Prevention of information threats. Types of known threats. Other dangerous programs

Information security in the broadest sense is a set of means of protecting information from accidental or intentional impact. Regardless of what is the basis of the impact: natural factors or artificial reasons - the owner of the information incurs losses.

Information security principles

• Integrity informational data means the ability of information to maintain its original appearance and structure both during storage and after repeated transmission. Only the owner or user with legal access to the data has the right to make changes, delete or supplement information.
• Confidentiality - a characteristic that indicates the need to restrict access to information resources for a certain circle of people. In the course of actions and operations, information becomes available only to users who are included in information systems and have successfully passed identification.
• Availability information resources means that information that is freely available should be provided to full users of resources in a timely and unimpeded manner.
• Credibility indicates that the information belongs to a trusted person or owner, who at the same time acts as a source of information.

Provision and support of information security include a complex of multifaceted measures that prevent, monitor and eliminate unauthorized access by third parties. Information security measures are also aimed at protecting against damage, distortion, blocking or copying of information. It is essential that all tasks are solved simultaneously, only then full-fledged, reliable protection is provided.

A comprehensive solution to information security problems is provided by a DLP system. controls the maximum number of data transmission channels and provides the company's information security service with a large set of tools for internal investigations.

The main questions about the information method of protection are especially acute, when hacking or theft with distortion of information will pull a number of serious consequences and financial losses.

The logical chain of information transformation created using modeling looks as follows:

THREATENING SOURCE ⇒ SYSTEM VULNERABILITY FACTOR ⇒ ACTION ( SECURITY THREAT) ⇒ ATTACK ⇒ CONSEQUENCES

Types of information security threats

Information threat refers to the potential impact or impact on an automated system with the subsequent infliction of damage on someone's needs.

Today there are more than 100 positions and varieties of threats to the information system. It is important to analyze all risks using different diagnostic techniques. Based on the analyzed indicators with their details, you can competently build a system of protection against threats in the information space.

Information security threats do not manifest themselves independently, but through possible interaction with the weakest links of the protection system, that is, through vulnerability factors. The threat leads to the disruption of the systems on a specific carrier object.

The main vulnerabilities arise due to the following factors:

• imperfection of software, hardware platform;
• different characteristics of the structure of automated systems in the information flow;
• some of the systems functioning processes are defective;
• inaccuracy of information exchange protocols and interface;
• difficult operating conditions and location of information.

More often than not, threat sources are launched with the aim of obtaining illegal benefits due to information damage. But the accidental action of threats is also possible due to the insufficient degree of protection and the massive action of the threatening factor.

There is a division of vulnerabilities by classes, they can be:

• objective;
• random;
• subjective.

If you eliminate or at least mitigate the impact of vulnerabilities, you can avoid a full-fledged threat aimed at the information storage system.

Objective vulnerabilities

This type directly depends on the technical design of the equipment at the facility requiring protection and its characteristics. Complete disposal of these factors is impossible, but their partial elimination is achieved with the help of engineering and technical methods in the following ways:

1. Related to technical means of radiation:

• electromagnetic techniques (side variants of radiation and signals from cable lines, elements of technical equipment);
• sound options (acoustic or with the addition of vibration signals);
• electrical (slippage of signals in the circuits of the electrical network, on pickups on lines and conductors, on uneven current distribution).

2. Activated:

• malware, illegal programs, technological exits from programs, which are collectively referred to as "software bookmarks";
• equipment bookmarks are factors that are introduced directly into telephone lines, into electrical networks, or simply into premises.

3. Those that are created by the characteristics of the object under protection:

• the location of the object (visibility and absence of a controlled area around the information object, the presence of vibration or sound-reflecting elements around the object, the presence of remote elements of the object);
• organization of information exchange channels (use of radio channels, lease of frequencies or use of general networks).

4. Those that depend on the characteristics of the carrier elements:

• parts with electro-acoustic modifications (transformers, telephone devices, microphones and loudspeakers, inductors);
• things that are influenced by the electromagnetic field (media, microcircuits and other elements).

Random vulnerabilities

These factors depend on the contingencies and characteristics of the environment of the information environment. It is almost impossible to predict them in the information space, but it is important to be prepared for their quick elimination. Such problems can be eliminated by conducting an engineering investigation and retaliating against a threat to information security:

1. System failures and failures:

• due to a malfunction of technical means at different levels of information processing and storage (including those responsible for the system's performance and for controlling access to it);
• malfunctions and obsolescence of individual elements (demagnetization of data carriers such as floppy disks, cables, connecting lines and microcircuits);
• failures of various software that supports all links in the chain of information storage and processing (antiviruses, applications and service programs);
• interruptions in the operation of auxiliary equipment of information systems (problems at the power transmission level).

2. Factors weakening information security:

• damage to communications such as water supply or electricity, as well as ventilation, sewerage;
• malfunctions in the operation of enclosing devices (fences, overlappings in a building, equipment enclosures where information is stored).

Subjective vulnerabilities

In most cases, this subspecies is the result of incorrect actions of employees at the level of development of information storage and protection systems. Therefore, the elimination of such factors is possible using techniques using hardware and software:

1. Inaccuracies and gross errors that violate information security:

• at the stage of loading ready-made software or preliminary development of algorithms, as well as at the time of its use (possibly during daily operation, during data entry);
• at the stage of managing programs and information systems (difficulties in the process of learning to work with the system, setting up services on an individual basis, while manipulating information flows);
• while using technical equipment (at the stage of switching on or off, operating devices for transmitting or receiving information).

2. System malfunctions in the information space:

• personal data protection regime (the problem is created by dismissed employees or existing employees outside of working hours, they get unauthorized access to the system);
• safety and security mode (while gaining access to the facility or to technical devices);
• while working with technical devices (there may be violations in energy conservation or equipment provision);
• while working with data (transformation of information, its preservation, search and destruction of data, elimination of defects and inaccuracies).

Vulnerability ranking

Each vulnerability must be considered and evaluated by specialists. Therefore, it is important to determine the criteria for assessing the risk of a threat and the likelihood of damage or bypassing information protection. Metrics are calculated using a ranking application. Among all the criteria, there are three main ones:

• Availability is a criterion that takes into account how convenient it is for the source of threats to use a certain type of vulnerability in order to breach information security. The indicator includes the technical data of the information carrier (such as the size of the equipment, its complexity and cost, as well as the possibility of using non-specialized systems and devices for hacking information systems).

• Fatality - a characteristic that assesses the depth of the impact of vulnerability on the ability of programmers to cope with the consequences of the created threat for information systems. If we evaluate only objective vulnerabilities, then their information content is determined - the ability to transmit a useful signal with confidential data to another place without deforming it.
• amount - the characteristic of counting the details of the storage system and the implementation of information, which are inherent in any kind of vulnerability in the system.

Each indicator can be calculated as the arithmetic mean of the coefficients of individual vulnerabilities. A formula is used to assess the degree of danger. The maximum estimate of the set of vulnerabilities is 125, this number is in the denominator. And the numerator contains a product from KD, KF and KK.

To find out information about the degree of protection of the system accurately, you need to involve the analytical department with experts. They will assess all vulnerabilities and draw up an information map on a five-point scale. One corresponds to the minimum possibility of influencing the protection of information and bypassing it, and the five corresponds to the maximum level of influence and, accordingly, danger. The results of all analyzes are summarized in one table, the degree of influence is divided into classes for the convenience of calculating the system vulnerability coefficient.

What sources threaten information security?

If we describe the classification of threats that bypass information security protection, then we can distinguish several classes. The concept of classes is necessary, because it simplifies and systematizes all factors without exception. The basis includes such parameters as:

1. The rank of intentional intervention in the information security system:

• the threat posed by personnel negligence in the information dimension;
• a threat, initiated by fraudsters, and they do it for personal gain.

2. Appearance characteristics:

• the threat to information security, which is provoked by human hands and is artificial;
• natural threats that are beyond the control of information protection systems and are caused by natural disasters.

3. Classification of the immediate cause of the threat. The culprit could be:

• a person who divulges confidential information by bribing company employees;
• a natural factor that comes in the form of a catastrophe or local disaster;
• software with the use of specialized devices or the introduction of malicious code into technical equipment, which disrupts the functioning of the system;
• accidental deletion of data, authorized hardware and software funds, failure of the operating system.

4. The degree of activity of threats to information resources:

• at the time of data processing in the information space (action of mailings from virus utilities);
• at the moment of receiving new information;
• regardless of the activity of the information storage system (in the case of breaking ciphers or crypto protection of information data).

There is another classification of sources of information security threats. It is based on other parameters and is also taken into account when analyzing a system malfunction or hacking. Several indicators are taken into account.

Classification of threats

However, one should not forget about such threats as accidental and deliberate. Studies have shown that data in systems regularly undergo different reactions at all stages of the information processing and storage cycle, as well as during the operation of the system.

The sources of random reactions are factors such as:

• equipment malfunctions;
• periodic noises and backgrounds in communication channels due to the influence of external factors (the channel bandwidth, bandwidth is taken into account);
• inaccuracies in software;
• errors in the work of employees or other employees in the system;
• specifics of the Ethernet environment;
• force majeure during natural disasters or frequent power outages.

It is convenient to use a SIEM system to control events in software and hardware sources. processes the flow of events, identifies threats and collects results in a single interface, which speeds up internal investigations.

Errors in the functioning of software are most common, and the result is a threat. All programs are developed by people, so the human factor and errors cannot be eliminated. Workstations, routers, servers are built on the work of people. The higher the complexity of the program, the greater the possibility of disclosing errors in it and detecting vulnerabilities that lead to information security threats.

Some of these errors do not lead to undesirable results, for example, server shutdown, unauthorized use of resources, system inoperability. Such platforms, on which information was stolen, can become a platform for further attacks and pose a threat to information security.

To ensure the security of information in this case, you need to take advantage of updates. You can install them using packs released by developers. Placing unauthorized or unlicensed software can only make matters worse. Also, problems are likely not only at the software level, but also generally related to the protection of information security in the network.

An intentional threat to information security is associated with criminal misconduct. An employee of a company, a visitor to an information resource, competitors or hired persons can act as an information criminals. There can be several reasons for committing a crime: monetary motives, dissatisfaction with the work of the system and its safety, a desire to assert itself.

It is possible to simulate the actions of an attacker in advance, especially if you know his purpose and motives of actions:

• A person has information about the functioning of the system, its data and parameters.
• The skill and knowledge of the fraudster allows him to act at the developer level.
• The criminal is able to choose the most vulnerable spot in the system and freely penetrate the information, become a threat to it.
• An interested person can be any person, both an employee and an outside intruder.

For example, for bank employees, such intentional threats can be identified that can be implemented during activities in the institution:

• Familiarization of employees of the enterprise with information inaccessible to them.
• Personal data of people who do not work in this bank.
• Software bookmarks with threats to the information system.
• Copying software and data without prior permission for personal use.
• Stealing printed information.
• Theft of electronic media.
• Deliberate removal of information in order to hide facts.
• Making a local attack on an information system.
• Refusal of possible control of remote access or denial of the fact of receiving data.
• Removing bank data from the archive without permission.
• Unauthorized correction of bank statements by a non-reporting person.
• Modification of messages that pass along the paths of links.
• Unauthorized destruction of data damaged by a virus attack.

Information Security Digest

Specific examples of information security and data access violations

Unauthorized access is one of the most "popular" methods of computer offenses. That is, a person who makes unauthorized access to a person's information violates the rules that are fixed by the security policy. With such access, they openly exploit errors in the security system and penetrate the core of information. Incorrect settings and settings of protection methods also increase the possibility of unauthorized access. Access and threats to information security are made both by local methods and by special hardware installations.

With the help of access, a fraudster can not only gain access to information and copy it, but also make changes, delete data. This is done using:

• interception of indirect electromagnetic cures from equipment or its elements, from communication channels, power supply or grounding grids;
• technological control panels;
• local data access lines (terminals of system administrators or employees);
• firewalls;
• error detection methods.

Of the whole variety of methods of access and threats to information, one can conditionally single out the main crimes:

• Interception of passwords;
• "Masquerade";
• Illegal use of privileges.

Interception of passwords is a common access technique encountered by most employees and those involved in information security. This fraud is possible with the participation of special programs that simulate a window for entering a name and password on the monitor screen. The entered data falls into the hands of the attacker, and then a message appears on the display about the incorrect operation of the system. Then the authorization window may pop up again, after which the data again fall into the hands of the information interceptor, and this provides full access to the system, it is possible to make your own changes. There are other methods of intercepting a password, so it is worth using encryption of passwords during transmission, and this can be done using special programs or RSA.

Information threat method "Masquerade" is largely a continuation of the previous technique. The bottom line is actions in the information system on behalf of another person in the company's network. There are such possibilities for implementing the plans of attackers in the system:

• Transfer of false data in the system on behalf of another person.
• Getting into the information system under the data of another employee and further actions (with preliminary interception of the password).

The "Masquerade" is especially dangerous in banking systems, where manipulations with payments lead the company to a loss, and blame and responsibility are imposed on another person. In addition, the bank's clients suffer.

Illegal use of privileges - the name of the type of information theft and undermining the security of the information system speaks for itself. It is the administrators who are endowed with the maximum list of actions; these people become victims of intruders. When using this tactic, the "masquerade" continues, when an employee or a third party gains access to the system on behalf of the administrator and performs illegal manipulations bypassing the information security system.

But there is a nuance: in this type of crime, you need to intercept the list of privileges from the system in advance. This can happen through the fault of the administrator himself. To do this, you need to find an error in the protection system and enter it unauthorized.

Information security threat can be carried out at a deliberate level during data transport. This is relevant for telecommunication systems and information grids. Intentional violation should not be confused with authorized modification of information. The latter option is carried out by persons who have the authority and justified tasks requiring changes. Violations lead to system breakdown or complete deletion of data.

There is also an information security threat that violates data confidentiality and privacy. All information is received by a third party, that is, an outsider without access rights. Information confidentiality is always violated when unauthorized access to the system is obtained.

A threat to the protection of information security can disrupt the performance of a company or an individual employee. These are situations in which access to information or resources for obtaining it is blocked. One employee creates a blocking situation, intentionally or accidentally, while the second stumbles upon a blockage and receives a denial of service. For example, a failure is possible during circuit or packet switching, and a threat arises when information is transmitted over satellite systems. They are classified as primary or immediate options, since creation leads to a direct impact on the protected data.

There are the following types of main threats to information security in local sizes:

• Computer viruses that violate information security. They have an impact on the information system of one computer or PC network after entering the program and independent reproduction. Viruses are capable of stopping the system from functioning, but mostly they act locally;
• "Worms" - modification of virus programs, bringing the information system into a state of blockage and overload. The software is activated and replicated independently, during each computer boot. Memory and communication channels are overloaded;
• "Trojan horses" - programs that are embedded on a computer under the guise of useful software. But in reality, they copy personal files, transfer them to the attacker, and destroy useful information.

Even your computer's security system poses a number of security threats. Therefore, programmers need to take into account the threat of examining protection system parameters. Sometimes harmless network adapters can also become a threat. It is important to pre-set the parameters of the protection system, its characteristics and provide for possible bypass paths. After a thorough analysis, you can understand which systems require the highest degree of security (focus on vulnerabilities).

Disclosure of protection system parameters are classified as indirect security threats. The fact is that the disclosure of parameters will not allow the fraudster to implement his plan and copy the information, make changes to it. An attacker will only understand on what principle to act and how to implement a direct threat to the protection of information security.

In large enterprises, methods that protect information security should be managed by a special security service of the company. Its employees must look for ways to influence information and eliminate all kinds of breakthroughs by intruders. According to local acts, a security policy is being developed, which is important to strictly observe. It is worth paying attention to the exclusion of the human factor, as well as to maintain in good working order all technical means related to the security of information.

Damage caused

The degree and manifestation of damage can be different:

• Moral and material damageinflicted on individuals whose information has been stolen.
• Financial damagecaused by a fraudster in connection with the cost of restoring information systems.
• Material costsassociated with the impossibility of performing work due to changes in the information security system.
• Moral damagethat is related to the business reputation of the company or has resulted in a breach of relationships at the global level.

A person who has committed an offense (obtained unauthorized access to information or hacked security systems) has the possibility of causing damage. Also, damage can be caused regardless of the subject with information, but due to external factors and influences (man-made disasters, natural disasters). In the first case, the blame falls on the subject, and the corpus delicti is determined and punishment is imposed through judicial proceedings.

It is possible to commit an act:

• with criminal intent (direct or indirect);
• through negligence (without intentional harm).

Responsibility for an offense in relation to information systems is selected in accordance with the current legislation of the country, in particular, under the criminal code in the first case. If the crime was committed by negligence, and the damage was inflicted on a small scale, then the situation is considered by civil, administrative or arbitration law.

Damage to the information space is considered to be unfavorable for the owner (in this case information) consequences associated with the loss of tangible property. The consequences are manifested as a result of the offense. The damage to information systems can be expressed in the form of a decrease in profit or a loss of profit, which is regarded as a lost profit.

The main thing is to go to court in time and find out the corpus delicti. The damage must be classified in accordance with legal acts and proven in court proceedings, and it is also important to identify the extent of the actions of individuals, the amount of their punishment based on legislation. Such crimes and security are most often dealt with by the cyber police or the country's security service, depending on the volume and significance of the interference with information.

The stage of information protection is considered the most relevant today and is required by any enterprise. You need to protect not only the PC, but also all technical devices in contact with information. All data can become a weapon in the hands of intruders, so the confidentiality of modern IT systems must be at the highest level.

The simultaneous use of DLP and SIEM systems solves the problem of data protection more efficiently. You can try the programs in practice during a free 30-day trial.

The delays of the party attacking information security are possible only in connection with the passage of the protection system. There are no absolute ways to protect yourself from threats, so the information protection system must always be improved, since fraudsters also improve their methods. A universal method has not yet been invented that suits everyone and gives one hundred percent protection. It is important to stop intruders from infiltrating at an early level.

One of the main features of the information security problem is the requirement for the completeness of the definition of information threats that are potentially possible in modern information systems. Even one unaccounted for (undetected, not taken into account) destabilizing factor can significantly reduce (and even negate) the effectiveness of protection.

- this is a potentially existing possibility of accidental or deliberate action or inaction, as a result of which the security of information (data) may be compromised.

Information security threat - a set of conditions and factors that create a potential or real-life danger associated with information leakage and / or unauthorized and / or unintentional impacts on it.

A threat - this is a person, thing, event or idea that poses some danger to values \u200b\u200bin need of protection.

A threat - this is the potential to violate information security in a certain way.

An attempt to implement a threat is called an attack, and the one who makes such an attempt is called an attacker. Potential attackers are referred to as threat sources.

The most common threat is the consequence of the presence of vulnerabilities in the information security system. The time interval from the moment when it becomes possible to exploit a vulnerability until the moment when changes are made to the protection system that eliminate this vulnerability is called the window of danger associated (associated) with this vulnerability.

Reasons for system vulnerability:

- Features of the technical means used in the electronic data processing system.

For example, if information is written to a floppy disk, then its integrity can be easily violated due to mechanical damage, exposure to temperature and humidity, electromagnetic fields and other factors.

- Features of the software used.

For example, passwords for Internet access can be stored in a file on disk. Therefore, there is a threat that an attacker will find this file and use someone else's password to access the Internet.

- Features of the behavior of personnel working with the electronic data processing system.

For example, some users write down their passwords for access to various resources on separate pieces of paper and keep these records right at the workplace. Naturally, there is a threat that an attacker can find such a piece of paper and use someone else's password.

Many vulnerabilities cannot be eliminated and are a permanent cause of the threat. As for the features of the software, as a rule, vulnerabilities are identified during operation and eliminated by releasing new versions and "service packs" of programs. It is for such vulnerabilities that the concept of "danger window" is most often used. It "opens" with the emergence of means to exploit this security gap and is eliminated when the vulnerability is eliminated.

For most vulnerabilities, the window of danger exists for a relatively long time, since during this time the following events should occur:

Means of exploiting this security gap should be made aware

Ways to close this gap must be found

Methods of eliminating this gap should be implemented, that is, appropriate changes should be made to the program

These changes must be made to all users using this program

Information security threats in modern information systems are caused by:

Accidental and deliberate destructive and distorting effects of the external environment;

The degree of reliability of the functioning of information processing facilities;

Intentional mercenary influences of unauthorized users, the purpose of which is theft, disclosure, destruction, destruction, unauthorized modification and use of processed information;

Unintentional, accidental actions of service personnel, etc.

Classification of information threats

Information threats can be classified according to several criteria:

Classification according to the aspect of information security, against which the threat is primarily directed.

Integrity threats are associated with the following capabilities:

Physical destruction or damage to media.

For example, an attacker can break the floppy disk on which you wrote your abstract.

Destruction of certain information.

For example, an attacker can delete your lab report file

Information change, as a result of which the information ceases to reflect the real state of affairs or becomes contradictory.

For example, an attacker can increase data on the amount of money in his account.

Accessibility threats are associated with the following capabilities:

Termination of the functioning of the electronic data processing system due to the destruction of the supporting infrastructure.

For example, the system may stop functioning due to a power outage, a break in the water supply system, a breakdown of the air conditioning system, and as a result, the temperature rises to unacceptable values.

Termination of system functioning due to equipment breakdown (computers, communication equipment, etc.)

For example, if a computer breaks down at a railway ticket office, connecting to an automated ticket sales system, then passengers will not be able to buy tickets (receive an information service for ticketing) at this ticket office.

Malfunctioning of the system as a result of software errors or inconsistencies between actual work and system documentation.

For example, if the user searches in some information system, then the help information can be written that to search for a word, it is enough just to enter its beginning, and all words starting with a given combination of characters will be found. The user enters the characters "inform" in the hope that all the words "informatics", "information", "information technology" and so on will be found. However, it turns out that in fact the program does not work exactly as written in the help information, and looks for exactly the word that is specified. And to find words starting with a given combination of characters, you must put "*" at the end. Those. to search for the words "information" and the like, it was necessary to enter the symbols "inform *". But after all, the user could not know about this, and as a result he does not receive the desired information service, and the information stored in the system turns out to be inaccessible to him.

Errors of the personnel of the system, which can be caused both by the lack of the necessary skills to work with a specific system, and by a general lack of education or qualifications.

For example, an applicant applies to the employment service with a request to find a job as a cleaner from 17 to 19 hours. The employee of the employment service does not know that the existing information system allows you to search according to the parameters of working hours (because for such a search you need to go to an additional tab and press a special button, and no one told the employee about this), and invites the client to view all available vacancies of cleaners ... As a result, the client does not receive an information service of the proper quality. In another case, the applicant turns to the employee of the employment service with a request to find a vacancy for a programmer, and receives an answer that there are no such vacancies. However, in fact, there are such vacancies, just because the employee, because of her ignorance, entered the vacancy "programmer" in the search box. As a result, the client received false information.

Targeted denial of service attacks ( DOS - attacks). In such attacks, multiple service requests are simultaneously sent to the electronic data processing system, as a result of which the system becomes overloaded and cannot function normally. Such attacks are typical for Internet services, when attackers try to disrupt the functioning of individual servers or the network as a whole.

The purpose of such attacks can be:

Causing damage to any company by temporarily disrupting its functioning. For example, if the functioning of the server of a travel company is disrupted, then people will not be able to find out about the services of this company and order vouchers, and the company will lose clients

Disruption of the normal functioning of the security system in order to attempt to gain access to confidential information

An attempt to analyze the protection system and find vulnerabilities in it in the process of measures to restore the system's performance and repel an attack.

Privacy threats are associated with the following capabilities:

Loss of technical means of identification (keys, chips)

Reading information from the monitor screen or while typing on the keyboard by a stranger

The negligence of users who write down passwords and leave these records in accessible places

Negligent storage of copies and drafts of confidential documents, as well as copier and plain paper used in their printing

Leaving unattended workplaces from which access to confidential information is carried out

Using "incorrect", that is, easily guessable passwords

The use of special hardware and software for breaking system protection

Since all aspects of information security are closely related to each other, then a specific threat is directed against several aspects of security at once.

For example, when a power outage occurs, not only the availability of information is disrupted during the time the system is not working, but also destruction or violation of the integrity of information can occur due to the termination of the system at the time of performing any critical operation.

Classification by system components targeted by the threat (attack)

- threat to data may be associated with the possibility of theft or damage to data carriers, unauthorized deletion or alteration of data, as well as the possibility that data will become available to persons to whom it should not be available

- threat to programs may be associated with the introduction of malicious software, primarily computer viruses

- technical threat may be associated with the possibility of equipment failure due to accidental or deliberate effects of a natural or artificial nature

- threat to personnel may be associated with the possibility of creating conditions forcing individual employees to take actions related to violation of information security (blackmail, bribery, and so on)

Information security concept

The creation of a universal information space and the almost widespread use of personal computers, and the introduction of computer systems gave rise to the need to solve the complex problem of information security.

Under the protection of information in the COP is understood the regular use of tools and methods, the adoption of measures and implementation of measures in order to systematically ensure the required reliability of information stored and processed using the means of the COP. The object of protection is information, or a medium, or an information process, in respect of which it is necessary to ensure protection in accordance with the stated goal of information protection. Protection of computer information includes measures to prevent and track unauthorized access (NSD) by unauthorized persons, misuse, damage, destruction, distortion, copying, blocking of information in forms and media related specifically to computer means and technologies of storage, processing, transmission and access. To ensure the security of information in the CS, protection is required: information arrays presented on various machine carriers; technical means of data processing and transmission; software that implements the appropriate methods, algorithms and information processing technology; users. information resource war weapon

Information security is understood as the security of information from illegal familiarization, transformation and destruction, as well as the security of information resources from influences aimed at disrupting their performance. Information security is achieved by ensuring the confidentiality, integrity and reliability of the processed data, as well as the availability and integrity of information components and resources of the CS.

Confidentiality is a property indicating the need to impose restrictions on access to this information for a certain circle of people. In other words, this is a guarantee that during the transfer the data can only be known to legal users.

Integrity is the property of information to preserve its structure and / or content in the process of transmission and storage in an undistorted form with respect to some fixed state. Information can be created, changed or destroyed only by an authorized person (legal user with the right of access).

Reliability is a property of information, expressed in strict belonging to the subject, which is its source, or to the subject from which this information was received.

Accessibility is a property of information that characterizes the ability to provide users with timely and unimpeded access to necessary information.

Information security is achieved by the management of an appropriate level of information security policy. The main document on the basis of which the information security policy is carried out is the information security program. This document is being developed as an official guidance document by the supreme governing bodies of the state, department, organization. The document contains the objectives of the information security policy and the main directions for solving the problems of information protection in the CS. The information security programs also contain general requirements and the principle of building information security systems in the CS.

When considering problems related to security, the concept of "unauthorized access" is used - this is an unauthorized access to information resources for the purpose of using them (reading, modifying), as well as damage or destruction. This concept is also associated with the spread of various kinds of computer viruses.

In turn, “authorized access” is access to objects, programs and data of users who have the right to perform certain actions (reading, copying, etc.), as well as the powers and rights of users to use resources and services defined by the administrator of the computer system.

Protected information is considered to be information that has not undergone illegal changes in the process of transmission, storage and storage, has not changed properties such as reliability, completeness and integrity of data.

The terms “information protection” and “information security” mean a set of methods, means and measures aimed at eliminating distortion, destruction and unauthorized use of accumulated, processed and stored data.

Information security threats

The concept and classification of information security threats

In order to ensure effective protection of information, it is necessary first of all to consider and analyze all the factors that pose a threat to information security.

A threat to the information security of a CS is usually understood as a potential event, action, process or phenomenon that can have an undesirable effect on the system and the information that is stored and processed in it. Such threats, acting on information through the components of the COP, can lead to the destruction, distortion, copying, unauthorized distribution of information, to the restriction or blocking of access to it. Currently, a fairly extensive list of threats is known, which is classified according to several criteria.

By the nature of occurrence, they are distinguished:

• - natural threats caused by the impact on the CS of objective physical processes or natural disasters;
• - artificial threats to security caused by human activities.

According to the degree of intentionality, the manifestations distinguish between accidental and intentional threats to security.

By the direct source of threats. Sources of threats can be:

• - natural environment, for example, natural disasters;
• - a person, for example, disclosing confidential data;
• - authorized hardware and software, for example, failure of the operating system;
• - unauthorized software and hardware, for example, infecting a computer with viruses.

By the location of the source of threats. The source of threats can be located:

• - outside the controlled area of \u200b\u200bthe spacecraft, for example, the interception of data transmitted via communication channels;
• - within the controlled area of \u200b\u200bthe COP, for example, theft of printouts, information carriers;
• - directly in the COP, for example, incorrect use of resources.

The degree of impact on the COP is distinguished:

• - passive threats that, when implemented, do not change anything in the structure and content of the CS (threat of data copying);
• - active threats that, when exposed, make changes to the structure and content of the CS (implementation of hardware and software special investments).

By stages of user or program access to the resources of the COP:

• - threats that may manifest themselves at the stage of access to the resources of the CS;
• - Threats manifested after permission of access (unauthorized use of resources).

At the current location of information in the COP:

• - threat of access to information on external storage devices (memory), for example, copying data from a hard disk;
• - the threat of access to information in RAM (unauthorized access to memory);
• - the threat of access to information circulating in communication lines (by illegal connection).

By the way of access to the resources of the CS:

• - Threats that use a direct standard path of access to resources using illegally obtained passwords or through unauthorized use of legitimate users' terminals;
• - Threats that use a latent non-standard way of access to CS resources bypassing existing protection means.

According to the degree of dependence on the activity of the CS, they are distinguished:

• - Threats that manifest themselves regardless of the activity of the CS (theft of information carriers);
• - Threats that manifest themselves only during data processing (spread of viruses).

Types of security threats

All the set of potential threats to information security in the CS can be divided into 2 main classes.

Threats that are not associated with deliberate actions of attackers and are implemented at random times are called accidental or unintentional. The mechanism for the implementation of random threats in general is well studied, considerable experience has been accumulated in countering these threats.

Natural disasters and accidents are fraught with the most devastating consequences for the CS, since the latter are physically destroyed, information is lost or access to it becomes impossible.

Failures and failures of complex systems are inevitable. As a result of failures and failures, the performance of technical means is disrupted, data and programs are destroyed and distorted, the algorithm of the devices is disrupted.

Threats to the security of information in the COP

Errors in the development of the CS, algorithmic and software errors lead to consequences similar to the consequences of failures and failures of technical means. In addition, such errors can be used by intruders to influence the resources of the CS.

As a result of user and service staff errors, security breaches occur in 65% of cases. Incompetent, negligent or inattentive performance of functional duties by employees leads to destruction, violation of the integrity and confidentiality of information.

Intentional threats are associated with the deliberate actions of the offender. This class of threats has not been studied enough, is very dynamic and is constantly being updated with new threats.

Methods and means of espionage and sabotage are most often used to obtain information about the protection system in order to penetrate the CS, as well as to steal and destroy information resources. Such methods include eavesdropping, visual observation, theft of documents and machine storage media, theft of programs and security system attributes, collection and analysis of machine media waste, arson.

Unauthorized access to information (unauthorized access to information) usually occurs with the use of standard hardware and software of the CS, as a result of which the established rules for delimiting user or process access to information resources are violated. Access control rules are understood as a set of provisions governing the access rights of persons or processes to information units. The most common violations are:

Interception of passwords - carried out by specially designed

programs;

• - "masquerade" - the performance of any actions by one user on behalf of another;
• - illegal use of privileges - seizure of privileges of legitimate users by the violator.

The process of processing and transmitting information by the technical means of the CS is accompanied by electromagnetic radiation into the surrounding space and the guidance of electrical signals in the communication lines. They were named spurious electromagnetic radiation and interference (PEMIN). With the help of special equipment, signals are received, isolated, amplified and can either be viewed or recorded in a storage device (memory). Electromagnetic radiation is used by malefactors not only to obtain information, but also to destroy it.

An unauthorized modification of the algorithmic, software and technical structures of the system, which is called a "bookmark", poses a great threat to the security of information in the CS. As a rule, “bookmarks” are introduced into specialized systems and are used either for direct harmful effects on the CS, or to ensure uncontrolled entry into the system.

One of the main sources of security threats is the use of special programs, collectively known as "malware programs." These programs include:

• - "computer viruses" - small programs that, after being introduced into a computer, are independently distributed by making copies of themselves, and under certain conditions have a negative impact on the computer system;
• - “worms” - programs that are executed every time the system boots, which have the ability to move to the COP or network and replicate themselves. The avalanche-like multiplication of programs leads to overloading of communication channels, memory, and then to blocking of the system;
• - "Trojan horses" - programs that look like a useful application, but in fact perform harmful functions (destruction of software, copying and sending files with confidential information to the attacker, etc.).

Percentages

In addition to the above security threats, there is also the threat of information leakage, which every year is becoming an increasingly significant security problem. To deal effectively with leaks, you need to know how they happen.

The four main types of leaks account for the vast majority (84%) of incidents, with half of this share (40%) attributable to the most common threat, media theft. 15% is inside. This category includes incidents caused by the actions of employees who had legal access to information. For example, an employee did not have the right to access information, but managed to bypass security systems. Or an insider had access to the information and took it outside the organization. Hacker attacks also account for 15% of threats. This broad group of incidents includes all leaks that have occurred as a result of an external invasion. The low share of hacker intrusions is explained by the fact that the intrusions themselves have become invisible. Web leaks accounted for 14%. This category includes all leaks associated with the publication of confidential information in public places, for example, on global networks. 9% is a paper leak. By definition, a paper leak is any leak that results from the printing of confidential information on paper. 7% are other potential threats. This category includes incidents, the exact cause of which could not be established, as well as leaks that became known after the fact, after using personal information for illegal purposes.

In addition, phishing is currently actively developing - a technology of Internet fraud, which consists in stealing personal confidential data such as access passwords, credit card numbers, bank accounts and other personal information. Phishing (from English. Fishing - fishing) stands for password extraction and uses not the technical flaws of the COP, but the gullibility of Internet users. An attacker throws bait on the Internet and “catches all the fish” - users who will fall for it.

Regardless of the specifics of specific types of threats, information security must maintain integrity, confidentiality, and availability. Integrity, confidentiality, and availability threats are primary. Integrity violation includes any deliberate change in information stored in a CS or transmitted from one system to another. Violation of confidentiality can lead to a situation where information becomes known to someone who does not have the authority to access it. The threat of unavailability of information arises whenever, as a result of deliberate actions of other users or intruders, access to a certain resource of the CS is blocked.

Another type of information security threat is the threat of disclosure of CS parameters. As a result of its implementation, no damage is caused to the information processed in the CS, but at the same time, the possibilities for the manifestation of primary threats are significantly increased.

A threat (in principle) usually means a potentially possible process (phenomenon, event or impact) that is likely to cause damage to someone's needs. Subsequently, under the threat of protecting the AS of information finishing, we will accept the possibility of influencing the AS, which, indirectly or directly, may cause a loss to its safety.

At the moment, the list of threats to the information security of the nuclear power plant is known, which has more than a hundred positions.
Analysis of probable threats to information security is done with the meaning of defining a complete list of requirements for the created protection system.
To prevent threats, there are a number.

The list of threats, risk analysis of the probabilities of their implementation, as well as the attacker's model are the basis for parsing and implementing threats and building requirements for the AS protection system. In addition to detecting probable threats, it is advisable to conduct a study of these threats based on a classification by a number of parameters. Each of the classification parameters shows one of the generalized rules for the protection system. Threats corresponding to any of the classification criteria allow the requirement reflected by this parameter to be detailed.

The need for the classification of threats to the information security of the AS is explained by the fact that the stored and processed information in the AS is prone to the influence of factors, which makes it impossible to formalize the problem of describing the full abundance of threats. Therefore, it is usually not a complete list of threats that is determined, but a list of threat classes.

The division of probable threats to the information security of the AU can be done according to the following main parameters.

By the rank of intentionality of expression:

• threats provoked by mistakes or negligence of employees, for example, the illiterate use of protection methods, the input of non-venerable data, etc.;
• intentional threats, such as fraudulent practices.

By the nature of the occurrence:

• artificial threats to NPP safety caused by human hands.
• natural threats created by impacts on the nuclear power plant of objective physical actions or natural disasters;

For the immediate cause of the threats:

• people, for example, hired by bribery of employees, blurting out confidential information, etc.;
• natural biome, such as natural disasters, storms, etc .;
• unauthorized software and hardware funds, for example, infecting a PC with viruses with destructive functions;
• authorized hardware and software funds, failure of the OS, for example, deleting data.

According to the degree of dependence on the activity of the AU:

• only in the course of data processing, for example, threats of implementation and distribution of software viruses;
• regardless of the activity of the AU, for example, the opening of ciphers (or or) information.

Sources of information security threats

According to the status of the source of threats:

• directly in the AU, for example, inaccurate implementation of the AU resources;
• within the AU zone, for example, the use of eavesdropping devices, recordings, theft of printouts, data carriers, etc.;
• outside the AU area, for example, capturing information transmitted over communication paths, capturing side acoustic, electromagnetic and other radiation from devices.

By the degree of impact on the AU:

• active threats that, when reacting, shift the structure and essence of the AS, for example, the introduction of viruses and Trojan horses;
• passive threats that, when executed, do not change anything in the type and essence of the AU, for example, the threat of copying classified information.

By the way of the path to the resources of the AU:

• threats realized using a masked non-standard channel path to the AS resources, for example, an unauthorized path to the AS resources by using any OS capabilities;
• threats implemented using a standard channel of access to AU resources, for example, illegal acquisition of passwords and other access control parameters with subsequent disguise as a registered employee.

Step by step for employees or programs to access resources:

• threats that are realized after the consent of access to the NPP resources, for example, threats of incorrect or unauthorized use of NPP resources;
• threats realized at the step of access to the plant resources, for example, threats of unauthorized access to the plant.

At the current location of the information stored and processed in the AS:

• threats to access to information in RAM, for example, access to the system area of \u200b\u200bRAM from the side of application programs, reading final information from RAM;
• threats to access to information located on external storage media, for example, unauthorized copying of confidential information from a hard drive;
• threats to access information visible on the terminal, for example, recording displayed data on a video camera;
• threats to access information passing through communication channels, for example, illegal connection to communication channels with the task of directly substituting a legitimate employee with the next introduction of disinformation and imposing false data, illegal connection to communication channels with the next input of false data or modification of the transmitted data.

As already mentioned, dangerous effects on the AU are divided into accidental and intentional. The study of the experience of design, production and operation of the nuclear power plant demonstrates that the data undergoes various random reactions at all stages of the cycle and the functioning of the nuclear power plant.

The source random reactions during the implementation of the AU can be:

• abandonment and malfunctions of hardware devices;
• neglect of service staff and other employees;
• critical situations due to natural disasters and power outages;
• noise and background in communication channels due to the influence of external factors (during data transmission and internal factor -) of the channel;
• flaws in the software.
• or .

Intentional threats cohesive with the deliberate methods of the criminal. The criminal can be an employee, a regular visitor, mercenaries, competitive individuals, etc. The criminal's methods can be explained by the following factors: competition, curiosity, employee dissatisfaction with his career, material interest (bribe), desire to assert himself by any means, etc.

Drawing a conclusion from the probability of the most dangerous conditions becoming due to the attacker's methods, we can estimate a hypothetical model of a potential attacker:

• the attacker knows data about the methods and parameters of the system; ()
• the intruder's qualifications can allow unauthorized actions at the developer level;
• It is logical that an attacker can choose the weakest point in the protection system;
• an intruder can be anyone, both a legitimate user of the system and an unauthorized person.

For example, the following intentional threats can be noted for banking AS:

• familiarization of bank employees with information to which they do not have access;
• NSD of individuals not related to a number of bank employees;
• unauthorized copying of programs and data;
• theft of printed bank files;
• theft of digital media containing confidential information;
• deliberate removal of information;
• betrayal of messages traversed along communication paths;
• unauthorized changes by bank employees of financial statements;
• refusal of the authorship of the message sent via communication paths;
• destruction of archived bank data stored on media;
• data destruction caused by a viral reaction;
• refusal to receive data;
• refusal at.

Unauthorized access - the most common and multivariate type of computer crime. The concept of an unauthorized person (s) is to gain an individual (violator) access to an object in violation of the set of rules for differentiating access, created in accordance with the adopted security policy. The tampering system uses an error in the protection system and is possible with the wrong choice of protection methods, their incorrect configuration and installation. NSD is carried out both by local AS methods and specially created software and hardware methods.

The main ways of NSD through which a criminal can form access to the elements of the AU and carry out pulling, changing and / or deleting data:

• technological control panels;
• indirect electromagnetic radiation from communication channels, equipment, grounding and power supply networks, etc.;
• communication channels between the hardware components of the speaker;
• local data access lines (terminals of employees, system administrator, operator);
• methods of displaying and writing data or.
• through and;

Of the whole multitude of techniques and methods of the NSD, one can dwell on the following crimes:

• illegal use of privileges;
• "masquerade";
• interception of passwords.

Interception of passwords is obtained due to specially created programs. When a legal employee enters the enterprise system, the interceptor program simulates on the employee's screen the input of the employee's name and password, which, after entering, are sent to the owner of the interceptor program, after which information about the system error is displayed on the display and control is returned to the OS.
the employee thinks he made a mistake when entering the password. He again enters the username and password and receives a login to the enterprise system. the interceptor manager, received the input data of a legal employee. And he can use them in his assigned tasks. There are many other methods for capturing user input. To encrypt passwords in transit, it is prudent to use.

"Masquerade" is the execution of any actions by one employee on behalf of another employee with the appropriate access rights. the task of "masquerade" is to give any action to another user or intercept the authority and status of another employee in the enterprise network. Possible options for the implementation of the "masquerade" are:

• transfer of data to the network on behalf of another employee.
• logging into the system under the input data of another employee (this "masquerade" is facilitated by the interception of the password);

"Masquerade" is very dangerous in banking electronic payment schemes, where incorrect identification of the client due to the "masquerade" of the thief can lead to losses of the legitimate client of the bank.

Illegal exploitation of privileges. Many security systems create specific lists of privileges to accomplish specified goals. Each employee gets his own list of privileges: administrators - the maximum list of actions, ordinary users - the minimum list of actions. Unauthorized interception of privileges, for example through a "masquerade", leads to the likely commission of certain actions by the offender bypassing the security system. It should be noted that illegal interception of the list of privileges is likely either if there are errors in the security system, or due to an administrator's defect in regulating the system and assigning a list of privileges.

Threats that violate the integrity of information stored in the information system or transmitted over communication lines that are created to modify or distort it, ultimately lead to a rupture of its quality or complete removal. The integrity of data can be violated deliberately, as a result of objective influences from surrounding factors. This threat is partially relevant for data transport systems - telecommunications systems and information networks. Deliberate actions that violate the integrity of data should not be confused with its authorized modifications, which are performed by authorized persons with a justified task.

Threats that violate confidentiality are designed to disclose confidential or classified information. When these threats act, the data becomes known to individuals who should not have access to it. In information security sources, the threat of a confidentiality crime is every time an NSD is received to classified information stored in an information system or transmitted from between systems.

Threats that disrupt the performance of employees or the system as a whole. They are aimed at creating such variants of situations when certain actions either reduce the performance of the AU, or block access to resource funds. For example, if one employee of the system wants to get access to a certain service, and another creates actions to block this access, then the first user gets a denial of service. Blocking access to a resource can be temporary or permanent. An example would be a crash when. As well as threats to media, for example.

These threats can be considered immediate or primary, while the creation of these threats leads to a direct impact on the protected information.

Today, for modern IT systems, protection is a necessary component of information processing AS. The attacker must first overcome the protection subsystem, and only then violate the integrity of the AU. But you need to understand that there is practically no absolute protection system, the question is only in the means and time required to bypass it.

The security system also poses a threat, therefore, for normal protected information systems, it is necessary to take into account the fourth type of threat - the threat of examining the system parameters under protection. In practice, the event is checked by a reconnaissance step, during which the main parameters of the protection system, its characteristics, etc. are learned. As a result of this step, the task is adjusted, as well as the choice of the most optimal technical methods for bypassing the protection system. They even pose a threat. Can also be used against the system itself.

The threat of disclosing protection system settings can be called an indirect threat. the implementation of the threat will not give any damage to the processed information in the information system, but will make it possible to implement direct or primary threats, described above.

Figure 1. describes the main technologies for the implementation of threats to information security. When the required level of information security in the NPP is achieved, it is necessary to create counteraction to various technical threats and reduce the possible influence of the "human factor". At the enterprise, all this should be done by a special one, which, for further prevention of threats.

Information security threatened is understood as a set of conditions and factors that create a potential or real danger of a breach of information security.

The factor affecting the protected information - phenomenon, action or process, the result of which may be leakage, distortion, destruction of protected information, blocking access to it.

Source of threat to information security - subject (individual, material object or physical phenomenon), which is the direct cause of a threat to information security.

Information system vulnerability (breach)- a property of an information system that makes it possible to implement security threats to the information processed in it.

In relation to information and information resources, threats to the integrity, confidentiality, reliability and availability of information can be distinguished, manifested in various forms of violations (Fig. 1.).

As a rule, the above threats to information resources are implemented in the following ways:

1. Through available intelligence sources in government bodies and commercial structures that have the ability to obtain confidential information (courts, tax authorities, commercial banks, etc.).

2. By bribery of persons directly working in the organization or structures directly related to its activities.

3. By intercepting information circulating in the means and systems of communication and computing with the help of technical means of reconnaissance and information retrieval.

4. By eavesdropping on confidential conversations and other methods of unauthorized access to sources of confidential information.

Figure: 1. Influence of information threats on information security criteria

Information security affects the protection of interests in various spheres of life of society and the state. Each of them has its own characteristics of ensuring information security, associated with the specifics of security objects, the degree of their vulnerability to information security threats.

For example, from the standpoint of ensuring the security of information in computer systems(CS) the entire set of potential threats to information security in the CS can be divided into two classes.

Threats that are not related to deliberate actions of intruders and are implemented at random times are called accidental or unintentional.

The implementation of threats of this class leads to the greatest loss of information (according to statistical data, up to 80% of the damage caused to the information resources of the CS by any threats). In this case, destruction, violation of the integrity and availability of information can occur. The confidentiality of information is less often violated, however, this creates the prerequisites for malicious influence on information.

Natural disasters and accidents are fraught with the most destructive consequences for information, since carriers are subject to physical destruction, information is lost or access to it becomes impossible.

Crashes and failurescomplex systems are inevitable. As a result of failures and failures, the performance of technical means is disrupted, data and programs are destroyed and distorted, the algorithm of the devices is disrupted. Violations of the algorithms for the operation of individual nodes and devices can also lead to a violation of the confidentiality of information. For example, failures and failures of the means of issuing information can lead to unauthorized access to information by unauthorized transmission of it to a communication channel, to a printing device, etc.

Errors in the development of KS, algorithmic and softwareerrors lead to consequences similar to the consequences (failures and failures of technical means. In addition, such errors can be used by intruders to influence the resources of the computer system. Errors in operating systems (OS) and in information protection software) are especially dangerous.

According to the US National Institute of Standards and Technology (NIST), 65% of information security breaches occur as a result of errors of users and service personnel.Incompetent, careless or inattentive performance of functional duties by employees leads to destruction, violation of the integrity and confidentiality of information, as well as compromise of protection mechanisms.

Another class of threats to information security in computer systems is deliberately created threats. Threats of this class, in accordance with their physical essence and implementation mechanisms, can be divided into five groups:

Traditional or universal espionage and sabotage;

Unauthorized access to information;

Electromagnetic radiation and interference;

Modification of structures;

Malicious programs.

Methods and means of espionage and sabotage are still relevant as sources of undesirable impact on information resources. , that were used and are being used to obtain or destroy information. These methods are also effective and efficient in the context of computer systems. They are most often used to obtain information about the security system in order to penetrate the system, as well as to steal and destroy information resources.

Business threats also have their own characteristics.

In relation to an individual organization, there are the following main types of external threats:

1. Unfair competitors.

2. Criminal groups and formation.

3. Illegal actions of individuals and organizations of the administrative apparatus, including tax services.

4. Violation of the established regulations for the collection, processing and transmission of information.

The main types of internal threats:

1. Intentional criminal actions of the organization's own personnel.

2. Unintentional actions and mistakes of employees.

3. Failure of equipment and technical means.

4. Failures of software of information processing facilities.

Internal and external threats interact closely. For example, the general trend of criminalization of economic activity leads to a decrease in the moral and ethical standards of employees of all ranks, often pushes them to actions that damage the enterprise.

The ratio of internal and external threats in accordance with is characterized by the following indicators: 81.7% of threats are committed either by the employees of organizations, or with their direct or indirect participation (internal threats); 17.3% of threats are external threats or criminal acts; 1.0% of threats are threats from random persons.

Objects of variousthreats in commercial activities are:

1. Human resources (personnel, employees, partners, etc.), including labor and human resources.

2. Material resources.

3. Financial resources.

4. Time resources.

5. Information resources, including intellectual resources (patents, unfinished design and engineering developments, know-how, software products, arrays of accounting and statistical information, etc.).

The most dangerous source of threats to enterprises is their own employees. In this case, the motives for internal threats are irresponsibility, incompetence (low qualifications), personal motives (self-affirmation, selfish interests).

In the context of the continuing high degree of monopolization of the Russian economy, the danger to entrepreneurship is unfair competition, which is:

1. All actions leading to the fact that the consumer can accept the enterprise, goods, industrial or commercial activities of this organization for the enterprise, goods, industrial or commercial activities of a competitor.

2. False statements in the course of business that defame a competitor's business, products, industrial or commercial activities.

3. The use in the course of commercial activities of indications or designations that mislead the consumer as to the nature, method of manufacture, characteristics, suitability for certain purposes or the quantity of goods.

The implementation of threats in this case reduces the efficiency and reliability of the functioning of organizations, and in some cases, leads to the termination of their activities due to the danger of economic, social, legal, organizational, informational, environmental, technical and criminal nature. The objects of threats can be elements of material, personal ("human"), financial, informational and other capital that constitutes the economic basis of entrepreneurship.

Each threat entails certain damage (loss) - moral or material, and measures to counter this threat are designed to reduce its magnitude to an acceptable level.

Assessment of possible damages (losses) assumes knowledge of the types of losses associated with entrepreneurial activities, and the ability to calculate their probabilistic forecast value. There are the following types of possible damage (loss):

1.Material losses are manifested in additional costs not foreseen by the entrepreneurial project or direct losses of equipment, property, products, raw materials, energy, etc.

2.Labor losses - these are losses of working time caused by accidental, unforeseen circumstances; measured in hours of working time. The translation of labor losses into monetary terms is carried out by multiplying the labor hours by the cost (price) of one hour.

3. Personnel losses - loss of professional, highly qualified workers necessary for the enterprise; are measured in the cost of recruiting and training new staff in monetary terms.

4. Financial losses - direct monetary damage associated with unforeseen payments, payment of fines, payment of additional taxes, loss of funds and securities.

5. Temporary losses... Occurs when the business process is slower than intended. A direct assessment of such losses is carried out in hours, days, weeks, months of delay in obtaining the intended result. To translate the estimate of the loss of time into a monetary measurement, it is necessary to establish to what loss of income, profits can lead to loss of time. Ultimately, they are valued in monetary terms.

6.Information loss... One of the most serious business losses that can lead to the collapse of the entire organization. Calculated in value terms.

7.Special types of losses are manifested in the form of damage to the health and life of people, the environment, the prestige of an entrepreneur, as well as as a result of other adverse social and moral and psychological consequences.

Informational damage (loss) is associated with the presence of informational risk in the process of entrepreneurial activity, which is included in the general entrepreneurial risk.

Information risk - the probability (threat) of loss of assets of an economic entity (entrepreneur) as a result of losses, damage, distortion and disclosure of information.

Information risk is classified as follows:

Risk of information interruption (termination of normal information processing, for example, due to destruction, disablement of computing facilities). This category of action can have very serious consequences, even if the information is not affected in any way;

The risk of information theft (reading or copying information, theft of magnetic media and print results in order to obtain data that can be used against the interests of the owner (proprietor) of information);

Risk of information modification (making unauthorized changes to the data aimed at causing damage to the owner (proprietor) of the information);

The risk of data destruction (irreversible change of information, leading to the impossibility of its use);

The risk of electromagnetic interference and interception of information in automated and information systems (AIS);

Risk of information retrieval through the acoustic channel;

Risk of power outage for AIS and supporting infrastructure);

Risk of error by operators and providers of AIS information resources;

Risk of AIS software failures;

Risk of malfunction of AIS hardware devices (as a result of negligent actions of employees, non-observance of safety measures, natural disasters, software failures, etc.).

Ultimately, all illegal actions lead to a violation of confidentiality, reliability, integrity and availability of information.

Thus, the list of threats and sources of their occurrence is quite diverse and the proposed classification is not exhaustive. Countering the manifestations of threats is carried out in various directions, using a full arsenal of methods and means of protection.