed through the technical channels of the leak. In this case, equipment is used that analyzes electromagnetic radiation that occurs during computer operation.

Such data collection is a complex technical task and requires the involvement of qualified specialists. With the help of a receiving device based on a standard TV, it is possible to intercept information displayed on computer screens from a distance of a thousand or more meters. Certain information about the operation of a computer system is retrieved even when the communication process is monitored without access to their content.

Threats to the integrity of data, programs, hardware. The integrity of data and programs is violated by unauthorized destruction, adding unnecessary elements and modifying account records, changing the order of data arrangement, generating falsified payment documents in response to legitimate requests, with active relaying of messages with their delay.

Unauthorized modification of system security information can lead to unauthorized actions (incorrect routing or loss of transmitted data) or distortion of the meaning of transmitted messages. The integrity of the equipment is violated when it is damaged, stolen or illegally changed the operation algorithms.

Threats to data availability. They occur when an object (user or process) does not get access to the services or resources legally allocated to it. This threat is implemented by capturing all resources, blocking communication lines by an unauthorized object as a result of transmitting its information through them, or excluding the necessary system information.

This threat can lead to unreliability or poor quality of service in the system and, therefore, will potentially affect the reliability and timeliness of delivery of payment documents.

– Threats to refuse transactions. They arise when a legal user sends or accepts payment documents, and then denies this in order to relieve himself of responsibility.

Assessing the vulnerability of an automated information system and building an impact model involves studying all the options for implementing the above threats and identifying the consequences they lead to.

Threats may be due to:

- natural factors (natural disasters - fire, flood, hurricane, lightning and other causes);

- human factors, which in turn are divided into:

passive threats(threats caused by activities of an accidental, unintentional nature). These are threats associated with errors in the process of preparing, processing and transmitting information (scientific and technical, commercial, monetary and financial documentation); with untargeted "brain drain", knowledge, information (for example, in connection with the migration of the population, travel to other countries for family reunification, etc.);

active threats(threats caused by intentional, deliberate actions of people). These are threats related to the transfer, distortion and destruction of scientific discoveries, inventions, production secrets, new technologies for selfish and other anti-social motives (documentation, drawings, descriptions of discoveries and inventions, and other materials); viewing and transferring various documentation, viewing "garbage"; eavesdropping and transmission of official and other scientific, technical and commercial conversations; with a purposeful "brain drain", knowledge, information (for example, in connection with obtaining another citizenship for mercenary motives);

- human-machine and machine factors, subdivided into:

passive threats. These are threats associated with errors in the process of designing, developing and manufacturing systems and their components (buildings, structures, premises, computers, communications, operating systems, application programs, etc.); with errors in the operation of the equipment due to poor-quality manufacturing; with errors in the process of preparing and processing information (errors of programmers and users due to insufficient qualifications and poor quality service, operator errors in preparing, entering and outputting data, correcting and processing information);

active threats. These are threats associated with unauthorized access to the resources of an automated information system (introducing technical changes to computer equipment and communication equipment, connecting to computer equipment and communication channels, stealing various types of information media: floppy disks, descriptions, printouts and other materials, viewing input data, printouts, viewing "garbage"); threats implemented in a non-contact way (collection of electromagnetic radiation, interception of signals induced in circuits (conductive communications), visual-optical methods of extracting information, eavesdropping on official and scientific and technical conversations, etc.).

The main typical ways of information leakage and unauthorized access to automated information systems, including through telecommunication channels, are the following:

interception of electronic radiation;

the use of listening devices (bookmarks);

remote photography;

interception of acoustic radiation and restoration of the text of the printer;

theft of storage media and industrial waste;

reading data in arrays of other users;

reading residual information in the system memory after the execution of authorized requests;

copying of information carriers with overcoming protection measures;

disguise as a registered user;

hoax (disguise under system requests);

illegal connection to equipment and communication lines;

malicious incapacitation of protection mechanisms;

use of "software traps".

Possible channels of intentional unauthorized access to information in the absence of protection in an automated information system can be:

regular channels of access to information (user terminals, means of displaying and documenting information, storage media, software download tools, external communication channels) in case of their illegal use;

technological consoles and controls;

internal installation of equipment;

communication lines between hardware;

spurious electromagnetic radiation carrying information;

side pickups on power supply circuits, equipment grounding, auxiliary and extraneous communications located near the computer system.

Ways of impact of threats on information security objects are divided into information, software and mathematical, physical, radio-electronic and organizational and legal.

Information methods include:

violation of the targeting and timeliness of information exchange, illegal collection and use of information;

unauthorized access to information resources;

manipulation of information (disinformation, concealment or distortion of information);

illegal copying of data in information systems;

violation of information processing technology.

Programmatic mathematical methods include:

introduction of computer viruses;

installation of software and hardware embedded devices;

destruction or modification of data in automated information systems.

Physical methods include:

destruction or destruction of information processing and communication facilities;

destruction, destruction or theft of machine or other original storage media;

theft of software or hardware keys and means of cryptographic information protection;

impact on staff;

supply of "infected" components of automated information systems.

Electronic methods are:

interception of information in technical channels of its possible leakage;

introduction of electronic devices for intercepting information in technical facilities and premises;

interception, decryption and imposition of false information in data transmission networks and communication lines;

impact on password-key systems;

electronic suppression of communication lines and control systems.

Organizational and legal methods include:

non-compliance with legal requirements and delays in the adoption of the necessary regulatory legal provisions V information sphere;

unlawful restriction of access to documents containing important information for citizens and organizations.

Software security threats. Ensuring the security of automated information systems depends on the security of the software used in them and, in particular, the following types programs:

regular user programs;

special programs designed to violate the security of the system;

a variety of system utilities and commercial applications that are highly professional in design and yet may contain some flaws that allow invaders to attack systems.

Programs can create two types of problems: firstly, they can intercept and modify data as a result of the actions of a user who does not have access to this data, and secondly, using omissions in the protection of computer systems, they can either provide access to the system to users, unauthorized, or block legitimate users from accessing the system.

The higher the programmer's level of training, the more implicit (even for him) the mistakes he makes become, and the more carefully and reliably he is able to hide the deliberate mechanisms designed to compromise the security of the system.

Programs themselves can be the target of an attack for the following reasons:

In today's world, software can be a highly profitable commodity, especially to the first person to commercialize and copyright the software.

Programs can also become the object of an attack aimed at modifying these programs in some way, which would allow in the future to attack other objects in the system. Especially often, programs that implement system protection functions become the object of attacks of this kind.

Let's look at several types of programs and techniques that are most often used to attack programs and data. These techniques are denoted by a single term - "software traps". These include software hatches, Trojan horses, logic bombs, salami attacks, covert channels, denial of service, and computer viruses.

Hatches in programs. The use of hatches to infiltrate a program is one of the simplest and most commonly used ways to breach the security of automated information systems.

Luke is the ability to work with this software product not described in the documentation for the software product. The essence of using hatches is that when the user performs some actions not described in the documentation, he gets access to features and data that are normally closed to him (in particular, access to privileged mode).

Hatches are most often the result of developer forgetfulness. As a hatch, a temporary mechanism for direct access to parts of the product, created to facilitate the debugging process and not removed after it, can be used. Hatches can also be formed as a result of the often practiced “top-down” software development technology: their role will be played by “stubs” left for some reason in the finished product - groups of commands that imitate or simply indicate the connection point for future subroutines.

Finally, another common source of hatches is the so-called "undefined input" - the input of "meaningless" information, gibberish in response to system requests. The reaction of a poorly written program to undefined input can be, at best, unpredictable (when the program reacts differently each time the same wrong command is entered again); much worse, if the program performs some repetitive actions as a result of the same "undefined" input - this gives the potential invader the opportunity to plan his actions to violate security.

Undefined input is a private implementation of the interrupt. That is, in the general case, the invader can deliberately create some non-standard situation in the system that would allow him to perform the necessary actions. For example, it can artificially crash a program running in privileged mode in order to take control by remaining in that privileged mode.

The fight against the possibility of interruption, ultimately, results in the need to provide for the development of programs for a set of mechanisms that form the so-called "fool protection". The meaning of this protection is to ensure that any possibility of processing undefined input and various non-standard situations (in particular, errors) is guaranteed to be cut off and thus prevent violation of the security of the computer system even in the event of incorrect operation with the program.

Thus, a hatch (or hatches) may be present in a program because the programmer:

forgot to delete it;

deliberately left it in the program to provide testing or to perform the rest of the debugging;

deliberately left it in the program in the interests of facilitating the final assembly of the final software product;

deliberately left it in the program in order to have a hidden means of access to the program after it became part of the final product.

The hatch is the first step to attacking the system, the ability to penetrate the computer system bypassing the protection mechanisms.

"Trojan horses".

There are programs that implement, in addition to the functions described in the documentation, some other functions that are not described in the documentation. Such programs are called Trojan horses.

The probability of detecting a "Trojan horse" is higher, the more obvious the results of its actions (for example, deleting files or changing their protection). More sophisticated "Trojan horses" can mask the traces of their activities (for example, restore file protection to its original state).

"Logic bombs".

A "logic bomb" is usually called a program or even a piece of code in a program that implements some function when a certain condition is met. This condition can be, for example, the occurrence of a certain date or the discovery of a file with a certain name.

When exploding, the "logic bomb" implements a function that is unexpected and, as a rule, undesirable for the user (for example, it deletes some data or destroys some system structures). The "logic bomb" is one of the favorite ways for programmers to take revenge on companies that fired them or offended them in some way.

Salami attack.

The salami attack has become a real scourge of banking computer systems. Thousands of transactions related to non-cash payments, transfers of amounts, deductions, etc. are performed daily in banking systems.

When processing invoices, whole units (rubles, cents) are used, and when calculating interest, fractional amounts are often obtained. Typically, values ​​greater than half a ruble (cent) are rounded up to the nearest whole ruble (cent), while values ​​less than half a ruble (cent) are simply discarded. When attacking "salami" these insignificant values ​​are not removed, but gradually accumulated on some special account.

As practice shows, the amount, made up literally from nothing, for a couple of years of operation of the “cunning” program in an average bank can amount to thousands of dollars. Salami attacks are quite difficult to recognize unless the attacker starts accumulating large sums in one account.

Hidden channels.

Covert channels are programs that transmit information to persons who, under normal conditions, should not receive this information.

In those systems where critical information is processed, the programmer should not have access to the data processed by the program after the start of operation of this program.

From the fact of possessing some proprietary information, you can derive considerable benefit, at least elementarily by selling this information (for example, a list of customers) to a competing firm. A sufficiently skilled programmer can always find a way to covertly communicate information; however, a program designed to create the most innocuous reports can be a little more complicated than the task requires.

For hidden transmission of information, you can successfully use various elements of the format of "harmless" reports, for example, different line lengths, gaps between lines, the presence or absence of service headers, controlled output of insignificant digits in output values, the number of spaces or other characters in certain places of the report, etc. d.

If the invader has the ability to access the computer while the program of interest to him is running, sending critical information to a specially created computer can become a covert channel. random access memory computer data array.

Hidden channels are most applicable in situations where the invader is not even interested in the content of information, but, for example, in the fact of its presence (for example, the presence of a bank account with a certain number).

Denial of service.

Most security breaches are aimed at gaining access to data that is not normally allowed by the system. However, no less interesting for the invaders is access to the control of the computer system itself or changing its qualitative characteristics, for example, to get some resource (processor, input-output device) for exclusive use or to provoke a clinch situation for several processes.

This may be required in order to explicitly use the computer system for your own purposes (at least to solve your problems for free) or simply block the system, making it inaccessible to other users. This type of system security breach is called a “denial of service” or “denial of service.” "Denial of service" is extremely dangerous for real-time systems - systems that control some technological processes, perform various kinds of synchronization, etc.

Computer viruses.

Computer viruses are the quintessence of all sorts of security breach methods. One of the most common and favorite methods of spreading viruses is the "Trojan horse" method. Viruses differ from logic bombs only in their ability to replicate and launch themselves, so many viruses can be considered a special form of logic bombs.

To attack the system, viruses actively use all sorts of “hatchways”. Viruses can implement a wide variety of dirty tricks, including the salami attack. In addition, the success of an attack of one type often contributes to a decrease in the "immunity" of the system, creates a favorable environment for the success of attacks of other types. The invaders know this and actively use this circumstance.

Of course, in its pure form, the techniques described above are quite rare. Much more often during the attack, separate elements of different techniques are used.

Information threats in computer networks. Networks of computers have many advantages over a set of separately operating computers, including: sharing of system resources, increasing the reliability of the system, distributing the load among network nodes, and expandability by adding new nodes.

However, when using computer networks, there are serious problems of information security. The following can be noted.

Separation of shared resources.

Due to the sharing of a large number of resources by various network users, possibly located at a great distance from each other, the risk of unauthorized access is greatly increased, since it can be carried out more easily and discreetly on the network.

Expansion of the zone of control.

Administrator or operator separate system or subnet must monitor the activity of users outside its reach.

A combination of various software and hardware.

The connection of several systems in a network increases the vulnerability of the entire system as a whole, since each information system is configured to fulfill its own specific security requirements, which may be incompatible with the requirements on other systems.

Unknown parameter.

The easy extensibility of networks leads to the fact that it is sometimes difficult to determine the boundaries of a network, since the same node can be available to users of different networks. Moreover, for many of them it is not always possible to determine exactly how many users have access to a particular network node and who they are.

Lots of attack points.

In networks, the same set of data or message can be transmitted through several intermediate nodes, each of which is a potential source of threat. In addition, to many modern networks can be accessed using dial-up communication lines and a modem, which greatly increases the number of possible points of attack.

The complexity of managing and controlling access to the system.

Many attacks on a network can be carried out without gaining physical access to a specific host - using a network from remote points.

In this case, the identification of the intruder can be very difficult. In addition, the attack time may be too short to take adequate measures.

On the one hand, the network is a single system with uniform information processing rules, and on the other hand, it is a collection of separate systems, each of which has its own information processing rules. Therefore, taking into account the dual nature of the network, an attack on the network can be carried out from two levels: upper and lower (their combination is also possible).

In a high-level attack on a network, an attacker uses the properties of the network to infiltrate another host and perform certain unauthorized actions. In a low-level attack on a network, an attacker uses the properties of network protocols to violate the confidentiality or integrity of individual messages or the stream as a whole.

Disruption of message flow can lead to information leakage and even loss of control over the network.

Distinguish between passive and active low-level threats specific to networks.

Passive Threats

(violation of the confidentiality of data circulating in the network) is the viewing and / or recording of data transmitted over communication lines. These include:

viewing a message;

graph analysis - an attacker can view the headers of packets circulating in the network and, based on the service information contained in them, draw conclusions about the senders and recipients of the packet and the transmission conditions (time of departure, message class, security category, message length, traffic volume, etc.) .).

Active Threats

(violation of the integrity or availability of resources and network components) - unauthorized use of devices that have access to the network to change individual messages or a message flow. These include:

failure of messaging services - an attacker can destroy or delay individual messages or the entire flow of messages;

"masquerade" - an attacker can assign someone else's identifier to his node or relay and receive or send messages on someone else's behalf;

introduction of network viruses - transmission of a virus body over a network with its subsequent activation by a user of a remote or local host;

message flow modification - an attacker can selectively destroy, modify, delay, reorder and duplicate messages, as well as insert fake messages.

Threats to commercial information.

Under the conditions of informatization, such methods of unauthorized access to confidential information as copying, forgery, destruction are also of particular danger.

Copy.

In case of unauthorized access to confidential information, they copy: documents containing information of interest to the attacker; technical media; information processed in automated information systems. The following copying methods are used: blueprinting, photocopying, thermal copying, photocopying and electronic copying.

Fake.

In a competitive environment, forgery, modification and imitation are on a large scale. Malefactors forge confidential documents allowing to receive certain information, letters, accounts, accounting and financial documentation; forge keys, passes, passwords, ciphers, etc. In automated information systems, forgery includes, in particular, such malicious actions as falsification (the recipient subscriber forges the received message, passing it off as valid in his own interests), masking (the subscriber - the sender disguises himself as another subscriber in order to receive protected information).

Destruction.

Of particular danger is the destruction of information in automated databases and knowledge bases. Information on magnetic media is destroyed with the help of compact magnets and programmatically (“logical bombs”). A significant place in crimes against automated information systems is occupied by sabotage, explosions, destruction, failure of connecting cables, air conditioning systems.

The methods for ensuring information security are as follows: obstacle, access control, masking, regulation, coercion and inducement.

Obstacle - a method of physically blocking an attacker's path to protected information (to equipment, storage media, etc.).

Access control- a method of protecting information by regulating the use of all resources of an automated information system of an organization (firm). Access control includes the following security features:

identification of users, personnel and resources of the information system (assignment of a personal identifier to each object);

authentication (authentication) of an object or subject by the identifier presented to them;

verification of authority (checking the compliance of the day of the week, time of day, requested resources and procedures with the established regulations);

permission and creation of working conditions within the established regulations;

registration (logging) of calls to protected resources;

response (alarm, shutdown, work delay, request denied) in case of attempts of unauthorized actions.

disguise - a method of protecting information in an automated information system by means of its cryptographic closure.

Regulation- a method of information protection that creates such conditions for automated processing, storage and transmission of information under which the possibility of unauthorized access to it would be minimized.

Coercion - this method of information protection, in which users and system personnel are forced to comply with the rules for processing, transferring and using protected information under the threat of financial, administrative or criminal liability.

Motivation - such a method of information protection that encourages users and system personnel not to violate established rules by complying with established moral and ethical standards.

The above methods for ensuring the information security of an organization (firm) are implemented in practice by applying various mechanisms protection, for the creation of which the following fixed assets are used: physical, hardware, software, hardware-software, cryptographic, organizational, legislative and moral and ethical.

Physical protections designed for external protection of the territory of objects, protection of the components of the automated information system of the enterprise and are implemented in the form of autonomous devices and systems.

Along with traditional mechanical systems with the dominant participation of a person, universal automated electronic systems of physical protection are being developed and implemented, designed to protect territories, protect premises, organize access control, organize surveillance; fire alarm systems; media theft prevention systems.

The element base of such systems is various sensors, signals from which are processed by microprocessors, electronic smart keys, devices for determining human biometric characteristics, etc.

To organize the protection of equipment that is part of the automated information system of the enterprise, and movable media (floppy disks, magnetic tapes, printouts), the following are used:

various locks (mechanical, coded, microprocessor-controlled, radio-controlled) that are installed on entrance doors, shutters, safes, cabinets, devices and system blocks;

microswitches that detect the opening or closing of doors and windows;

inertial sensors, for the connection of which you can use the lighting network, telephone wires and wiring of television antennas;

special foil stickers that are pasted on all documents, devices, components and units of the system to prevent their removal from the premises. At any attempt to take an object with a sticker outside the premises, a special installation (analogue of a metal object detector) located near the exit sounds an alarm;

special safes and metal cabinets for installing individual elements of an automated information system (file server, printer, etc.) and movable storage media in them.

To neutralize information leakage through electromagnetic channels, shielding and absorbing materials and products are used. Wherein:

shielding of working premises where components of an automated information system are installed is carried out by covering the walls, floor and ceiling with metallized wallpaper, conductive enamel and plaster, wire mesh or foil, installing fences made of conductive bricks, multilayer steel, aluminum or special plastic sheets;

metallized curtains and glass with a conductive layer are used to protect windows;

all openings are covered with a metal mesh connected to the ground bus or wall shielding;

limiting magnetic traps are mounted on the ventilation ducts to prevent the propagation of radio waves.

For protection against interference electrical circuits nodes and blocks of an automated information system use:

shielded cable for intra-rack, intra-unit, inter-unit and outdoor installation;

shielded elastic connectors (connectors), network filters suppression of electromagnetic radiation;

wires, tips, chokes, capacitors and other interference-suppressing radio and electrical products;

separating dielectric inserts are placed on water, heating, gas and other metal pipes, which break the electromagnetic circuit.

To control the power supply, electronic trackers are used - devices that are installed at the input points of the AC voltage network. If the power cord is cut, broken, or burnt out, the coded message triggers an alarm or activates television camera for subsequent event recording.

An X-ray examination is considered the most effective for detecting embedded "bugs". However, the implementation of this method is associated with great organizational and technical difficulties.

The use of special noise generators to protect against theft of information from computers by removing its radiation from display screens has an adverse effect on the human body, which leads to rapid baldness, loss of appetite, headaches, and nausea. That is why they are rarely used in practice.

Hardware protections - these are various electronic, electromechanical and other devices directly built into the blocks of an automated information system or designed as independent devices and interfaced with these blocks.

They are for internal protection. structural elements means and systems of computer technology: terminals, processors, peripheral equipment, communication lines, etc.

The main functions of hardware protection:

prohibition of unauthorized internal access to individual files or databases of the information system, which is possible as a result of accidental or deliberate actions of maintenance personnel;

protection of active and passive (archival) files and databases associated with non-maintenance or shutdown of an automated information system;

software integrity protection.

These tasks are implemented by information security hardware using the access control method (identification, authentication and verification of the authority of system subjects, registration and response).

To work with especially valuable information, organizations (firms) computer manufacturers can produce individual disks with unique physical characteristics that do not allow reading information. At the same time, the cost of a computer can increase several times.

Software protection designed to perform logical and intellectual protection functions and are included either in the software of an automated information system, or in the tools, complexes and systems of control equipment.

Information protection software is the most common type of protection, having the following positive properties: versatility, flexibility, ease of implementation, the possibility of change and development. This circumstance makes them at the same time the most vulnerable elements of the protection of the enterprise information system.

At present, a large number of operating systems, database management systems, network packages and application software packages, including a variety of information security tools.

With the help of software protection tools, the following information security tasks are solved:

control of loading and logging into the system using personal identifiers (name, code, password, etc.);

differentiation and control of access of subjects to resources and components of the system, external resources;

isolation of process programs performed in the interests of a particular subject from other subjects (ensuring the work of each user in an individual environment);

managing the flow of confidential information in order to prevent recording on data carriers of an inappropriate level (label) of secrecy;

protection of information from computer viruses;

deletion of residual confidential information in the fields of the computer's RAM that were unlocked after the execution of requests;

erasing residual confidential information on magnetic disks, issuance of protocols on the results of erasing;

ensuring the integrity of information by introducing data redundancy;

automatic control over the work of system users based on the results of logging and preparation of reports based on entries in the system log.

Currently, a number of operating systems initially contain built-in means of blocking "reuse". For other types of operating systems, there are quite a lot of commercial programs, not to mention special security packages that implement similar functions.

The use of redundant data is aimed at preventing the occurrence of random errors in the data and the detection of unauthorized modifications. This can be the use of checksums, data control for even-odd, error-correcting coding, etc.

It is often practiced to store signatures of important system objects in some secure place in the system. For example, for a file, a combination of the file's security byte with its name, length, and date of last modification can be used as a signature. Each time a file is accessed, or in case of suspicion, the current characteristics of the file are compared with a benchmark.

The auditability property of an access control system means the possibility of reconstructing events or procedures. The auditability tools need to find out what actually happened. This includes documenting the procedures performed, keeping logs, and applying clear and unambiguous methods of identification and verification.

It should be noted that the task of access control while ensuring the integrity of resources is reliably solved only by encryption of information.

Norbert Wiener, the creator of cybernetics, believed that information has unique characteristics and cannot be attributed to either energy or matter. The special status of information as a phenomenon has given rise to many definitions.

The glossary of ISO/IEC 2382:2015 "Information Technology" provides the following interpretation:

Information (in the field of information processing)- any data presented in electronic form, written on paper, spoken at a meeting or in any other medium used by a financial institution for decision-making, moving funds, setting rates, making loans, processing transactions, etc., including components processing system software.

To develop the concept of information security (IS), information is understood as information that is available for collection, storage, processing (editing, transformation), use and transfer different ways, including in computer networks and other information systems.

Such information is of high value and can become objects of infringement by third parties. The desire to protect information from threats underlies the creation of information security systems.

Legal basis

In December 2017, the Information Security Doctrine was adopted in Russia. In the document, information security is defined as the state of protection of national interests in the information sphere. In this case, national interests are understood as the totality of the interests of society, the individual and the state, each group of interests is necessary for the stable functioning of society.

Doctrine is a conceptual document. Legal relations related to ensuring information security are regulated by federal laws "On State Secrets", "On Information", "On Protection of Personal Data" and others. On the basis of the fundamental normative acts, government decrees and departmental normative acts are developed on particular issues of information protection.

Definition of information security

Before developing an information security strategy, it is necessary to accept a basic definition of the concept itself, which will allow the use of a certain set of methods and methods of protection.

Industry practitioners propose to understand information security as a stable state of protection of information, its carriers and infrastructure, which ensures the integrity and stability of information-related processes against intentional or unintentional impacts of a natural and artificial nature. Impacts are classified as IS threats that can cause damage to the subjects of information relations.

Thus, information security will be understood as a set of legal, administrative, organizational and technical measures aimed at preventing real or perceived information security threats, as well as at eliminating the consequences of incidents. The continuity of the information protection process should guarantee the fight against threats at all stages of the information cycle: in the process of collecting, storing, processing, using and transmitting information.

Information security in this sense becomes one of the characteristics of system performance. At each point in time, the system must have a measurable level of security, and ensuring the security of the system must be a continuous process that is carried out at all time intervals during the life of the system.

The infographic uses data from our ownSearchInform.

In the theory of information security, IS subjects are understood as owners and users of information, and users not only on an ongoing basis (employees), but also users who access databases in isolated cases, for example, government agencies requesting information. In a number of cases, for example, in banking information security standards, the owners of information include shareholders - legal entities that own certain data.

The supporting infrastructure, from the point of view of the basics of information security, includes computers, networks, telecommunications equipment, premises, life support systems, and personnel. When analyzing security, it is necessary to study all elements of systems, paying special attention to personnel as the carrier of most internal threats.

To manage information security and assess damage, an acceptability characteristic is used, thus, damage is determined as acceptable or unacceptable. It is useful for each company to approve its own criteria for accepting damage in monetary terms or, for example, in the form of acceptable harm to reputation. In public institutions, other characteristics may be adopted, for example, the impact on the management process or a reflection of the degree of damage to the life and health of citizens. Criteria of materiality, importance and value of information may change during the life cycle of the information array, therefore, they must be reviewed in a timely manner.

An information threat in the narrow sense is an objective possibility to influence the object of protection, which can lead to leakage, theft, disclosure or dissemination of information. In a broader sense, information security threats will include targeted informational impacts, the purpose of which is to cause damage to the state, organization, or individual. Such threats include, for example, defamation, deliberate misrepresentation, incorrect advertising.

Three main questions of the information security concept for any organization

What to protect?

What types of threats prevail: external or internal?

How to protect, by what methods and means?

Information security system

The information security system for a company - a legal entity includes three groups of basic concepts: integrity, availability and confidentiality. Underneath each are concepts with many characteristics.

Under integrity refers to the resistance of databases, other information arrays to accidental or intentional destruction, unauthorized changes. The concept of integrity can be seen as:

• static, expressed in the immutability, authenticity of information objects to those objects that were created according to a specific technical assignment and contain the amount of information necessary for users for their main activities, in the required configuration and sequence;
• dynamic, implying the correct execution of complex actions or transactions that do not harm the safety of information.

To control dynamic integrity, special technical tools are used that analyze the flow of information, for example, financial, and identify cases of theft, duplication, redirection, and reordering of messages. Integrity as the main characteristic is required when decisions are made on the basis of incoming or available information to take actions. Violation of the order of commands or sequence of actions can cause great damage in the case of a description technological processes, program codes and in other similar situations.

Availability is a property that allows authorized subjects to access or exchange data of interest to them. The key requirement of legitimation or authorization of subjects makes it possible to create different levels of access. The failure of the system to provide information becomes a problem for any organization or user groups. An example is the unavailability of public service websites in the event of a system failure, which deprives many users of the opportunity to receive the necessary services or information.

Confidentiality means the property of information to be available to those users: subjects and processes for which access is initially allowed. Most companies and organizations perceive confidentiality as a key element of information security, but in practice it is difficult to fully implement it. Not all data on existing channels of information leakage is available to the authors of information security concepts, and many technical means of protection, including cryptographic ones, cannot be purchased freely, in some cases the turnover is limited.

Equal properties of information security have different values ​​for users, hence the two extreme categories in the development of data protection concepts. For companies or organizations involved in state secrets, confidentiality will be a key parameter, for public services or educational institutions, the most important parameter will be accessibility.

Information Security Digest

Objects of protection in IS concepts

The difference in subjects generates differences in the objects of protection. Main groups of protected objects:

• information resources of all kinds (a resource is a material object: HDD, another medium, a document with data and details that help to identify it and attribute it to a certain group of subjects);
• the rights of citizens, organizations and the state to access information, the opportunity to obtain it within the framework of the law; access can be limited only by regulatory legal acts, the organization of any barriers that violate human rights is unacceptable;
• a system for creating, using and distributing data (systems and technologies, archives, libraries, regulations);
• a system for the formation of public consciousness (media, Internet resources, social institutions, educational institutions).

Each object involves a special system of measures to protect against threats to information security and public order. Ensuring information security in each case should be based on a systematic approach that takes into account the specifics of the object.

Categories and media

The Russian legal system, law enforcement practice and established social relations classify information according to accessibility criteria. This allows you to clarify the essential parameters necessary to ensure information security:

• information, access to which is restricted on the basis of legal requirements (state secret, commercial secret, personal data);
• information in the public domain;
• publicly available information that is provided under certain conditions: paid information or data for which access is required, for example, a library ticket;
• dangerous, harmful, false and other types of information, the circulation and dissemination of which is limited either by the requirements of laws or corporate standards.

Information from the first group has two protection modes. state secret, according to the law, this is information protected by the state, the free circulation of which can harm the security of the country. This is data in the field of military, foreign policy, intelligence, counterintelligence and economic activities of the state. The owner of this data group is directly the state. The bodies authorized to take measures to protect state secrets are the Ministry of Defense, the Federal Security Service (FSB), the Foreign Intelligence Service, the Federal Service for Technical and Export Control (FSTEC).

Confidential information- a more multifaceted object of regulation. The list of information that may constitute confidential information is contained in Presidential Decree No. 188 "On Approval of the List of Confidential Information". This is personal data; secrecy of the investigation and legal proceedings; official secret; professional secrecy (medical, notarial, lawyer); trade secret; information about inventions and utility models; information contained in the personal files of convicts, as well as information on the enforcement of judicial acts.

Personal data exists in open and confidential mode. The part of personal data that is open and accessible to all users includes the first name, last name, patronymic. According to Federal Law-152 "On Personal Data", personal data subjects have the right to:

• on informational self-determination;
• to access personal personal data and make changes to them;
• to block personal data and access to them;
• to appeal against unlawful actions of third parties committed in relation to personal data;
• for compensation for damages.

The right to is enshrined in the regulations on state bodies, federal laws, licenses for working with personal data issued by Roskomnadzor or FSTEC. Companies that professionally work with personal data of a wide range of people, for example, telecom operators, must enter the register maintained by Roskomnadzor.

A separate object in the theory and practice of information security is information carriers, access to which is open and closed. When developing the IS concept, protection methods are selected depending on the type of media. Main information carriers:

• print and electronic media, social media, other resources on the Internet;
• employees of the organization who have access to information based on their friendships, family, professional ties;
• means of communication that transmit or store information: telephones, automatic telephone exchanges, other telecommunications equipment;
• documents of all types: personal, official, state;
• software as an independent information object, especially if its version was developed specifically for a particular company;
• electronic storage media that process data automatically.

For the purposes of developing information security concepts, information security tools are usually divided into regulatory (informal) and technical (formal).

Informal means of protection are documents, rules, events, formal ones are special technical means and software. The distinction helps to distribute areas of responsibility when creating information security systems: with general protection management, administrative personnel implement regulatory methods, and IT specialists, respectively, technical ones.

The basics of information security imply the division of powers not only in terms of the use of information, but also in terms of working with its protection. This separation of powers requires several levels of control.

Formal remedies

A wide range of technical means of information security protection includes:

Physical means of protection. These are mechanical, electrical, electronic mechanisms that operate independently of information systems and create barriers to access to them. Locks, including electronic ones, screens, blinds are designed to create obstacles for the contact of destabilizing factors with systems. The group is supplemented by means of security systems, for example, video cameras, video recorders, sensors that detect movement or an excess of the degree of electromagnetic radiation in the area where technical means of removing information, embedded devices are located.

Hardware protection. These are electrical, electronic, optical, laser and other devices that are built into information and telecommunication systems. Before introducing hardware into information systems, compatibility must be verified.

Software- these are simple and systemic, complex programs designed to solve particular and complex tasks related to the provision of information security. An example of complex solutions are and: the first serve to prevent leakage, reformatting information and redirecting information flows, the second - provide protection against incidents in the field of information security. Software tools are demanding on the power of hardware devices, and additional reserves must be provided during installation.

can be tested for free for 30 days. Before installing the system, SearchInform engineers will conduct a technical audit at the customer's company.

TO specific means information security includes various cryptographic algorithms that allow you to encrypt information on the disk and redirected through external communication channels. The transformation of information can occur with the help of software and hardware methods that work in corporate information systems.

All means that guarantee the security of information should be used in conjunction, after a preliminary assessment of the value of information and comparing it with the cost of resources spent on protection. Therefore, proposals for the use of funds should be formulated already at the stage of systems development, and approval should be made at the level of management that is responsible for approving budgets.

In order to ensure security, it is necessary to monitor all modern developments, software and hardware protection tools, threats and make timely changes to their own systems of protection against unauthorized access. Only the adequacy and prompt response to threats will help achieve a high level of confidentiality in the company's work.

The first release was released in 2018. This unique program compiles psychological portraits of employees and distributes them into risk groups. This approach to ensuring information security allows you to anticipate possible incidents and take action in advance.

Informal remedies

Informal remedies are grouped into normative, administrative, and moral and ethical ones. At the first level of protection, there are regulatory tools that regulate information security as a process in the organization's activities.

• Regulatory means

In world practice, when developing regulatory tools, they are guided by information security standards, the main one is ISO / IEC 27000. The standard was created by two organizations:

• ISO - International Commission for Standardization, which develops and approves most of the internationally recognized methods for certification of the quality of production and management processes;
• IEC - the International Energy Commission, which introduced its understanding of information security systems, means and methods of its provision into the standard

The current version of ISO / IEC 27000-2016 offers ready-made standards and proven methodologies necessary for the implementation of information security. According to the authors of the methods, the basis of information security lies in the systematic and consistent implementation of all stages from development to post-control.

To obtain a certificate that confirms compliance with information security standards, it is necessary to implement all recommended practices in full. If there is no need to obtain a certificate, any of the earlier versions of the standard, starting with ISO / IEC 27000-2002, or Russian GOSTs, which are advisory in nature, can be taken as the basis for developing your own information security systems.

Based on the results of studying the standard, two documents are being developed that relate to information security. The main, but less formal, is the concept of enterprise information security, which determines the measures and methods for implementing an information security system for information systems of an organization. The second document that all employees of the company are required to comply with is the regulation on information security, approved at the level of the board of directors or the executive body.

In addition to the position at the company level, lists of information constituting a trade secret, annexes to employment contracts, fixing responsibility for the disclosure of confidential data, other standards and methods should be developed. Internal rules and regulations should contain implementation mechanisms and responsibilities. Most often, the measures are disciplinary in nature, and the violator must be prepared for the fact that the violation of the trade secret regime will be followed by significant sanctions, up to and including dismissal.

• Organizational and administrative measures

As part of the administrative activities to protect information security, there is room for creativity for security officers. These are architectural and planning solutions that allow you to protect meeting rooms and executive offices from eavesdropping, and the establishment of various levels of access to information. Important organizational measures will be certification of the company's activities according to ISO/IEC 27000 standards, certification of individual hardware and software systems, certification of subjects and objects for compliance with the necessary security requirements, and obtaining licenses necessary to work with protected information arrays.

From the point of view of regulating the activities of personnel, it will be important to design a system of requests for access to the Internet, external e-mail, and other resources. A separate element will be the receipt of electronic digital signature to enhance the security of financial and other information that is transmitted to government agencies via e-mail channels.

• Moral and ethical measures

Moral and ethical measures determine a person's personal attitude to confidential information or information limited in circulation. Increasing the level of knowledge of employees regarding the impact of threats on the company's activities affects the degree of consciousness and responsibility of employees. To combat violations of the information regime, including, for example, the transmission of passwords, careless handling of media, the dissemination of confidential data in private conversations, it is necessary to emphasize the personal conscience of the employee. It will be useful to establish performance indicators for personnel, which will depend on the attitude towards corporate system IB.

Ensuring information security is a complex social, legal, economic, scientific problem. Only a comprehensive solution of its goals and objectives simultaneously in several planes will be able to exert its regulatory impact on ensuring the information security of the country. The work carried out in this area should have not only a practical orientation, but also a scientific justification.

The main goals of ensuring information security are determined on the basis of sustainable national and economic security priorities that meet the long-term interests of social development, which include:

Preservation and strengthening of Russian statehood and political stability in society;

Preservation and development of democratic institutions of society, ensuring the rights and freedoms of citizens, strengthening law and order;

Ensuring a worthy place and role of the country in the world community;

Ensuring the territorial integrity of the country;

Ensuring progressive socio-economic development;

Preservation of national cultural values ​​and traditions.

In accordance with the specified priorities, the main tasks of ensuring information security are:

Identification, assessment and forecasting of sources of threats to information security;

Development of a state policy for ensuring information security, a set of measures and mechanisms for its implementation;

Development of a regulatory framework for ensuring information security, coordination of activities of state authorities and enterprises to ensure information security;

Development of an information security system, improvement of its organization, forms, methods and means of preventing, parrying and neutralizing threats to information security and eliminating the consequences of its violation;

Ensuring the active participation of the country in the processes of creating the use of global information networks and systems.

The most important principles for ensuring information security are:

1) the legality of measures to detect and prevent offenses in the information sphere;

2) continuity of implementation and improvement of means and methods of control and protection of the information system;

3) economic feasibility, i.e. comparability of possible damage and costs of ensuring information security

4) the complexity of using the entire arsenal of available means of protection in all departments of the company and at all stages of the information process.

The implementation of the information security process includes several stages:

Definition of the object of protection: the rights to protect the information resource, the valuation of the information resource and its main elements, the duration of the life cycle of the information resource, the trajectory of the information process by the functional divisions of the company;

Identification of sources of threats (competitors, criminals, employees, etc.), targets of threats (familiarization, modification, destruction, etc.), possible channels for the implementation of threats (disclosure, leakage, etc.);

Determining the necessary protective measures;

Assessment of their effectiveness and economic feasibility;

Implementation of the measures taken, taking into account the selected criteria;

Communicating the measures taken to the personnel, monitoring their effectiveness and eliminating (preventing) the consequences of threats.

The implementation of the described stages, in fact, is the process of managing the information security of an object and is provided by a control system that includes, in addition to the managed (protected) object itself, means of monitoring its state, a mechanism for comparing the current state with the required one, as well as a mechanism for control actions for localization and prevention of damage due to threats. In this case, it is advisable to consider the achievement of a minimum of information damage as a control criterion, and the goal of control is to ensure the required state of the object in the sense of its information security.

Methods for ensuring information security are divided into legal, organizational, technical and economic.

TO legal methods ensuring information security includes the development of legal acts regulating relations in the information sphere, and regulatory methodological documents on issues of ensuring information security. The most important areas of this activity are:

Introducing amendments and additions to the legislation governing relations in the field of information security in order to create and improve the information security system, eliminate internal contradictions in federal legislation, contradictions associated with international agreements, as well as in order to specify the legal norms establishing responsibility for offenses in the field of information security;

Legislative delineation of powers in the field of ensuring the definition of goals, objectives and mechanisms for the participation of public associations, organizations and citizens in this activity;

Development and adoption of normative legal acts that establish the responsibility of legal entities and individuals for unauthorized access to information, its illegal copying, distortion and illegal use, deliberate dissemination of false information, illegal disclosure of confidential information, use of official information or information containing information for criminal and mercenary purposes trade secret;

Clarification of the status of foreign news agencies, mass media and journalists, as well as investors when attracting foreign investment for the development of domestic information infrastructure;

Legislative consolidation of the priority of development of national communication networks and domestic production of space communication satellites;

Determination of the status of organizations providing services of global information and communication networks and legal regulation of the activities of these organizations;

Creation of a legal framework for the formation of regional information security structures.

organizational and technical information security methods are:

Creation and improvement of the system for ensuring the information security of the state;

Strengthening the law enforcement activities of the authorities, including the prevention and suppression of offenses in the information sphere, as well as the identification, exposure and prosecution of persons who have committed crimes and other offenses in this area;

Development, use and improvement of information security tools and methods for monitoring the effectiveness of these tools, development of secure telecommunication systems, increasing the reliability of special software;

Creation of systems and means to prevent unauthorized access to processed information and special effects that cause destruction, destruction, distortion of information, as well as changes in the regular modes of operation of systems and means of informatization and communication;

Identification of technical devices and programs that pose a threat to the normal functioning of information and communication systems, prevention of interception of information by technical channels, the use of cryptographic means of protecting information during its storage, processing and transmission through communication channels, monitoring the implementation of special requirements for information protection;

Certification of information security tools, licensing of activities in the field of state secret protection, standardization of methods and means of information protection;

Improving the certification system for telecommunications equipment and software for automated information processing systems according to information security requirements;

Control over the actions of personnel in secure information systems, training in the field of ensuring information security of the state;

Formation of a monitoring system for indicators and characteristics of information security in the most important areas of life and activity of society and the state.

Economic Methods ensuring information security include:

Development of programs for ensuring information security of the state and determining the procedure for their financing;

Improving the system of financing work related to the implementation of legal and organizational and technical methods of information protection, creating a system for insuring information risks for individuals and legal entities.

Along with the widespread use of standard methods and tools for the economy, the priority areas for ensuring information security are:

Development and adoption of legal provisions establishing the responsibility of legal entities and individuals for unauthorized access and theft of information, deliberate dissemination of false information, disclosure of trade secrets, leakage of confidential information;

Building a system of state statistical reporting that ensures the reliability, completeness, comparability and security of information by introducing strict legal liability for primary sources of information, organizing effective control over their activities and the activities of statistical information processing and analysis services, limiting its commercialization, using special organizational and software and hardware means of information protection;

Creation and improvement of special means of protecting financial and commercial information;

Development of a set of organizational and technical measures to improve the technology of information activity and information protection in economic, financial, industrial and other economic structures, taking into account information security requirements specific to the economic sphere;

Improving the system of professional selection and training of personnel, systems for selecting, processing, analyzing and disseminating economic information.

Public policy ensuring information security forms the directions of activity of public authorities and management in the field of ensuring information security, including guarantees of the rights of all subjects to information, fixing the duties and responsibilities of the state and its bodies for the information security of the country, and is based on maintaining a balance of interests of the individual, society and the state in information sphere.

The state policy for ensuring information security is based on the following main provisions:

Restriction of access to information is an exception to general principle openness of information, and is carried out only on the basis of legislation;

Responsibility for the safety of information, its classification and declassification is personified;

Access to any information, as well as imposed access restrictions, are carried out taking into account the property rights to this information determined by law;

Formation by the state of a regulatory framework that regulates the rights, duties and responsibilities of all entities operating in the information sphere;

Legal entities and individuals collecting, accumulating and processing personal data and confidential information are liable before the law for their safety and use;

Provision by the state of legal means of protecting society from false, distorted and unreliable information coming through the media;

Implementation of state control over the creation and use of information security tools through their mandatory certification and licensing of activities in the field of information security;

Pursuing a protectionist policy of the state that supports the activities of domestic manufacturers of informatization and information protection tools and takes measures to protect the domestic market from the penetration of low-quality media and information products;

State support in providing citizens with access to world information resources, global information networks,

State formation federal program information security, which unites the efforts of government organizations and commercial structures in creating unified system information security of the country;

The state is making efforts to counter the information expansion of other countries, supports the internationalization of global information networks and systems.

On the basis of the stated principles and provisions, general directions for the formation and implementation of information security policy in the political, economic and other spheres of state activity are determined.

State policy, as a mechanism for coordinating the interests of the subjects of information relations and finding compromise solutions, provides for the formation and organization of the effective work of various councils, committees and commissions with a wide representation of specialists and all interested structures. The mechanisms for the implementation of state policy should be flexible and reflect in a timely manner the changes taking place in the economic and political life of the country.

Legal support of information security of the state is priority formation of mechanisms for implementing the information security policy and includes:

1) rule-making activities to create legislation governing relations in society related to ensuring information security;

2) executive and law enforcement activities for the implementation of legislation in the field of information, informatization and information protection by public authorities and administration, organizations, citizens.

Rule-making activity in the field of information security provides:

Assessment of the state of the current legislation and development of a program for its improvement;

Creation of organizational and legal mechanisms for ensuring information security;

Formation of the legal status of all subjects in the information security system, users of information and telecommunication systems and determination of their responsibility for ensuring information security;

Development of an organizational and legal mechanism for collecting and analyzing statistical data on the impact of information security threats and their consequences, taking into account all types of information;

Development of legislative and other normative acts regulating the procedure for eliminating the consequences of the impact of threats, restoring violated rights and resources, and implementing compensatory measures.

Executive and law enforcement activities provides for the development of procedures for the application of legislation and regulations to subjects who have committed crimes and misdemeanors when working with confidential information and violated the rules of information interactions. All activities for the legal support of information security are based on three fundamental provisions of law: compliance with the law, ensuring a balance of interests of individual subjects and the state, and the inevitability of punishment.

Compliance with the rule of law implies the existence of laws and other regulations, their application and enforcement by subjects of law in the field of information security.

12.3. THE STATE OF INFORMATION SECURITY IN RUSSIA

Assessment of the state of information security of the state involves an assessment of existing threats. Clause 2 of the “Information Security Doctrine of the Russian Federation” 1 identifies the following threats to the information security of the Russian Federation:

Threats to the constitutional rights and freedoms of man and citizen in the field of spiritual life and information activities, individual, group and public consciousness, the spiritual revival of Russia;

Threats to the information support of the state policy of the Russian Federation;

Threats to the development of the domestic information industry, including the industry of informatization, telecommunications and communications, to meeting the needs of the domestic market for its products and the entry of these products to the world market, as well as to ensuring the accumulation, preservation and efficient use of domestic information resources;

__________________________________________________________________

Threats to the security of information and telecommunication systems, both already deployed and being created on the territory of Russia.

External sources of threats to Russia's information security include:

1) activities of foreign political, economic, military, intelligence and information structures directed against the Russian Federation in the information sphere;

2) the desire of a number of countries to dominate and infringe upon the interests of Russia in the global information space, ousting it from the external and internal information markets;

3) aggravation of international competition for the possession of information technologies and resources;

4) activities of international terrorist organizations;

5) increasing the technological gap between the leading powers of the world, building up their capabilities to counteract the creation of competitive Russian information technologies;

6) activities of space, air, sea and ground technical and other means (types) of reconnaissance of foreign states;

7) development by a number of states of concepts information wars providing for the creation of means of dangerous influence on the information spheres of other countries of the world, disruption of the normal functioning of information and telecommunication systems, the safety of information resources, obtaining unauthorized access to them.

Internal sources of threats to Russia's information security include:

1) the critical state of domestic industries;

2) an unfavorable criminogenic situation, accompanied by trends in the merging of state and criminal structures in the information sphere, obtaining access to confidential information by criminal structures, increasing the influence of organized crime on society, reducing the degree of protection of the legitimate interests of citizens, society and the state in the information sphere;

3) insufficient coordination of the activities of federal state authorities, state authorities of the constituent entities of the Russian Federation in the formation and implementation of a unified state policy in the field of ensuring information security of the Russian Federation;

4) insufficient development of the regulatory legal framework governing relations in the information sphere, as well as insufficient law enforcement practice;

5) underdevelopment of civil society institutions and insufficient control over the development of the Russian information market;

6) insufficient economic power of the state;

7) decrease in the efficiency of the education and upbringing system, insufficient number of qualified personnel in the field of information security;

8) Russia's lag behind the leading countries of the world in terms of the level of informatization of federal government bodies, the credit and financial sector, industry, Agriculture, education, healthcare, services and everyday life of citizens.

In recent years, Russia has implemented a set of measures to improve its information security. Measures have been taken to ensure information security in federal government bodies, government bodies of the constituent entities of the Russian Federation, at enterprises, institutions and organizations, regardless of the form of ownership. Work has been launched to create a secure information and telecommunication system for special purposes in the interests of public authorities.

The state system of information protection, the system of protection of state secrets and the system of certification of information security tools contribute to the successful solution of issues of ensuring information security of the Russian Federation.

The structure of the state information security system is made up of:

Bodies of state power and administration of the Russian Federation and subjects of the Russian Federation, solving the tasks of ensuring information security within their competence;

State and interdepartmental commissions and councils specializing in information security issues;

State Technical Commission under the President of the Russian Federation;

Federal Security Service of the Russian Federation;

Ministry of Internal Affairs of the Russian Federation;

Ministry of Defense of the Russian Federation;

Federal Agency for Government Communications and Information under the President of the Russian Federation;

Foreign Intelligence Service of the Russian Federation;

Structural and intersectoral divisions for the protection of information of public authorities;

Head and leading research, scientific and technical, design and engineering organizations for information security;

Educational institutions providing training and retraining of personnel for work in the information security system.

The State Technical Commission under the President of the Russian Federation, being a government body, implements a unified technical policy and coordinates work in the field of information security, heads the state system for protecting information from technical intelligence, is responsible for ensuring the protection of information from leakage through technical channels on the territory of Russia, monitors the effectiveness of the protection measures taken.

A special place in the system of information security is occupied by state and public organizations that exercise control over the activities of state and non-state mass media.

To date, a legislative and regulatory framework has been formed in the field of information security in Russia, which includes:

1. Laws of the Russian Federation:

the Constitution of the Russian Federation;

“On banks and banking activities”;

"On Security";

"On Foreign Intelligence";

"On State Secrets";

"About communication";

"On certification of products and services";

"About mass media";

"On standardization";

“On information, information technologies and information protection”;

“On Bodies of the Federal Security Service in the Russian Federation”;

"On the obligatory copy of documents";

“On participation in international information exchange”;

"O6 digital signature", etc.

2. Regulatory legal acts of the President of the Russian Federation:

"Information Security Doctrine of the Russian Federation";

"On the national security strategy of the Russian Federation until 2020";

"On some issues of the interdepartmental commission for the protection of state secrets";

"On the list of information classified as state secrets";

"On the foundations of state policy in the field of informatization";

"On approval of the list of confidential information", etc.

Z. Normative legal acts of the Government of the Russian Federation:

"On certification of information security tools";

“On Licensing the Activities of Enterprises, Institutions and Organizations for Carrying out Works Related to the Use of Information Constituting a State Secret, the Creation of Information Security Tools, as well as the Implementation of Measures and (or) the Provision of Services for the Protection of State Secrets”;

"On the approval of the rules for classifying information constituting a state secret to various degrees of secrecy";

About Licensing certain types activity", etc.

4. Guiding documents of the State Technical Commission of Russia:

"The concept of protection of computer equipment and automated systems from unauthorized access to information";

«Means of computer technology. Protection against unauthorized access to information. Indicators of security from unauthorized access to information”;

«Automated systems. Protection against unauthorized access to information. Classification of automated systems and requirements for information protection”;

"Data protection. Special security marks. Classification and general requirements”;

"Protection against unauthorized access to information. Part 1. Software means of information protection. Classification by the level of control of the absence of non-declared capabilities.

5. Civil Code of the Russian Federation (part four).

6. Criminal Code of the Russian Federation.

International cooperation in the field of ensuring information security is an integral part of the economic, political, military, cultural and other types of interaction between countries that are part of the world community. Such cooperation should enhance the information security of all members of the world community, including Russia. The peculiarity of the international cooperation of the Russian Federation in the field of ensuring information security lies in the fact that it is carried out in the context of increased international competition for the possession of technological and information resources, for dominance in sales markets, strengthening the technological separation of the leading powers of the world and building up their capabilities to create "information weapons" . This may lead to a new stage in the development of the arms race in the information sphere.

International cooperation in the field of information security is based on the following regulatory framework:

Agreement with the Republic of Kazakhstan of January 13, 1995, with Moscow (Decree of the Government of the Russian Federation of May 15, 1994 Nch 679);

Agreement with Ukraine of June 14, 1996, Kiev (Decree of the Government of the Russian Federation of June 7, 1996 Ns 655);

Agreement with the Republic of Belarus (Draft);

Issuance of certificates and licenses for international information exchange (Federal Law of July 4, 1996 X 85-FZ).

The main areas of international cooperation that meet the interests of the Russian Federation are:

Prevention of unauthorized access to confidential information in international banking networks and in the channels of information support of world trade, to confidential information in international economic and political unions, blocs and organizations, to information in international law enforcement organizations fighting international organized crime and international terrorism;

Prohibition of the development, distribution and use of "information weapons";

Ensuring the security of international information exchange, including the safety of information during its transmission through national telecommunications networks and communication channels;

Coordination of activities of law enforcement agencies of states - participants of international cooperation to prevent computer crimes;

Participation in international conferences and exhibitions on the problem of information security.

Particular attention in the course of cooperation should be paid to the problems of interaction with the CIS countries, taking into account the prospects for creating a single information space on the territory of the former USSR, within which practically unified telecommunication systems and communication lines are used.

At the same time, an analysis of the state of information security in Russia shows that its level does not fully meet the needs of society and the state. The current conditions of the political and socio-economic development of the country cause an aggravation of contradictions between the needs of society to expand the free exchange of information and the need to maintain certain regulated restrictions on its dissemination.

Enshrined in the Constitution of the Russian Federation, the rights of citizens to privacy, personal and family secrets, and privacy of correspondence do not have sufficient legal, organizational and technical support. The protection of personal data collected by federal state authorities is unsatisfactorily organized.

There is no clarity in the implementation of state policy in the field of the formation of the Russian information space, the development of the mass media system, the organization of international information exchange and the integration of the Russian information space into the world information space, which creates conditions for the displacement of Russian news agencies, the media from the domestic information market and deformation structures of international information exchange.

There is insufficient government support for the activities of Russian news agencies to promote their products on the international information market.

The situation with ensuring the safety of information constituting a state secret is deteriorating.

Serious damage has been inflicted on the personnel potential of scientific and production teams operating in the field of creating informatization, telecommunications and communications, as a result of the mass departure of the most qualified specialists from these teams.

The lag of domestic information technologies forces the state authorities of the Russian Federation, when creating information systems, to follow the path of purchasing imported equipment and attracting foreign firms, which increases the likelihood of unauthorized access to processed information and increases Russia's dependence on foreign manufacturers of computer and telecommunications equipment, as well as software. security.

In connection with the intensive introduction of foreign information technologies into the spheres of activity of the individual, society and the state, as well as with the widespread use of open information and telecommunication systems, the integration of domestic and international information systems, the threat of using "information weapons" against the information infrastructure of Russia has increased. Work on an adequate comprehensive response to these threats is being carried out with insufficient coordination and weak budget financing.

Control questions

1. What is the place of information security in the system of economic security of the state? Show on examples the importance of information security in ensuring the economic security of the state?

2. What is the reason for the increasing importance of information security in the modern period?

3. Describe the main categories of information security: information, informatization, document, information process, information system, information resources, personal data, confidential information.

4. What are the interests of the individual, society and the state in the information sphere?

5. What types of information security threats exist?

6. Name the ways in which threats affect information security objects.

7. Explain the concept of "information war".

8. List the external sources of threats to Russia's information security.

9. List the internal sources of threats to the information security of Russia.

10. What regulations ensure information security on the territory of the Russian Federation?

11. What international regulations in the field of information security do you know?

12. What is the essence of the state policy of ensuring information security?

13. List the methods of ensuring information security.

14. Describe the structure of the state information security system

15. Give an assessment of the state of information security in Russia.

Confidential information is of great interest to competing firms. It is she who becomes the cause of encroachment by intruders.

Many problems are associated with underestimation of the importance of the threat, as a result of which this can lead to collapse and bankruptcy for the enterprise. Even a single case of negligence of the working staff can bring the company multimillion-dollar losses and loss of customer confidence.

Threats expose data on the composition, status and activities of the company. The sources of such threats are its competitors, corrupt officials and criminals. Of particular value to them is familiarization with protected information, as well as its modification in order to cause financial damage.

Even 20% leakage of information can lead to such an outcome. Sometimes the loss of company secrets can happen by accident, due to the inexperience of the staff, or due to the lack of security systems.

For information that is the property of the enterprise, there may be threats of the following types.

Threats to the confidentiality of information and programs. May occur after illegal access to data, communication channels or programs. Containing or sent data from a computer can be intercepted through leak channels.

For this, special equipment is used that analyzes the electromagnetic radiation received while working on a computer.

Risk of damage. Illegal actions of hackers can lead to routing distortion or loss of transmitted information.

Availability threat. Such situations prevent a legitimate user from using services and resources. This happens after they are captured, data is received on them, or lines are blocked by intruders. Such an incident may distort the reliability and timeliness of the transmitted information.

There are three important conditions, which will allow a Russian citizen: an ideal business plan, a well-thought-out accounting and personnel policy and the availability of free cash.

Preparation of documents for opening an LLC requires a certain amount of time. It takes about 1-2 days to open a bank account. Read more about the documents required to open an LLC here.

The risk of refusal to execute transactions. Refusal of the user from the information transmitted by him in order to avoid liability.

internal threats. Such threats are of great danger to the enterprise. They come from inexperienced managers, incompetent or unqualified personnel.

Sometimes employees of an enterprise can deliberately provoke an internal leak of information, thus showing their dissatisfaction with their salary, work or colleagues. They can easily present all the valuable information of the enterprise to its competitors, try to destroy it, or deliberately introduce a virus into computers.

Ensuring information security of the enterprise

The most important accounting processes are automated by the corresponding class of systems, the security of which is achieved by a whole range of technical and organizational measures.

They include an anti-virus system, protection of firewalls and electromagnetic radiation. Systems protect information on electronic media, data transmitted over communication channels, restrict access to diverse documents, create backup copies and restore confidential information after damage.

A full-fledged provision of information security at the enterprise should be and be under full control all year round, in real time around the clock. At the same time, the system takes into account the entire life cycle of information, from the moment it appears to its complete destruction or loss of significance for the enterprise.

For safety and to prevent data loss in the information security industry, protection systems are being developed. Their work is based on complex software systems with a wide range of options that prevent any data loss.

The specificity of the programs is that for their proper functioning, a legible and well-oiled model of internal circulation of data and documents is required. Security analysis of all steps when using information is based on working with databases.

Ensuring information security can be carried out using online tools, as well as products and solutions offered on various Internet resources.

The developers of some of these services have managed to correctly compose an information security system that protects against external and internal threats, while providing an ideal balance of price and functionality. The proposed flexible modular complexes combine the work of hardware and software.

Kinds

The logic of functioning of information security systems involves the following actions.

Predicting and quickly recognizing threats to data security, motives and conditions that contributed to damage to the enterprise and caused failures in its work and development.

Creating such working conditions under which the level of danger and the likelihood of damage to the enterprise are minimized.

Compensation for damages and minimization of the impact of identified damage attempts.

Information security tools can be:

• technical;
• software;
• cryptographic;
• organizational;
• legislative.

Organization of information security at the enterprise

All entrepreneurs always strive to ensure the availability of information and confidentiality. To develop suitable information protection, the nature of possible threats, as well as the forms and methods of their occurrence, are taken into account.

The organization of information security in the enterprise is carried out in such a way that a hacker can face many levels of protection. As a result, the attacker is unable to penetrate the protected part.

The most effective way to protect information is a cryptographically strong encryption algorithm during data transmission. The system encrypts the information itself, and not just access to it, which is also relevant for.

The structure of access to information should be multi-level, in connection with which only selected employees are allowed to access it. Right full access to the entire volume of information should have only trustworthy persons.

The list of information relating to information of a confidential nature is approved by the head of the enterprise. Any violations in this area should be punished by certain sanctions.

Protection models are provided for by the relevant GOSTs and are standardized by a number of comprehensive measures. Currently, special utilities have been developed that monitor the state of the network around the clock and any warnings of information security systems.

Keep in mind that inexpensive wireless network cannot provide the required level of protection.

To avoid accidental loss of data due to inexperienced employees, administrators should conduct training sessions. This allows the enterprise to monitor the readiness of employees for work and gives managers confidence that all employees are able to comply with information security measures.

The atmosphere of a market economy and a high level of competition make company leaders always be on the alert and quickly respond to any difficulties. Over the past 20 years, information technology has been able to enter all areas of development, management and business.

From the real world, business has long turned into a virtual one, just remember how they became popular, which has its own laws. Currently, virtual threats to the information security of an enterprise can inflict enormous real harm on it. By underestimating the problem, leaders risk their business, reputation, and credibility.

Most businesses regularly suffer losses due to data breaches. The protection of enterprise information should be a priority in the development and operation of a business. Ensuring information security is the key to success, profit and achievement of the company's goals.