Aspects of information security. Technological aspects and processes of protection of information There are two aspects of information security

Warehouse information security

У загальному випадку інформаційну безпеку (ІБ) можна визначити як "захищеність інформації, ресурсів та підтримуючої інфраструктури від випадкових або навмисних впливів природного або штучного характеру, які можуть завдати неприйнятної шкоди суб'єктам інформаційних відносин – виробникам, власникам та користувачам інформації та підтримуючій інфраструктурі" .

Information security does not include the protection of unauthorized access to information: it is fundamentally broader to understand, including the protection of information, technologies and systems.

Vymogi shkodo bezpechennya bezpechennya in different aspects of informational activity can be suttєvo vіdznyatisya, however, the stench must always be directed at the reach of the advancing three main warehouses information security:

• integrity. What is important for us is the relevance and inconsistency of information, the protection from destruction and unauthorized changes, and to itself: data and information, on the basis of which decisions are accepted, may be reliable, accurate and theft of such malicious possibilities;
• confidentiality. Classified information can only be accessible to those to whom it is recognized. Such information cannot be taken away, read, changed, transmitted, as there are no other rights of access;
• accessibility(Readiness). Tse mozhlivist a pleasant hour to take the necessary informational service, tobto. data, information, and official services, automated services, interfacing, and communication due to availability and readiness to work, if there is a need for them.

The activity of information security is directed at those who do not allow, protect or neutralize such actions:

• unauthorized access to information resources (UAA, Unauthorized Access);
• conspiracy, chastkovu chi povnu vtrata confidential information;
• purposeful actions (attacks) to destroy the integrity of software systems, data systems and information structures;
• Vіdmovi ta zboї robotі software-hardware and telecommunіkatsiynogo zabezpechennya.

In this way, the correct approach to the problems of information security, from a methodological point of view, is based on the manifestation of the subjects of information input and the interests of these subjects, related to the victories information technologies and systems (IT/IV).

The accounting of the real situation is to be called in Bilshosti Vipadkiv to Vidpovіdi on the key pathanny, to become the system of the basis for the forgetting of the іnforman -blessing, I Treba, the same, the il il, the same evaluate. I transferred the variability of development, provision, operation, support and modernization of security systems.

The first three sources of concern are the problems of assessing real threats (Fig. 7.1) 16]. The type of nutrition is ambiguous - it is rich to deposit in the structure, area of ​​activity and goals of the company. When integrating individual and corporate information systems and resources into a single information infrastructure, the primary factor is the provision of a reliable level of information security for the skin subject, which will lead to a single infrastructure.

Rice. 7.1.

In the single information space of the sovereign structure, commercial firms can be created mechanisms and tools for authentication for autentifikatsii ї koristuvacha, povіdomlennya that content. In this manner, a system of information security could be created, which would include the necessary complex of entry technical solutionsіz zakhistu:

• in the form of impaired functioning informational expanse by way of inclusion in the flow on information channels and resources;
• unauthorized access to information by way of manifestation and elimination of samples of how to extract resources in the information space, which lead to the destruction of its integrity;
• ruining vbudovuvanih zasobіv zahistu the possibility of revealing the incompetence of diy koristuvachiv and service personnel;
• software " viruses " ta "bookmarks in software products and technical issues.

Particularly noteworthy is the task of ensuring the security of the systems that are being expanded and modified, in the integrated information environment, chips in the process of modifying KIS, inevitably leading to emergency situations of system insecurity (the so-called "dirks in the systems")

The order of the analysis of the company's specific needs for the defense may be carried out politics in the sphere of information security, which includes the consistency of organizational and ordering entries and documents, as well as methodological and technical solutions, which are the basis for the creation of information security infrastructure (Fig. 7.2).

Rice. 7.2.

The next stage is the development of an integrated system of information security and the provision of a bathroom, the installation and setting up of tools and mechanisms for the protection of information. Before such zabіv it is possible to introduce the system to protection against unauthorized access, the system cryptographic zakhistu, intermediary screens (firewalls, firewalls), do a security analysis and int. For the correct and effective stosuvannya zastosuvanih zasobіv zahistu nebhіdny qualifіkovaniya personnel.

In the meantime, protect against old age, new versions of information security systems appear, the list of known attacks is constantly expanding, information processing technology, software and hardware devices, as well as company personnel are changing. Therefore, it is necessary to regularly review the spreading of organizational and ordering documents, carry out the consolidation of the ІС or її subsystems, train the staff and improve the security.

Be-yaké entrepreneurship, possessing resources, knowledge and information, reworking them, so that the result will be the realization of a powerful commercial product over the market. Whenever it generates a specific internal environment, as it is formed by the employees of all structural subdivisions, as well as by technical means and technological processes, economical and social resources, as the use of the middle of the industry, as well as by mutually important technologies

Corporate information reflects the financial and economic environment of the enterprise and the results of its activities. Attach similar information - ceremonial registration and statutory documents, long-term and current plans, orders, orders, calls, general data, data on financial and other resources, information on training of personnel in that area, procurement of products, technical methods of such , promotion, logistics, information about post-employees and partners.

Джерела корпоративної інформації – директорат та адміністрація підприємства, планово-фінансові підрозділи, бухгалтерія, ІТ-відділи та обчислювальні центри, відділи головного інженера та головного механіка, виробничі підрозділи, юридичні, експлуатаційні та ремонтні служби, відділи логістики, закупівлі та збуту тощо .

The corporate environment includes state, economic, political and social entities that exist beyond the borders of business. Information posture by the corporate environment is often inaccurate, super friendly, approximate, different, and inadequately reflects the state of the modern environment. The buttons of calls, INFORMASIA, Vykho for the inter -corporate cortical cub, є rinka (yogo dovgotritziliy, the persistent camp, in the dilled middle -sedication, the drunkenness of the situation, the nonsense, the signs of vimyki), Zmіni in the legivate, competitors, the last of the political approaches too.

The greater part of this information is incriminated, prote in fallow land due to the peculiarities of internal activity and mutual modality zvishnіshnіm svіtom part of the information is, perhaps, recognized as "for official service", then. be "suvoro confidential" or "secret". Such information, as a rule, is "closed" and will require special visits.

For the security of the robot with information about what is being protected, follow, by far, encourage work policy with confidential and service information, rozrobiti and provaditi vidpovidnі kerіvnitstva and procedures that, in a different way, secure the need for software and hardware resources.

Software and hardware tools for robots with information that are protected, or they are used by the external modules of the corporate information system (KIS), or they are vicorated locally in systems that are protected by the IB policy. Before them, one can see attachments, yakі zdіysnyuyut:

• monitoring of the movement of confidential information through the information system (Data-in-Shell);
• control over data flow control through cross-border traffic over TCP/IP, SMTP, IMAP, HTTP(s), IM (ICQ, AOL, MSN), FTP, SQL, power protocols over additional content filtering on the equal footing:
• – a gateway through which traffic flows from the internal border to the external border (Data-in-Motion);
• – servers that process the first type of traffic (Data-at-Rest);
• – work station (Data-in-Use);
• – internal channels sent by Microsoft Exchange, Lotus Notes and others.
• – management of control over the flow of information that is being protected from working stations, peripheral and mobile

• – installation of a proactive screening of personal mesh screens;
• - Dark copying of information objects from a single database of content filtering for all channels under single rules.

Competently organizing the defense of data and information that is being protected is not easy and expensive. For whom it is necessary to carry out the classification of data, a remote inventory of information resources, to select an adequate software and hardware solution, to expand and conduct the collection of regulatory documents regarding the security of internal security. The main role of this difficult robot and minimization of risks in the turn of data is played by the competence and the will of the greater business enterprise, current policies and effective program performance, as well as the mode of commercial security in the operation of information.

Control food?

Threats to the security of information and their classification.

Information security and її warehouses

Pid information security understand the protection of the information system from the vipadkovy chi navmisnogo vtruchannya, shkod shkod vlasnik chi koristuvacham іnformatsiї.

In practice, the most important are three aspects of information security:

· availability(Possibility for a reasonable hour to take the necessary informational service);

· integrity(relevance and imperfection of information, її protection from destruction and unauthorized change);

confidentiality(Protection against unauthorized access to information).

Shaping the regime of information security is a complex problem. Come in whenever you can share the cherry on five equals:

1. legislator (laws, regulations, standards);

2. moral and ethical (different norms of behavior, underestimation of such behavior to the point of falling prestige specific people or the whole organization);

3. administrative (dії zagalny character, scho zdіyyutsya kerіvnіstvom organizatsії);

4. physical (mechanical, electro-electronic-mechanical changeover possible paths penetration of potential buggers);

5. hardware and software (electronic attachments) special programs Zahistu).

The only succession of successful visits, directing against security threats with the method of minimizing the ability of shkod, zahistu system.

Knowing the possible threats, as well as the conflicting mischief, how these threats sound exploit, is necessary in order to choose the most economical security measures.

A threat is the potential to destroy information security.

The attempt to implement a threat is called an attack, and the one who tries such a test is called an attacker. Potential malefactors call threats dzherel.

The most common threat is the recent obviousness of conflicting areas of protection of information systems (such, for example, as the ability to access third-party systems to a critically important possession, or a pardon in software security).

Threats can be classified according to the number of criteria:

· For the aspect of information security (accessibility, security, confidentiality), against any threat of directing to the first line;

· Behind the components of information systems, as a threat to the target (data, programs, equipment, supporting infrastructure);

· Behind the method of construction (vipadkovі/navmisnі dії natural/technogenic character);

· for roztashuvannyam dzherela zagroz (in the middle / posture of the looked ІС).

The most and most secure (from the point of view of the rozmіru shkodi) are the unfortunate pardons of regular employees, operators, system administrators and other osіb, like serving information systems.

Sometimes, pardons and є in the wake of threats (incorrectly entered data or pardon in the program, which caused the collapse of the system), sometimes stinks create conflicts of the city, which can be used by evil-doers (for example, administrative pardons). For deakim tribute, up to 65% of the costs - the last of the hated pardons.

Pozhezhі that povnі not to bring stіlki bіd, sіlki illiteracy and non-balance among the robots.

Obviously, the most radical way to deal with hateful pardons is the maximum automation and perfect control.

Other accessibility threats are classified according to IC components, on how the threats are targeted:

· Vidmova koristuvachiv;

· Internal video information system;

· Vіdmova supporting infrastructure.

Up to the supporting infrastructure, you can see the systems of electricity, water, heat supply, air conditioning, installation of communications and, of course, service personnel.

Sound 100% coristuvachіv look at such threats:

· lack of practicality with the information system (most often manifested when it is necessary to master new abilities and when there is a difference between the needs of coristuvachs and actual abilities and technical characteristics);

· impossibility to practice with the system through the daily training (not enough critical computer literacy, inability to interpret diagnostic information, invariably work with documentation, too);

impossibility to work with the system through the day technical support(Incomplete documentation, short background information and etc.).

The main dzherelami internal vіdmov є:

· V_dstup (vipadkove abo navmisne) v_d established rules of operation;

· Exit the system from the regular mode of operation through vadkovі or navmisnі dії koristuvachіv аbo service personnel (transportation of the rozrahunkovy number of drinks, overseas obsyag obroblyuvanoї іinformatsії then);

· Pardons during (re)configuration of the system;

· View software hardware security;

Ruinuvannya data;

· Ruynuvannya chi poshkodzhennya equipment.

It is recommended to look at the following threats in order to maintain the infrastructure:

· Damage to the work (vipadkove or navmisne) of the systems of communication, electricity, water / or heat supply, air conditioning;

Ruinuvannya or a poor place;

· the impossibility of either negligent service personnel and/or coristuvachs to pick up their bindings (civilian disturbance, transport accidents, a terrorist act or a threat, a strike too).

Even more unsafe are the names of "imagined" spivrobitniks - the worst and the worst. As a rule, stink to the head of the shkodi organization - "krivdnik", for example:

· zіpsuvati obladnannya;

· Introduce a logical bomb, like an hour zruynuє programs and/or data;

· View data.

The image of spіvrobіtniki, navіt kolishnі, znayomi z order in the organization and zdatnі zavdati chimalo shkodi. It is necessary to watch for it, so that when the right of access (logical and physical) to the information resources was canceled when the practitioner was changed.

Unsafe, sensible, and elemental dashing - fire, fire, earthquakes, hurricanes. For statistics, for a part of the fire, drive only "malicious people" (among them the most unsafe ones - interruptions in electricity supply) fall 13% of the costs that are in charge of information systems.

1. What is computer graphics:

2. See graphic systems

3. Attachment for displaying video information.

4. Authority of the Internet, whether it be another computer system.

5. Understanding the acceptance of TCP/IP.

6. Basic protocols for equal additions.

7. Is addressing needed on the Internet?

8. See addressing on the Internet.

9. What is the “threat” of information to understand?

10. What do you think about information security?

The problem of information security can be seen in the following aspects:

The integrity of the information

The integrity of the information- Tse її physical safety, protection from ruin and creation, as well as її relevance and lack of superbness.

Full information is shared on:

static,

dynamic.

Static integrity information transferring the immutability of information objects in the air I will become, which is designated by the author or as a source of information

Dynamic integrity information includes the supply of correct visualization of folding data with information flows, for example, analysis of the flow of confirmation of the revealed incorrect ones, control of the correctness of the transmission of notifications, confirmation of other confirmations and others.

Integrity is the most important aspect of information security in young women, if information is victorious by various processes, for example, technical, social, etc.

So, a pardon in a keruuchchiy program has led to the core of the kerovan system, an incorrect interpretation of the law can lead to destruction, so the very inaccurate translation of the instructions on how to put a drug on the drug can lead to bad health. All these applications illustrate the damage to the integrity of information, which can lead to catastrophic consequences. For the same reason, the integrity of information is seen as one of the basic warehouse information security.

Integrity - a guarantee that the information is available at any time in the future, so that when saving or transferring, no unauthorized changes were made.

For example, writing down on the hard drive computer information about students in the college, we spodіvaєmosya, that it won’t be saved there for a long time (until we ourselves її not zіtremo) at the immensity of seeing . In addition, it is peaceful for the lack of superbness of information, for example, for those who do not appear in the list of students as a single child, because that student himself cannot be found in the lists of two groups.

Availability of information

Availability of information– tse garantiya otrimanna nebkhіdnoї іnformatsiї or іnformatsiynoї ї service for the singing hour.

The role of the availability of information is especially manifested in various control systems - vibration, transport, etc. Less dramatic, and even more unacceptable, the consequences - both material and moral - may be due to the inaccessibility of information services, which represent a large number of people, for example, sales of air tickets, banking services, access to other information.

The clerk at the appointed time for the availability of information at the hour is even more important, the shards of the deacons see the information and informational services make sense less at the singing interval of the hour. For example, otrimannya zazdalegіd zamovlenogo ticket for a letter after yogo villota spends sens. So the very forecast of the weather for tomorrow does not have any sense, the shards of the future have already arrived. In this context, even more pre-river, there is an order: "The road is a spoon to resentment"

Availability of information transfers that the subject of informational information (koristuvach) may be able to take the necessary information service for a pleasant hour.

For example, creating an information system with information about college students, we hope that for the help of the system, at any hour, with a stretch of ten seconds, we can take away the required information (a list of students, be it a group, new information about a particular student, total data, for example, the average number of students, the number of young students and girls).

It should be noted that electronic data processing systems are created for the purpose of providing informational services. If the performance of such services becomes unbearable, it is the cause of failure to all subjects of informational resources. To that, not opposing accessibility to other aspects, they see it as the most important element of information security.

Confidential information is practical for all organizations. Tse mozhe buti tekhnologiya vrobnitstv, software product, questionnaire data spіvrobіtnikіv and іn. It is necessary to keep counting systems in a binding order with confidential data and passwords for access to the system.

Confidentiality of information- the guarantee of the availability of specific information is only for the number of persons to whom it is recognized.

Confidential information- Tse іnformatsіya, for access to which may have the right to obmezhene kolo osіb.

Even though access to confidential information is denied by a person, if he does not have such a right, such access is called unauthorized and is considered as a violation of the protection of confidential information. The person who has taken away or is forced to take away unauthorized access to confidential information is called evildoer.

For example, if Sashko sent Masha a sheet by e-mail, then the information in that sheet is confidential, the pieces of secret special listing are protected by law. Yakshcho Mashin brother, hacked the password, otrimav access to Mashin postal screen And after reading the sheet, then there may be unauthorized access to confidential information, and Mashin's brother is an attacker.

Security of confidentiality of information is the most widely used branch of information security.

The federal law "On Information, Informatization and Protection of Information" stipulates that information resources, such as documents or an array of documents, including information systems, being an object of recognition of the physical, legal principles of that state, they give obov'yazkovogo appearance and defense, as if materially, the sack of the sack. Under his authority, he is given the right to independently, within his own competence, establish a regime for the protection of information resources and access to them. The law also establishes that “confidential information is respected by such documented information, access to which is subject to legislation Russian Federation". For whom the federal law can avenge a direct norm, for which, whether or not, it is possible to enter the category of confidential information, or access to them is interchanged. Thus, the federal law "On information, informatization and protection of information" without intermediary classifies personal data (information about the population) as confidential information. The law of the Russian Federation "On banks and banking activity" restricts access to reports on operations and accounts of clients and correspondents of the bank.

However, for all the information that establishes confidential information, there is a direct norm. Sometimes the legislator shows only signs that may satisfy the needs of the public. Tse, zokrema, can be seen to service and commercial secrets, the signs of which are designated by the Civil Code of the Russian Federation and are as follows:

 confidential information not available to third parties

 prior to this information is not inserted on the legal basis for free access

 Log in to secure the confidentiality of the information and live in the data recorder.

Confidential information is shared on:

subject,

Service.

Subject information- Tse information about the real world. yakі, vlasne, and need the evil-doer, for example, the armchair of the underwater chovna or the information about the misfortune of Usami bin-Laden. Service information not to belong to a specific subject area, but to be tied to the parameters of a robotic data processing system. Before the service information, the passwords of the koristuvachiv for the operation of the system must be placed before us. Having taken away the service information (password), the attacker can, in addition, take away access to subject confidential information.

Damage to the skin from three categories to cause damage to information security in a flash. So, impaired availability bring to the attention in access to information, damage to integrity produce false information and, nareshti, breach of privacy produce until the disclosure of information.

This aspect of informational security has become a vignantly relevant late hour in connection with the praise of low international legal acts from the protection of intellectual power. This aspect is worth more importantly than the illegal use of programs.

So, for example, how to install an unlicensed computer on your computer Windows system, then there may be a fact of destruction of the protection of information.

In addition, this aspect is based on the use of information obtained from electronic dzherel. This problem has become the most urgent in connection with the development of the Internet. There was a situation, if the correspondent of the Internet looked at all the information posted there as his special power, and corristled with it without any borders, often seeing it as a powerful intellectual product.

For example, a student “jumps” from the Internet and writes an abstract under his name.

Legislative acts and law enforcement practice, which are faced with these problems, are still at the stage of formation.

It should be noted that all civilized lands want to have laws for the safety of the people (including the informational one), but at the sphere counting technique law enforcement practice is still insufficiently blamed, and the law-making process does not catch up with the development of technologies, so the process of ensuring information security is rich in what spirals into self-defense.

Also, it is necessary to show that the stars can appear and why they threaten information security, so you can come in, you can live in for protection of information, and remember to competently stop and come in.

Main warehouses. Importance of the problem.

Pіd іnformatsiynoyu zpekoyu (ІB) sіd razumіti zahist іnteresіv іnteresіv іnkіv іnformatsiіnykh vіdnosin. The main warehouses are described below - confidentiality, integrity, availability. The statistics of damage to ІB are introduced, the most characteristic depressions are described.

Understanding information security

The word "information security" in different contexts can have a different sense. In the Doctrine of information security of the Russian Federation, the term "information security" is victorious among the general public. Toil on the protection of national interests in the information sphere, which is determined by the balance of the interests of the individual, the supremacy of that power.

In the Law of the Russian Federation "On participation in the international information exchange" information security is regarded as a similar rank - as a camp of protection of the information center of the society, which ensures the security of formation, victoria and development of the masses, organizations.

In this course, our respect will be focused on saving, processing and transmitting information independently, regardless of what my (Russian or foreign) will encode, who or what є її dzherelom and what kind of psychological spitting out on people. Therefore, the term "information security" has a very narrow meaning, but it is accepted, for example, in the English literature.

Pid information security Minumimo, INNISHICTIVITY TO PIDRICHICHICHICHICHICHIE VIPADKOVIKH Chi Vetmisny, a natural fueent of a piece character, yaki can do the uninhabited school for the submarines of the ilformatiyni, the sovereigns of the core -nastrilicas. (Only a little further we can explain what follows the understanding of the infrastructure, what is supported.)

Defender of information- Tse complex of calls, directing to information security.

In this way, the correct approach to the problems of information security, from a methodological point of view, is based on the manifestation of the subjects of informational input and the interests of these subjects, related to the various information systems (IV). Threats to information security are the turning point of information technology.

From this position, two important remarks can be made:

Interpretation of problems related to information security for different categories of subjects can be discussed. For illustrative purposes, submit the names of regime state organizations and educational institutions. For the first one, "let everything be broken as soon as possible, the enemy knows even if one secret bit", for the other - "let's not keep any secrets from us, but everything worked out."

Information security is not limited to protection against unauthorized access to information, which is fundamentally more understandable. The subject of informational access can suffer (to recognize the blockage and / or remove the moral fault) not only due to unauthorized access, but also due to a system breakdown that caused a break in the work. Moreover, for rich organizations (for example, primary ones) it is well to defend against unauthorized access to information to stand for importance not in the first place.

Turning to the power of terminology, it is significant that the term "computer security" (as an equivalent or replacement for IB) seems to us to be rather narrow. Computers are only one of the warehouse information systems, and if our attention will be focused on the information that is saved, processed, it is transferred for additional computers such a person is seen by the most important person (which she wrote down, for example, her password to the "girchichnik" stuck to the monitor).

Due to the importance of information security, there will be not only computers, but also infrastructure, which supports, to which you can see the systems of electricity, water and heat supply, air conditioning, utilities, maintenance personnel, service personnel. Tsya infrastructure may have self-sustaining value, but we are deprived of those, as if they are pouring into the vikonannya by the information system of proponing its functions.

It is a great respect that the appointed IB has an "unacceptable" mark in front of the "Skoda" name. It is obvious that it is impossible to insure in the event of successful strikes, it is no longer possible to grow in an economically sustainable way, if the amount of insured income does not outweigh the expansion of cleared strikes. Otzhe, it is necessary to be reconciled and defended next only in the case of whom it is impossible to reconcile. Sometimes with such an unacceptable shkoda є zapodіyannya shkodi zdorov'yu people or I'll become a superfluous middle ground, but most often the threshold of hostility may be materially (a penny) expression, and by the method of outrageous information it will change to an acceptable value.

Main warehouses and information security

Information security is a rich, one might say, rich sphere of activity, in which case it can bring more systematic, complex intelligence.

The spectrum of interests of subjects related to various information systems can be subdivided into the following categories: accessibility, integrityі confidentiality information resources and supporting infrastructure.

In some cases, before the main warehouse IBs, they include protection from unauthorized copying of information, but, in our opinion, there is a very specific aspect with doubtful chances for success, we will not be able to see it.

Let's explain the understanding of accessibility, integrity and confidentiality.

Availability - the ability to take a good hour to take the necessary information service. Under the influence of integrity, the relevance and non-superficiality of information, the protection against disruption and unauthorized change.

Safe, confidentiality - security against unauthorized access to information.

Information systems are created (removed) for the removal of singing information services. For some other reasons, it is impossible to give services to coristuvaches, so, obviously, you are giving shkodi to all subjects of informational resources. To that, not opposing accessibility to other aspects, we see it as the most important element of information security.

The role of accessibility is especially clear-cut in various management systems - vibration, transport. Zovnіshno less dramatic, but even more unacceptable legacy - and material, and moral - may be the mother of the inaccessibility of information services, which is a great number of people (sales of air tickets, bank services, etc.).

Consistency can be subdivided into static (intelligibility as the immutability of information objects) and dynamic (which can be considered to be correct in terms of collapsible data (transactions)). To control the dynamic integrity of zastosovuetsya, zokrema, under the hour of analysis of the flow of financial improvements with the method of revealing theft, reordering and duplication of okremikh podomlenya.

Integrity is the most important aspect of ІB in fluctuations, if the information serves as "certainty to diy". The formulation of medicines, the proponation of medical procedures, the selection of the characteristics of the component parts, the interruption of the technological process - all the application of information, the damage to the integrity of which can be literally deadly. It is unacceptable and conspiracy of official information, whether it is the text of the law, or the side of the Web server, be it a rank-and-file organization. Confidentiality is the most important aspect of information security in our country. Unfortunately, the practical implementation of access to the security of the confidentiality of modern information systems is found in Russia in serious difficulties. In the first place, the information about the technical channels of the round of information is closed, so the greater the opportunity to add up the potential risks. In another way, on the way of coristuvalnic cryptography, as the main security of confidentiality, there are numerical legislators and technical problems.

If you turn to analyze the interests of different categories of subjects of informational resources, then it is possible for everyone, who really wins ІС, the first place to have accessibility. Practically do not trespass for the importance of integrity - what a sense of informational service, how can you avenge the created information?

Nareshti, confidential moments are also among wealthy organizations (for example, at higher educational institutions, they try not to speak out about the salary of practitioners) and other koristuvachiv (for example, passwords).

The most widespread threats:

Knowing the possible threats, as well as the conflicting mischief, how these threats sound exploit, is necessary in order to choose the most economical security measures.

The main purpose and criteria for the classification of threats

threat- ce potenciyna mozhlivist to destroy information security by a singing rank.

Trying to implement the threat is called attack, and the one who robs such a test, - evildoer. Potential malefactors are called threaten with dzherelami.

The most common threat is the recent obviousness of conflicting areas of protection of information systems (such, for example, as the ability to access third-party systems to a critically important possession, or a pardon in software security).

Interval of an hour in the moment, if it is possible to beat a weak spot, and until the moment, if the pass is eliminated, it is called in the window of insecurity, associating with cim we will spread the mist As long as it’s not safe, you can successfully attack the IC.

If there are any pardons in the PZ, then all the time the troubles are "delivered" with the appearance of victorious pardons and are eliminated when patches are put on, which should be corrected.

For more different times of trouble, it’s necessary for a long time (spring of days, other days), shards for the whole hour may be like this:

may be aware of the problem of victorious probіlu at the defender;

to wash buti let loose patches;

the patches are guilty but are installed in the IC, which is being protected.

We have already pointed out that new and different months and those of the cause of their victorious students are announced regularly; tse means, firstly, that you can always start a week of insecurity and, in a different way, that such holidays can be held regularly, and the release of that slip of patches is yaknaishvidshe.

Significantly, such threats cannot be taken into account for the sake of pardoning the prorakhunkiv; stench is based on the very nature of the present IS. For example, the threat of switching on electricity or the exit of some parameters beyond the allowable intermediary fallow in the form of equipment security ІС in the form of acidic electricity supply.

Let's take a look at the most widespread threats, which are used by modern information systems. Mother notifications about possible threats, as well as about conflicting times, such threats call to exploit, it is necessary in order to choose the most economical security measures. There are too many myths in the field of information technology (let's guess the very "Problem of 2000"), so ignorance in this case leads to a reconciliation of costs and, even more, to a concentration of resources there, de stink is not particularly needed, for the right to relax. directly

I agree that the very understanding of the "threat" in different situations is most often interpreted in a different way. For example, for the reinstatement of the organization of confidentiality threats, you can simply not use it - all information is considered publicly available; however, more illegal access has a serious problem. In other words, threaten, like everything in ІB, to fall due to the interests of the subjects of informational resources (and in addition, as a mistake for them, it is unacceptable).

We try to marvel at the subject at a glance of a typical (at a glance) organization. Vtіm, a lot of threats (for example, pozhezha) unsafe for everyone.

Threats can be classified according to the number of criteria:

for the aspect of information security (accessibility, integrity, confidentiality), against any threat of directing us;

on the components of information systems, on the basis of threats to the population (data, programs, equipment, infrastructure, what is supported);

for the method of construction (vipadkovі / navmisnі dії natural / man-made character);

for roztashuvannyam dzherela zagroz (in the middle / pose of a looked ІВ).

As the main criterion, we will win the first one (behind aspect ІБ), zaluchayuschi for the need for others.

Main privacy threats

Confidential information can be shared on the subject of the service. Service INFORMASIA (LIFFERENT, POVITOVAVIV POVISTARIV) is not in the same way, in the same way, in the format -format system, the role is the role, Ale Rozkritty is specially not prolonged to the unauthorized access.

Please note that information is stored on a computer, or it is recognized for computer use, privacy threats may be non-computer and non-technical in nature.

Wealthy people are brought to speak as coristuvachiv not alone, but as a whole of low systems (information services). As for access to such systems, rich passwords are collected, or other confidential information, then this data will be saved not only in the head, but also in the notepad, or on sheets of paper, as often written on the working table, or else you just waste it. And here it is not in the lack of organization of people, but in the general inaccessibility of the password scheme. It is impossible to remember bagato different passwords; recommendations on how to regularly (if possible - often) change only to strengthen the camp, embarrassingly zastosovuvat incoherent schemes of drawing, or start scribbling right up to two or three is easy to remember (and the floors are easy to guess) passwords.

Descriptions of classes in different places can be called the placement of confidential data in the middle, where it is not secure (mostly - and may be secure) necessary protection. Well, the threat lies in the fact that one should not be aware of the secrets, if one asks oneself to be handed. Krіm passwords, which are saved in the memoirs of koristuvachіv, in this class, the transfer of confidential data from a vіdkrіt vіglyadі (nо rozmovі, from the list, at least), which allows for the transfer of data. For an attack, you can beat various technical deficiencies (sub-listening or wiretapping, passively wire-tapping), but one idea is to increase access to data at that moment, if the stench is the least protected.

The threat of overshooting data should be taken to respect not only with the cob configuration of IC, ale і, which is more important, for all changes. Even as an unsafe threat, ... exhibitions, on the basis of a rich organization, not long thinking, to manage the possession of the vacancies, with a lot of money that they save on them. There are too many passwords, with remote access, the stench continues to be transmitted from the open sight. It’s bad to build at the borders of a protected organization; in the joint measure of the exhibition - tse suvore testing the honesty of all participants.

Another change butt, about which is often forgotten - saving data on backup wears. For protection of data on the main ones, a separate access control system is installed; copies are not uncommon to simply lie by the closets and gain access to them for many people.

The overflowing of data is even a serious threat, and thus confidentiality is definitively critical, and data is transmitted by rich channels, which can be even more foldable and expensive. Technichni zasobi perephoplennya good opratsovani, accessible, easy to operate, and install them, for example, on the cable line, maybe, so you need to take this threat to respect, not only to the outside, but to the internal communications.

Thefts are a threat not only to backup wearers, but also to computers, especially portable ones. Often laptops are left without looking at the robots, or in the car they just spend it.

An unsafe non-technical threat to confidentiality is a method of moral and psychological injection, such as masquerade - vykonannya dіy pіd pіd pіd glyаd individual, yak maє povnovazhennja for access to data (div., for example, the article by Ira Winkler "Zavdannya: spying" in Jet Info, 1996, 19).

Before unacceptable threats, which are important to protect, you can carry recurrence evil. On various types of privilege systems, a koristuvach (for example, a system administrator) can read an existing (non-encrypted) file, gain access to a koristuvach, etc. The second butt is the head of the shkodi at the service maintenance. Call the service engineer to take away the necessary access to the possession and may be able to work in bypassing the software protection mechanisms.

These are the main threats, as they are responsible for the biggest hits in the subjects of informational resources.

Information security: understanding, goals, principles.

Sovereign policy of information security.

Stan of information security in Russia.

INFORMATION SECURITY: CONCEPTS, GOALS, PRINCIPLES

The rest of the decade of the world is going through a period of transition from the industrial sector to the information sector. Consider a cardinal change in the way of virobnism, the sight of people, inter-state representatives. For its significance, that influx on the suspіlstvo is equal to the new all-world industrial revolution, like antrochs do not compromise on their significance to the revolutions of the past. In fact, there is a story about the pharynx and realization. The rise of the development of the informational space of supremacy by the initial rank is poured into the economy, politics and rich elements of sovereignty.

The variety of opportunities, which are revealed by the development of new information and telecommunication technologies, are considered by the core of the developed countries as the basis of their social, economic, political and cultural development, as a solution to the most important domestic problems. The wealth of the country and its security is ensured today not only by private power, capital, market, but also by colossal resources of the most manipulative knowledge and information technologies. Podіbne poddnannya formє іnformatsiyne suspіlstvo, the main characteristics of this є:

Openness of information and access to it for any subject

whether there is an hour in any place;

• the presence of technological systems, which guarantees the quality of work;
• manifestation of the national intellectual potential;
• automation, robotization and technology of any systems in any area government activity;
• connection to light information channels The current information revolution is connected with the wine flow of intellectual technologies, which are based on gigantic speeds of processing information. It gives a colossal amount of information that circulates in society, which allows you to effectively resolve economic, social, cultural, political and other problems. Modern information technologies in the minds of an effective open society provide access to practically all material and spiritual benefits, multiply the intellectual resource, and also, and all other resources, with the development of the future. Without information technologies, it is impossible to ensure efficient economic growth, improve the quality of the population, create a modern credit and financial system, improve the rational management of social processes, improve the lives of the people. Informational prosperity is the achievement of a global national welfare, as it is understood as prosperity, comfort, spiritual and intellectual wealth, freedom, justice, protection.

Expansion of the information space of economic activities will require the security of virobniks, vlasniks and supportive information. The current “deposit” of business in the form of information technologies can be negatively marked by economic security of business, but the high level of centralization of corporate information can be especially effective in increasing the number of risks. In this rank, one of the warehouse economic security is information.

• information- information about special features, objects, facts, appearances, manifestations and processes, regardless of the form of their manifestations;
• informatization- organizing social and economic and scientific and technical process of creating optimal minds for satisfying the information needs and realizing the rights of citizens, state authorities, organizations of municipal self-regulation, organizations, community associations on the basis of resource formation;
• documented information (document) - recorded on the material carrier information with requisites that allow identification;
• information processes- processes of collection, collection, accumulation, collection, search and distribution of information;
• information system - organized order of documents and information technologies;
• information resources - okremі documents and arrays of documents in information systems (libraries, archives, funds, data banks, other information systems);
• information about the population (personal data) - vіdomosti about the facts, podії that surround the life of a bulky man, which allow to identify his person;
• confidential information- documented information, access to which is subject to the legislation of the sovereign state.

Under the information security of the power, the camp of protection of national interests in the information sphere, which is determined by the balance of the interests of the individual, the supremacy of that power, becomes clear.

INTERES of individuals in the INFORMASII sphere of Polyagayut from the realized constitutes of the rights of the people of the people to access to іnformasi, to the vicoristan ilformati on the bark of the health of the law, the spiritual, and such

The interests of success in the information sphere are related to the safe interests of individuals in this sphere, the development of democracy, the creation of a legal social power, the attainment of that supremacy of supremacy.

Інтереси держави в інформаційній сфері полягають у створенні умов для гармонійного розвитку інформаційної інфраструктури, реалізації конституційних прав і свобод людини в галузі отримання інформації та користування нею з метою забезпечення непорушності конституційного ладу, суверенітету та територіальної цілісності держави, політичної, економічної та соціальної стабільності, безумовно забезпечення legitimacy and law and order, development of equal and mutual international sympathy.

On the basis of the national interests of the state in the information sphere, strategic and current orders of the internal and external policy of the state are formed to ensure information security.

There are some main warehouses of national interests in the information sphere:

• 1) improving the constitutional rights and freedom of people in the sphere of investing in information and koristuvannya it, saving and improving the moral values ​​of society, tradition, patriotism and humanism, cultural and scientific potential of the country;
• 2) INFORMATSINE Objective of the Holden Politika, I have to be impaired to the Gromadsokosti of the Peni -Finding Polikika, їi -in -laws of the ponds, Izdenovs of the permissions of the thunder resources to the Vidkritikhovny resource
• 3) розвиток сучасних інформаційних технологій, вітчизняної індустрії інформації, у тому числі індустрії засобів інформатизації, телекомунікації та зв'язку, забезпечення потреб внутрішнього ринку її продукцією та вихід цієї продукції на світовий ринок, а також забезпечення накопичення, збереження та ефективного використання вітчизняних інформаційних ресурсів . In today's minds, on this basis, it is possible to solve the problem of the creation of science-based technologies, the technological redesign of industrialism, the application of the achievements of industrial science and technology;
• 4) protection of information resources from unauthorized access, security of information and telecommunication systems.

Basic goals information security:

• defender of the national interests of the state in the minds of globalization information processes, molding light informational measures that pragnennya razvinennyh krajn to іnformatsiynogo domіnuvannya;
• security of government and administration, undertakings and citizens with reliable, all the same timely information necessary for making a decision, as well as protecting the damaged integrity illegal distillery information resources;
• the realization of the rights of the people, the organizations of that power on the otrimannya, the expansion of that kind of information.

Before objects information security can be seen:

• information resources, regardless of the forms of security, to avenge information, to establish a sovereign secret and foreign access, a commercial secret and other confidential information, as well as to open (genuinely accessible) information and knowledge;
• a system for forming, expanding and selecting information resources, which includes information systems of a different class of recognition, libraries, archives and data banks, information technology, regulations and procedures for the collection, processing, collection and transfer of information and technical services, scientific services;
• information infrastructure, which includes processing centers and analysis of information, channels of information exchange and telecommunications, mechanisms for ensuring the functioning of telecommunication systems and measures, including systems and protection of information;
• the system of molding the suspіlnoї svіdomosti (svіtoglyad, moral tsіnnostі thinly), which is based on the principles of mass information;
• the rights of the citizens, the acceptance of that power to otrimanna, the rozpovsyudzhennya and vikoristannya іnformatsiї, the protection of confidential information and intellectual authority. Information about the safety of resurfacing objects

wash the superb functioning of state and community institutions, as well as the formation of a suspіlnoї svedomostі, which supports the progressive development of the country.

It is necessary to distinguish between the concepts of “information security”, “security of information” and “protection of information”. As shown above, the most blatantly understood “safety” means “a camp for the protection of the life of important interests of an individual, the support of that power against internal and external threats.” At the link z cim її can be spread out in two warehouses:

• safety of the changeable part (sensu) of information - the daily occurrence of a person’s spontaneity to negative effects, on the contrary, laying down the mechanisms of the negative on the human psyche and the negative on the other block of information (for example, the information is computerized, it is programmed for the programmer);
• protection of information from malicious intrusions (sprobe of illegal copying, extension, modification (change of sense) of corruption).

Another warehouse part of the concept of "safety of information" is called the protection of information. In this manner, a number of three scientific categories are vibrated: information security, information security, and protection of information. What is the skin attack category є warehouse front.

Podiya, as it can cause damage to the functioning of the economic object (firms, businesses, organizations, etc.), including the creation, reduction, or unauthorized use of information that is being processed, is a threat. Possibility of the implementation of threats to lie in the wildest places. The warehouse and the specifics of different areas are determined by the type of plant, the nature of the information being processed, the hardware and software features of the processing of information at the enterprise, and by the nature of the data processing.

Dzherela Zagroz information security can be shared on external and internal.

Before old dzherelam one can see: unfriendly policy of a foreign power at the gallery of global information monitoring, expansion of information and new information technologies; activity of foreign rozvіduvalnyh and special services; activity of foreign economic structures, directed against the interests of the state; evil spirits of international groups, molding and okremih osib; spontaneous dash and catastrophe.

internal dzherelami threats є: anti-legal activity of political and economic structures in the gallery molding, widening and widening of information; illegal government structures that lead to the destruction of the legal rights of the huge organization in the information sphere; violation of the established regulations for the collection, processing and transmission of information; technical assistance and failure software in information and telecommunication systems.

We have seen two main classes of cybersecurity threats.

• 1. hate, or vipadkovі, dії, which turn out to be inadequate mechanisms for defending pardons and pardons in management (for example, as koristuvachs write passwords on papiers and stick them to monitors, but you can’t talk about any sort of defending information).
• 2. Kill threats - unauthorized removal of information and unauthorized manipulation of data, resources and systems themselves (for example, the storage of storage devices on hard (optical) disks and magnetic lines to the hands of third-party devices often leads to a round of confidential information). Today, for example, there is a widespread expansion of mobile data storage, such as flash drives, Winchester C IBV The interface is thin, zoomed in on the emergence of a new class of threats to information security. Unauthorized installation of such outbuildings by disloyal spivrobitniks can lead to a round of information corporate. The only alternative to the physical connection of Sh'Ya-ports can be the use of a special system for the protection of information. The greater number of facsimiles in the area of ​​information security is considered to be the main threat to business today (Fig. 12.1).

Internet pagers

Mobile accumulators

Email

Internet (webmail, forums)

Other outbuildings

photo equipment

2008 rіk 2007 rіk

Rice. 12.1. The largest widest channels for the circulation of information

E-mail for a long time occupied a leading position in the rating of the most secure channels in the round. The reason is that mobile storage devices are less remembered: miniature outbuildings, what to remember, buildings to accommodate tens of gigabytes of data - obligatory, due to the ability hard drives. Їhnya mystkіst, mobility and simplicity of connection - the main reasons for the expansion as a choice of insiders. From the other side, for the electronic mail on the large enterprises, the security service is heavily guarded. And also, obviously, it is convenient to send a great array of tributes with such a rank. It’s just not possible to save a lot of mobile storage devices, because flash cards are often needed as needed. Today today there is a wide choice of specialized software security, building a turn around in a programmatic way.

Methods for injecting threats to information security objects are divided into information, program-mathematical, physical, radio-electronic, organizational and legal.

Before informational ways to see: disruption of addressing and spontaneity of information exchange, illegal selection and selection of information; unauthorized access to information resources; manipulation of information (disinformation, prihovuvannya chi created information); illegal copying of data from information systems; vykoristannya zasobіv z pozitsіy, scho supercheat the interests of the people, organizations and; disclosure of information from libraries, archives, banks and databases; disruption of information processing technology.

Program and mathematical Techniques include: software virus elicitation; installation of software and hardware extensions; nizchennya chi modification of data in information systems.

Physical ways to include: reduction or reduction of the processing of information and communication; corruption, destruction of machine-made and other originals of information; theft of software keys and the means of cryptographic protection of information; injection on staff; delivery of "infected" components of information systems.

radioelectronic ways є: transfer of information from technical channels її turn; retrieval of electronic devices technical background that prismіschennyah; perehoplennya, deciphering and imposing of hibnoi information in the transmission of data and communication lines; vpliv on the password-key system; radioelectronic strangulation of the line link and control systems.

Organizational and legal ways to include: purchase of incomplete or outdated information technologies and informatization tools; nevikonannya vymog legislature and obstruction in the adoption of the necessary regulatory and legal provisions in the information sphere; illegal access to documents, which is important for the public and organization information.

AT spheres of economy the greatest schile to the point of threats to information security:

• system state statistics;
• dzherela, which generates information about the commercial activity of the subjects of the government of all forms of power, about the support of the power of goods and services;
• systems for collecting and processing financial, stock exchange, tax, military information, information about the state's economic activity and commercial structures.

The system of state statistics is guilty of sufficient protection from serious and mass events. The main respect can be given to the defender of the first sources of information and the latest news. Important information in this system is the fault of the mother, reliability, sufficiency, summancy and regularity - authority, necessary for the adoption of national decisions on the level of power, galuzia, enterprises for conducting a global economic analysis and forecasting economic development.

Нормальне функціонування господарських об'єктів порушується через відсутність нормативно-правових положень, що визначають відповідальність джерел інформації про комерційну діяльність та споживчі властивості товарів та послуг, за недостовірність та приховування відомостей (про результати реальної господарської діяльності, інвестиції та ін.). From the other side, istotnі ekonomіchnі zbitki can be zavdanі sovereign and pіdpriєmnitskim structures vnaslіdnja іnformatsії, scho vengeance komertsіynu taєmnitsyu.

У системах збирання та обробки фінансової, біржової, податкової, митної інформації найбільшу небезпеку з погляду інформаційної безпеки становлять розкрадання та навмисне спотворення інформації, можливість яких пов'язана з навмисним або випадковим порушенням технології роботи з інформацією, несанкціонованим доступом до неї, що зумовлено недостатніми заходами protection of information. This kind of anxiety is found in the bodies that are occupied with the formation and distribution of information about the economic activity.

A serious problem for the normal functioning of the economy as a whole is to become more and more compromised computer malice, connected with the penetration of criminal elements computer systems that measure.

The newest steps of automation, which is a great informational supremacy, to put them in the fallowness as a step to ensure the victoriousness of information technologies, which, in their own way, lay good and build a life of faceless people.

In connection with the mass computerization of information processes, increasing the value and significance of information resources in the development of the economy, the problem of the overpowering of information, which is critically important in these systems, is especially acute. preperedzhennya її created that iznischennya, unsanctioned modifications, illegal otrimanna that vikoristannya. Nabuli popularity and promotional note about the urgency of the problem of security of information technology program contributions. At the same time, in 80% of computer evildoers, "hackers" penetrate the system through the global network of the Internet.

The intensive development of information processes could not but cause the growth of opposing activities. Computer wickedness has reached pardons of computers, which threatens to overgrow the problem, economic, environmental, political and military consequences that can become catastrophic. Malicious groups and svіlnoti begin to actively conquer in their activity the new achievements of science and technology.

The irritability of information is growing. With whom especially unsafe to become "informational terrorism" to the global computer mesh, zapobіgannya yakim important, and the liquidation of heritage is super expensive.

As it was planned, zastosuvannya of current benefits and the benefits of mass information to ensure the security of society. Talking about a problem "new colonization", The Russian philosopher A. Zinov'ev in the midst of historical sights of the colonization saw the suffocation of primus transformations on his own mind. This type of colonization is in keeping with the present hour. It is not wary, but ideological: to talk about the hoarding of the colonized land of non-powerful ideals and aspirations, to the structure of life values. conducting information warfare. The result of this process, in the words of Zinov'ev, "zahіdnіzatsії" є those who in the "colonization land primus-primus are created social and political devices of colonial democracy. Colonial democracy - only piece by piece, imposed by the country's calls and in spite of the possibilities and tendencies of the evolution that have formed. The visibility of sovereignty is preserved. The middle of the economy of the capital is being created under the control of foreign banks and forms of joint ventures.

Сьогодні список інформаційно колонізованих країн не вичерпується переліком так званих країн третього світу, оскільки єдиний інформаційний простір вимагає уніфікації інформаційних та телекомунікаційних технологій усіх країн - суб'єктів мережевого простору, а необхідний сьогодні рівень інформатизації може бути досягнутий лише в суспільстві з високим науково-технічним та let's promise with the potential and sufficient cultural and educational level of the population. Tse gives the opportunity to the hard post-industrial powers, such as the USA and Japan, to promote their economic, political and military prestige for the leadership in informatization, to establish global information control over the world's commonality and, in fact, to regulate their own language.

Informational and cultural and informational and ideological expansion of the leaders Sunset, which is being developed along the world's telecommunication networks, calls out alarm in different countries of the world. The prospect of stagnation and the possibility of spending independence are turbulent like the leaders of the powers, and so are the institutions of the community and the citizens. The rich country is already living in order to defend its own culture, traditions and spiritual values ​​in the form of someone else's informational flow, and to develop an effective information security system.

• Div: Zinov'ev A.A. Without illusions. L'Age d'Homme. Lausanne, 1979.