2. Antivirus system ESET NOD 32 for protection against computer viruses.

Irregular updating of databases and scanning of working stations is carried out.

3. Vbudovaniya Windows Backup to create archives.

OS Backup Wizard - a program recognized for the creation and renewal backup copy Windows. She allows you to create a copy of all Windows, or only a few files and folders.

4. Encryption with a key of 2048 bits for the vpn channel (connection to the company's office for the robot to send documents).

Chapter 2

2.1 Shortcomings in the system of protection of information

When analyzing the problems associated with information security, it is necessary to pay attention to the specifics of this aspect of security, as it is considered that information security is warehouse part information technologies are the halls that are developing at an unprecedented pace. Here it is not so important to know solutions (laws, primary courses, software and technical solutions) that are on the current level, as a mechanism for generating new solutions that allow you to live at the pace of technical progress.

Modern technologies Programming is not allowed to create a non-milk program that does not harm the security of the swedish development information security.

Having analyzed the information security of the enterprise, it is possible to raise visnovoks that lack of respect is attached to the information security:

Vіdsutnіst passwords for access to the system;

Revision of passwords for an hour of work with the program z 1C: Reception when changing data;

Daily dodatkovy zahist files and information (during the day, an elementary password entry when you change the information in the files, but about the encryption of the data);

Irregular updating of antivirus program databases and scanning of working stations;

There is a large number of documents on the paper noses of the land of debility to lie in folders (and without them) on the working table of the spivrobitnik, which allows evil-doers to easily speed up given information for their purposes;

No regular discussion of nutrition and information security at the enterprise and problems that are to be blamed on our galleys;

The regular review of the practicality of business information systems has not been organized;

Vidsutnist policy of information security;

The authority of the system administrator.

Everything has been rehabilitated by even more important shortfalls in the information security of business.

2.2 Metadata of the information security system

Security of information - camp of protection of information resources at counting measures in systems of acceptance in the form of unauthorized access;

Purpose of protection of information:

zapobіgannya threats security pridpriєmstva in naslidok unsanctioned dіy schodo nischennya, modification, spoofing, copying, blocking іnformatsiії or other forms of illegal delivery in the information resources and information systems;

saving commercial secrets, which are processed from victories counting technique;

defender of the constitutional rights of citizens on the protection of special secrets and confidentiality of personal data, which is in information systems.

In order to achieve the goals of the defender, it is possible to ensure the effective accomplishment of the upcoming tasks:

· Defendant in the process of functioning under the acceptance of third-party systems;

· Defend against unsanctioned activities with information resources of third-party osib and spivrobitnikiv, yakі not mayut vіdpovіdnih povnovazhen;

· Ensuring completeness, reliability and efficiency of informational support for the adoption of managerial decisions by the business enterprise;

· Physical security technical aids that software security of enterprise and protection of both man-made and natural threats;

· Registration of data, which should be added to the security of information, security of total control and compliance of all operations, which are applied to the enterprise;

· timely manifestation, evaluation and forecasting of threats to security information, causes and minds, scho priyat zavdannya to the interests of subjects, disruption of normal functioning and development of business;

· analysis of risks in the implementation of threats to security information and the assessment of possible corruption, intimidating unpleasant incidents of disruption of the security of business information, a combination of minds for minimization and localization of traffic jams;

· Safeguarding the ability to update the current state of business in the event of damage to the security of information and liquidation of historical damage;

· Creation of that formuvannya tsіlespryamovanoї politiki bezpeka іnformatsії pripriєmstva.

2.3 Take care of a thorough information security system

For the achievement of goals that have been set, it is necessary to carry out the task on the level of information security.

Administrative riven of information security.

For the formation of the information security system, it is necessary to expand and approve the information security policy.

The security policy is a collection of laws, rules and norms of behavior directed to the protection of information and resources associated with it.

It follows that the policy that is being developed is guilty of complying with the fundamental laws and the rules that lie before the organization, tobto. it is necessary to legislate the rules and take them to the point of respect in the development of the policy.

Chim nadіynisha system, tim suvorіshim and raznomanіtnіshim may be the security policy.

Depending on the formulated policy, you can choose specific mechanisms to ensure the safety of the system.

Organizational riven for protection of information.

Seeing the shortcomings described in the front section, you can call in the following way to shorten the information:

The organization works on training new staff with new software products for the participation of qualified specialists;

Development of the necessary inputs for directing to a thorough system of economic, social and informational security of business.

To conduct a briefing in order to ensure that the clerk understands all the importance and confidentiality of the information entrusted to you, to that, as a rule, the reason for the disclosure of confidential information is the lack of knowledge by practitioners of the rules of defense commercial secrets and unreasonable (otherwise unreasonable) the need for their retelny dotrimannya.

Suvoriy control over dotrimannym practitioners of the rules of work with confidential information;

Control over the dotrimanny rules for the collection of working documentation of the entrepreneurs;

Planned meetings, seminars, discussions about nutrition, informational security of business;

Regular (scheduled) re-verification and maintenance of all information systems and information infrastructure for practicality.

Assign a system administrator permanently.

Software and technical come in to zahistu.

Software and technical support is one of the most important components in the implementation of information protection of the enterprise, so in order to promote equal protection of information, it is necessary to carry out and zastosuvati so come in:

Entering passwords for koristuvachiv;

In order to regulate the access of correspondents to the information resources of the enterprise, it is necessary to maintain a list of correspondents, so that they can enter the system under their login. With the help of Windows Server 2003 Std, installed on the server, you can create a list of passwords with valid passwords. Distribute passwords to practitioners from the first instructing them to win. It is also necessary to enter the term of the password, after which you will be prompted to change the password. Enclose a number of attempts to log in to the system with the wrong password (for example, up to three).

Introducing passwords for the 1C program: Starting when working with a database, when changing data. Tse can vikonati for help program contributions PC and software.

Separation of access to files, directories, disks.

Razmezhuvannya access to files and directories will be set by the system administrator, which will allow access to files, folders and files for the skin coristuvacha specifically.

Regular scanning of working stations and updates of anti-virus program databases.

Allow to show and neutralize shkіdlі programs, liquidate the causes of infection. It is necessary to install robots, set up and ensure the functioning of the systems antivirus zakhistu.

For which it is necessary to install the anti-virus program on a regular PC scan and regular database updates from the server.

Installation on the computer server of the Agnitum Outpost FireWall tethered screen, which blocks attacks from the Internet.

Advantages of using the Agnitum Outpost FireWall screen:

¾ control of the computer's system with others, blocking hackers and preventing unauthorized calls and internal access to the security.

LEGAL PROBLEMS OF COMPUTER TECHNOLOGY AND COMPUTER TECHNOLOGIES AND REGULATION OF LEGISLATION

RESTORATION OF THE INSTITUTIONAL MECHANISM FOR INFORMATION SECURITY OF THE RUSSIAN FEDERATION

IMPROVING THE INSTITUTIONAL MECHANISM FOR ENSURING THE INFORMATION SECURITY OF THE RUSSIAN FEDERATION

© Yulia Oleksandrivna Koblova

Yuliya A. Koblova

Candidate of Economic Sciences, Associate Professor of the Department of Institutional Economics and Economic Security Saratov Social and Economic Institute (filia) FSBEI HPE “Reu im. G.V. Plekhanov"

Cand. Sc. (Economics), Social Social-Economic Institute, Saratov Social-Economic Institute (Litol) Plekhanov Russian University of Economics

e-mail: [email protected]

The article continues the institutional aspects of the information security of the state. The essence of the role of the institutional mechanism in the security of information security of the state is revealed. An assessment of the institutional security of information security in Russia is given. The problem has been seen and the system has been promoted for a thorough institutional mechanism for ensuring the information security of the country.

Keywords Key words: institutions, institutional mechanism, information security, Internet space.

Teachers who teach national aspects of national security information in the state. Authentication of principles and the role of the institute of the mechanism of protection of information, health protection, assessment of the institute of protection of information, safety in Russia, high lighting, and assessment of the system of protection of information up to the institute of protection of information.

Keywords: institutions, institutional mechanisms, information security, internet space.

The security of the informational security of the state - it is necessary to achieve a new sovereign function with a comprehensive and comprehensive method and tools, which have not yet been established.

mentiv. Її the formation of the necessary protection of the state and the state against information threats associated with the development of new information and communication systems.

their technologies. The scale of the negative consequences of these threats for powers, organizations, people is already aware of the world's spivism, the most important task of the power is the development of a system of calls to protect them from that neutralization. An important role in the reach of information security of the state is played by the institutional mechanism of security. Efficiency of the institutional system that implements the supporting interests, guaranteeing their harmonization with the method of securing the greater sovereign interests, the foundation of national and information security.

Let's guess that the institutes - tse bred by human knowledge and dosvidom rules of mutuality ("rules of the gri") in the society, obezhennya and rethink the development of politics, the social sphere and the economy. Institutions that support the development of a new economic growth, legislate the rules that form spontaneous motives and mechanisms. Institutions set up a system of positive and negative incentives, reduce insignificance and slacken the social environment to a greater extent. The institutions that guarantee information security are: the rule of law, an independent and competent court, the presence of corruption and others.

The institutional mechanism for ensuring information security is a special structural storage mechanism of the government, which ensures the implementation of norms and rules that regulate the interaction of various economic entities information sphere to protect against threats to information security. Institutional mechanism to bring at the institution (formal and informal), the structure of the mutual modality of the subjects, establishing control over the implementation of the established norms and rules.

The essence of the institutional mechanism is manifested through yoga functions. O.V. Inshakov and N.M. Lebedeva is aware that the institutional mechanism is violating such functions, so that it can be established and up to the mechanism of information security:

1) integration of agents into one institution with the method of increasing cohesiveness within the framework of global statuses and norms;

2) differentiation of norms and statuses, as well as subjects and agents of various institutions for distributing and ignoring their benefits; regulation of interrelationships between institutions

that and yoga agents are viable until they are restored;

3) zdіysnennya transfer of new ones to real practice;

4) ensuring the implementation of routine innovations;

5) subordination and coordination between subjects, which lie before other institutions;

6) informing subjects about new norms and about opportunistic behavior;

7) regulation of the activities of the subjects, which divide and expel the help, appointed by the institute;

8) control over the violation of norms, rules and regulations.

In this way, the institutional mechanism for ensuring information security includes the legislative basis and the institutional structure that will ensure it. The improvement of this mechanism includes the reorganization of the legislative framework for information security and institutional structures against threats to information security.

The institutional mechanism for information security includes: adoption of new laws, which would protect the interests of all subjects in the information sphere; maintaining the balance of creativity and intermediate functions of laws in the information sphere; the integration of Russia in the light of the legal space; vrahuvannya I will become the sphere of industrial information technologies.

This year, Russia has formed a legislative base in the information security system, which includes:

1. Lawy Russian Federation: The Constitution of the Russian Federation, "On security"; “About the organs of the Federal Security Service in the Russian Federation”, “About the national secret”, “About the call of intelligence”, “About the participation in the international information exchange”, that in.

2. Regulatory legal acts of the President of the Russian Federation: Doctrine of information security of the Russian Federation; Strategy national security Russian Federation until 2020, "About the foundations of state policy in the field of informatization", "About the translation of reports, introductions to state secrets" and in.

3. Normative legal acts of the Order of the Russian Federation: “About certification

Use to Zachist іnformasyї ”,“ About the lavenzannaya of the dyynosti Pіdprimniy, the establishment of the organized by the Robit, who are pleasing to the vicoristani of the widomosts, to become the sovereign of the Tamnitza, the stimulant of the bastard , “About licensing of other types of activities” and in.

4. Civil Code of the Russian Federation (part four).

5. Criminal Code of the Russian Federation.

For the rest of the years in Russia sold

a complex of visits for a thorough security and information security. It was implemented to secure information security at the federal authorities of state power, state authorities of the constituent entities of the Russian Federation, at subsidiaries, in the establishments of that organization independently of the forms of power. Works are being carried out from the defense of special information and telecommunication systems. An effective solution to the problems of information security of the Russian Federation is adopted by the state system of protection of information, the system of protection of state secrets and the system of certification of the protection of information.

Державна технічна комісія при Президентові РФ проводить єдину технічну політику і координує роботи у сфері захисту інформації, стоїть на чолі державної системи захисту інформації від технічних розвідок і забезпечує захист інформації від витоку технічних каналів біля Росії, відстежує ефективність заходів захисту.

The important role of the system of information security of the country is played by the state and the hromada organizations: they will control the state and non-state powers of mass information.

At once about those equal information security of Russia over the whole world, according to the needs of our support of that power. In the minds of the information society, there is a need to keep the exchange of information exchanged with the need for expansion and freedom of exchange of information, on the one hand, that need to preserve the environment of regulation of the exchange on the її wide.

In this hour, the institutional security is secured by the Constitution of the Russian Federation of the rights of citizens in the information sphere (for lack of private life, special secrets, and listing of the rights of citizens). Leave-

lie bazhati the best zahistu personal data collected by the federal authorities.

Vidsutnya cleanliness of the policy of the state in the sphere of molding information space RF, sponsoring mass information, international information exchange and integration of Russia in the world information space.

Improvement of the institutional mechanism of information security of the state, in our opinion, can be directed to the solution of such important problems.

The weak practical orientation of the current Russian legislation in the information sphere creates problems of a legal and methodological nature. There are thoughts that the Doctrine of information security of the Russian Federation has no applied value, to avenge impersonal inaccuracies and methodological pardons. So, the objects of information security in the Doctrine are interests, singularity, supremacy, power - understandable, as it is not possible to equal each other. A lot of vchenih gave respect to the inadmissibility of accepting it as an object of information security for the protection of interests, and not their noses.

Zastosuvannya tsikh categorіy, zmіst kakіh nevyznachena, at the legislator's document is insufficiently unremarkable. For example, subjects of law - ce legal physical individuals, organizations, individuals without a community, vikonavchi organs of power

The Doctrine of Information Security of the Russian Federation recognizes as threats to information security:

activity of foreign structures;

Concept development information wars low edge;

Pragnennya low lands to the dominance of those others.

According to G. Atamanov's thought, it can be an object or a subject, which takes a part in the information process, or the building, into a new world. For example, threats to information infrastructure under US law include: hackers attacking the US; terrorist groups; powers against which an anti-terrorist operation can be directed;

hackers, yakі tsіkavlyat or self-assertive.

The shortcomings and the framework character of the Doctrine reduce the effectiveness and obmezhuyut sphere її zastosuvannya, ask nevirniy directly development of legislation in the information sphere and more and more confuse yoga.

For proper security of information security, it is necessary to create a legal system of legal vouchers, which, in its own way, is impossible without reviewing the categorical apparatus, the doctrinal and the conceptual foundation of legislation in the information sphere.

2. Explored by legislation and practice in the information sphere.

Majestic prirva mizh legislature and practice in the information sphere ob'ktivno іsnuє through strіmkіst that scale development of information technologies and the Internet, which mittєvo generate new threats. The legislative process, now, is a long and thorny one. Therefore, in today's minds, the necessary mechanisms are needed to allow the development of laws from the realities of the development of information technologies and information support. Importantly, so that the performance was not too great, you can reduce the shards to a reduction, or use information security.

Podolannya rozrivu mizh practice and legislation in the information sphere є necessary to reduce and neutralize the threats of information security, which is blamed on the development of information technology and the vacuum in legislation.

3. The presence of supranational institutions that guarantee information security.

It is impossible to resist the malices that are committed on the Internet, by the forces of one country. Defensive entrances on the national level will not be ugly, shards of defencemen can stay outside the cordon. To fight against them, it is necessary to consolidate our knowledge on the international level and adopt international rules of conduct in the Internet space. Just try and try. Thus, the Budapest Convention for the sake of Europe allowed the persecution of guerrillas on the territory of a foreign state without prejudice to its power. For this very reason, the country vvazhayut unacceptable ratification of this document.

Model law "On the basis of the regulation of the Internet", praises at the plenary

meetings of the Interparliamentary Assembly of the Krai - a member of the SND, establish the order of sovereign support and regulation of the Internet, and establish the rules for the appointment of a month at the same time to reduce legally significant actions at the border. In addition, the law regulates the duty and scope of operator services.

It is necessary to sign and ratify the document that allows the exchange of confidential information from Russia, Belarus and Kazakhstan. There is a protocol, which determines the procedure for submitting information, which is to avenge confidential information, to investigate, which is to redo the supply of special protections, anti-dumping and compensatory entries in one hundred and third countries. The favor of the powers is even more important - a participant in the Mitny Union, as it allows you to jointly virobit and support anti-dumping and compensatory measures. In this manner, on this day, a scientific regulatory framework has been organized, as if creating a fundamentally new supranational body, not only to carry out investigations, to select the evidence base, but to protect it from vitokov, and to determine the order of the data.

The formation of supranational institutions in the information sphere will allow to improve the exchange of national laws in the fight against information mischief.

4. Vіdsutnіst іnstituciy іnternet space.

In international law, new institutions may appear that regulate the interaction of subjects in the Internet space, such as "electronic cordon", "electronic sovereignty", "electronic filing" and others. We accept the latent nature of cyber-malice, that is. zbіlshennya rozkrittya cyberzlochinіv.

5. Development of private-state partnership in the sphere.

At the link with the organizations of the ranks of the organization, publish information about the camp of their own information security system because of the dilemma. On the one hand, these publications show the power of the powers to support the cybersecurity system on high ground. It would seem that such a result should lead to a more efficient structure of cyber security. Ale, from the other side, the publication of information about the shortcomings of the cyber-

Scientific and practical journal. ISSN 1995-5731

The security of state organizations with greater ability to rob them of hacker attacks, which will require more resources for them to protect them.

The biggest problem for the security of security and the exchange of information related to security, between state agencies and corporations Gordon and Loeb, is the problem of “no receipts” (//te-et). It would have been better if the shards of computer security were deposited with a skin participant, such a technique would be the best way to increase the efficiency of the benefits that are involved in the security of cybersecurity. Successful exchange of information and confirmation at the cyber security network could give the opportunity to coordinate such activity on the national and international level. But it’s true that the company’s fear of spending competitive advantages, taking a part in a similar merging spivrobnitstv and giving new information about itself, to bring up

nіyu vіd nadannya new information. To change the situation here, we can only develop a sovereign-private partnership based on the provision of significant economic incentives.

In this manner, the institutional mechanism for ensuring the information security of the state transfers the formation of legislative ambushes and institutional structures that will secure it. Для вдосконалення інституційного механізму та формування нової архітектури економічної безпеки в умовах інформаційної економіки запропоновано систему заходів, що включає: подолання декларативного характеру законодавства та скорочення розриву між законодавством та практикою в інформаційній сфері, формування наднаціонального законодавства в інформаційній сфері, створення нових інститутів, що визначають рамки vzaєmodії and rules of conduct in the Internet space

Bibliographic list (References)

1. Inshakov O.V., Lebedeva N.M. Gospodarsky and Institutional Mechanisms: Spiving and Interaction in the Minds of Social and Market Transformation of the Russian Economy // Bulletin of S.-Petersburg. holding unti. Ser. 5. 2008. VIP. 4 (No. 16).

2. Dzliev M.I., Romanovich A.L., Ursul A.D. Security problems: theoretical and methodological aspects. M., 2001.

3. Atamanov G. A. Information security in the daily Russian Suspіlstva(Social and philosophical aspect): dis. ... cand. Philos. Sciences. Volgograd, 2006.

4. Kononov A. A., Smolyan G. L. Informational support: Suspіlstvo total riziku chi Suspіlstvo garantenoї sekpeka? // Informational support. 2002. No. 1.

1. Inshakov O.V., Lebedeva N.N. (2008) Economic and institutsional "nyy mechanisms: correlation and interaction in the usloviyakh social" but-rynochnoy transformatsii of the Russian economy // Vestnik S.-Peterb. gos. unta. Ser. 5. VIP. 4 (No. 16).

2. Dzhilev M.I., Romanovich A.L., Ursul A.D. (2001) Safety issues: theoretical and methodological aspects. M.

3. Atamanov G.A. (2006) Informatsionna bezopasnost "in modern Russian society (social" no-filosofskiy aspekt). Volgograd.

4. Kononov A.A., Smolyan G.L. (2002) Information society: a society of total "risk or obschestvo garantinnoj bezopasnosti? // Informat-sionnoe obshchestvo. No. 1.

It's easy to send your harn to the robot to the basics. Vikoristovy form, raztastovanu below

Students, graduate students, young adults, like victorious base of knowledge in their trained robots, will be your best friend.

Placed on http://www.allbest.ru/

COURSE PROJECT

From the discipline "Information security"

On the topic

“Improving the information security system for

under the responsibility of TOV "Aries"

Entry

Talking about information security, they are on the lookout, seeming good, computer security. True, information that electronic wearers play a greater role in the life of modern society. Вразливість такої інформації обумовлена ​​​​цілою низкою факторів: величезні обсяги, багатоточковість та можлива анонімність доступу, можливість "інформаційних диверсій"... Все це робить завдання забезпечення захищеності інформації, розміщеної в комп'ютерному середовищі, набагато складнішою проблемою, ніж, скажімо, saving the secrets of the traditional mail listing.

If we talk about the safety of information, which is saved on traditional wears (papyre, photo papers, then), then the savings can be reached by entering the physical defense (that is, protection from unauthorized penetration into the protection zone of the wear). Other aspects of the defense of such information are related to natural disasters and man-made disasters. In this rank, the understanding of "computer" information security is broader than that of "traditional" wearers.

If you talk about the authority of the approaches to the end of the problem of information security on different levels (state, regional, equal of the same organization), then such authorities simply do not exist. Passing to the security local lines at a small firm. Therefore, the principles of information security in these robots are seen on the butts of the activity of a good organization.

The method of the course project is a thorough information security system TOV Aries. The head of the course work will be - analysis of TOV "Oven", its resources, the structure of the basic information security system at the enterprise, and the research methods of the polypshennya.

At the first stage, an analysis of the system of protection of information is carried out. To take away the results at another stage, a search for methods is carried out to obtain the protection of information, as a result of the weak side in this system.

1. Analysis of the information security system at TOV "Oven"

1.1. Characteristics of the undertaking. Organizational and staffing structure of the enterprise. The service that is engaged in information resources and services

Povna company name of the enterprise - Partnership with a fringed vіdpovіdalnіstyu "Aries". Short name of the Partnership - TOV "Aries". Dali behind the text Suspіlstvo. Suspіlstvo not maє fіlіy and representatives, the only center of distribution in the Perm Territory, Suksunsky district, the village of Martyanovo.

Suspіlstvo was established in 1990 as a small farming state and a few three founders. After the reorganization of the farmer's state, the rural state in 1998 lost a single principal. The restoration of the reorganization was in April 2004. From the 1st quarter of the year, the partnership became known as a partnership with a fenced-in partnership "Aries".

The main direction of the activity of the partnership is the development of agricultural products, natural materials, the sale of agricultural products. Today, Russian suspense borrows thirteen places among the Cartoplean states, and first in the Perm region.

Legal address: Russia, 617553, Perm Territory, Suksunsky, Martyanovo village.

Objectives of business in general:

· Otrimannya surplus of the main activity.

· Promoting competitiveness of products and expansion of markets.

· Concentration of capital and growth of investment resources for the implementation of investment and other projects.

Mission of partnership:

1. Continue to take a leading position above the market.

2. Creation of the national state.

Organizational structure of the enterprise.

On the undertaking of victors, there is a linear-functional structure. The linear-functional structure has a hierarchy of services. This structure has the right to order the next level of management of functional nutrition.

The structure of the enterprise is represented by small 1.

Placed on http://www.allbest.ru/

Placed on http://www.allbest.ru/

Figure 1 - Organizational structure of TOV "Oven"

1.2 Analysis and characteristics of business information resources

Today all turbovanie security of corporate information. All the greater popularity is gained by programs and whole complexes, recognized for the protection of data. No one should think about it, what can mothers like a well-deserved zahist, but all the same spend important information. To that one of your spіvrobіtnikіv vznaє її insignificant and put on a deep look. And if you are convinced, if you are protected in the first place, then you will have mercy. At first glance, such a situation looks unrealistic, similar to a joke. Prote tak just trapleyaetsya, moreover trapleyaetsya often. First of all, the technical staff, which is more important than ever, deals with the problems of information security, do not start your mind, if you need data, but if you don’t. In order to understand, it is necessary to break down all the information on different types, Yaki is accepted to be called types, and clearly distinguish between them.

Vlasne kazhuchi, all companies that specialize in the supply of complex security systems for the security of computer information, to insure for these goods different types. The axis here needs to be protected. On the right, in that the imported products are subject to international standards (zocrema, ISO 17799 and others). Depending on them, all data is divided into three types: confidential, confidential, and strictly confidential. At the same time, in our country, there is a good deal of legislation vikoristovuetsya deshcho іnshe razmezhuvannya: vіdkritа іnformatsija, for vіdnіshny vikoristannya that konfіdentsіyna.

Under the vіdkritoy maєtsya on uvazі be-yak іnformatsіya, yak can be freely transmitted to other persons, and also rozmіschuvatsya at the back of mass information. Most often, it is seen in press releases, speeches at conferences, presentations and exhibitions, as well as (naturally, positive) elements of statistics. Krіm tsgogo, all the data is brought to the neck, taken from the vіdkritih zvnіshnіkh dzherel. Well, obviously, information that is recognized for a corporate site is also considered public.

At first glance, it seems that revealing the information will not require protection. Prote people forget that the data can not be more than won, but it can be substantiated. And to that, saving the integrity of the critical information is an important task. Otherwise, the deputy for a long time for the prepared press release can be unreasonable. Abo Main side the corporate website will be supported by imaginative writings. Also, you will need to provide information.

As if it were another business, the support may reveal information that is important to avenue at the presentations of demonstrations to investors.

Before the information for the internal victorious, there should be some data that the victorists use for the creation of their professional shoes. But still not all. All information, which are exchanged among themselves by different people, for the sake of ensuring their own practicality, should be assigned to the category. І, nareshti, remaining type of data, yakі pіd tsyu categorіyu danih, - іnformatsija, otrimana z vіdkritikh dzherel i piddana obrobtsі (structuration, editing, explanation).

In fact, all this information that has been consumed by rivals like evil-doers cannot lead a serious bad company. Prote pevnі zbitki vіd її stole still can be. Admittedly, the spіvrobіtniki chose the news for their boss from those who sho yogo clique, among them they chose the most important remembrances and commemorated them. Such a digest is information for the internal wiki (information taken from the official journal and reviewed). At first glance, it seems that competitors, having taken yoga off, cannot take off the measles. But really, the stench can guess what kind of activity it is to cackle the core of your company, and who knows, it’s possible, they can inspire you to get ahead of you. Therefore, the information for internal use is guilty of being protected not only for replacement, but also for unauthorized access. Truthfully, at the most important vipadkіv it is possible to settle down with the safety of local fringe, to that it is not economically viable to stain large bags.

On the basis of submissions, there is also a different kind of information that can be found in various stars, lists, and transcripts.

Confidential information - documented information, access to which is subject to the legislation of the Russian Federation, which is not publicly available and in times of discourse is given to the right to protect the law and the interests of the individual, її nada. The transfer of tribute, which lies up to the neck, is established by the power. At the moment, wine is as follows: personal information, information that becomes a commercial, service or professional secret, information that is a secret of investigation and business. In addition, the rest of the hour before the confidential data began to be given about the existence of winegrowing or scientific evidence until the official publication.

Prior to confidential information for business, you can enter the following data: development plan, scientific and recent work, technical documentation, armchair, rozpodil pributka, contract, call, resources, partners, negotiations, contracts, and information about planning and planning.

There are about twenty PCs at the enterprise. As far as the visibility of the local measure for business, then the PC of the enterprise is not united into a single measure. In addition, all computers are equipped with a standard set of office programs and accounting programs. Three computers can connect to the Internet via the WAN miniport. If you want a computer on the premises, it does not have an anti-virus program. The exchange of information is carried out at the sight of people: flash drives, floppy disks. All the information on the "traditional" noses is stashed at the wardrobes, so they don't flicker. The most important documents are placed in the safe, the keys to which are taken from the secretary.

information about security

1.3 Threaten and defend the protection of information at the enterprise

The threat of security information is the confluence of minds and factors that create a potential or really significant problem, connected with a round of information and / or unauthorized and / or unfortunate influxes on it.

Behind the methods on the object of information security, threats that are relevant to the state, apply an offensive classification: informational, software, physical, organizational and legal.

Before information threats lie:

· Unauthorized access to information resources;

· Information disclosure from archives and databases;

· Broken technology processing information;

· unlawful selection of the selected information;

To lie before software threats:

· computer viruses that shkidlivі programs;

Before physical threats lie:

· Reducing or ruining the processing of information and communication;

· Withdrawal of information;

· Influx on staff;

Before organizational and legal threats lie:

· Purchase of incomplete or outdated information technologies and informatization tools;

Take care of the protection of information - the whole set of engineering, technical, electrical, electronic, optical and other outbuildings and outbuildings, fittings and technical systems, as well as other speech elements, which are victorious for the execution of various tasks from the defense of information, including the advancement of the turn and the security of the security of information that is defended.

Let's take a look at the protection of information that is needed for business. Usago їх є chotiri (hardware, software, zmіshanі, organization).

The hardware- locks, gates on the windows, protection of the signalization, filigree filters, video warning cameras.

Program protection for protection: operating system protection, such as protection, password, cloud recording.

Organizational support for defense: preparation of the application from computers.

2 Improved information security system

2.1 Identified shortcomings in the system of protection of information

The most important place for the protection of information in the future is the protection of computer security. In the result of the surface analysis for the enterprise, one can name the following shortcomings:

§ Rarely vibrating backup copy information;

§ Insufficient level of program resources for protection of information;

§ Deyakі svіvrobіtniki mаyutnu lacking novichku volodіnnya PK;

§ There is no control over practitioners. Often, practitioners can work from the office without turning on their PC and using their flash-carrying service information.

§ Vіdsutnіst normative dokumentіv s іnformatsiynoї ї bezpeki.

§ Not on all computers there are passwords for the OS, such as passwords and public records.

2.2 Purposes and tasks of molding the IB system at the production site

Головною метою системи інформаційної безпеки є забезпечення сталого функціонування об'єкта, запобігання загрозам його безпеці, захист законних інтересів підприємства від протиправних посягань, недопущення розкрадання фінансових засобів, розголошення, втрати, витоку, викривлення та знищення службової інформації, забезпечення нормальної виробничої діяльності всіх підрозділів об 'єkta. Another method of the system of information security is the promotion of services and guarantees of the security of my rights and interests.

Head of the formation of the information security system in the organization: integrity of information, reliability of information and confidentiality. When vikonannі zavdan tsіl will be realized.

The creation of information security systems (SIB) in ІС and IT is based on the following principles:

Systemic advancement to budovi system zahistu, which means the optimal mutual interops of organizational, software, hardware, physical and other authorities, confirmed by the practice of setting up foreign and foreign systems of zahistu and zastosovaniya at all technological stages.

The principle of uninterrupted development of the system. This principle, which is one of the main ones for computer information systems, is even more relevant for CIB. Ways to implement threats to information in IT are constantly being improved, and to that, IT security cannot be a one-time act. This is an uninterrupted process, which contributes to the implementation of the most rational methods, ways to improve CIB, uninterrupted control, revealed її high and the weak, potential channels for the flow of information and new ways of unauthorized access

He added that minimum of renewal to access to the completed information and processing procedures, so that it is given, both to coristuvachs and to the IC practitioners themselves, to a minimum of suvoro renovations, sufficient for them to wear their service clothes.

The need for control and registration of samples of unauthorized access, the need to accurately establish the identity of the skin cortex and the protocol for conducting a possible investigation, as well as the impossibility of creating an operation to process information without registration in the country

The security of the system’s arrogance is to be defended, so that the impossibility of lowering the reliance of the arbitrariness in times of faults in the system, vidmov, navmisnyh diy burglar, or unfortunate pardons of coristuvachiv and service personnel.

Ensuring control over the functioning of the system is zahistu, tobto. creation of zasobіv and methods of control of pratsezdatnostі mehanіzmіv zahistu.

Provision of various manpower resources to fight against sciatica programs.

Safeguarding the economic dotsillnosti vikoristanny system zahistu, sho vyyavlyaetsya at the relocated possible shkoda ІV and ІТ in the implementation of threats over the variant of the distribution and exploitation of the SIB.

2.3 Proposals for improvement of the information security system of the organization

Shown nedolіki for pripriєmstva vmagayut їkh usunennya, to that carrying out of such zahodіv.

§ Regular backup copies of the database with special data of spіvrobіtnikіv partnerships, with accounting data and other bases, which are on business. Tse zabіzhit vtrati data through the failure of disks, the inclusion of electricity, the influx of viruses and other vipadkіv. Relatively scheduling and regular backup procedures allow for data redemption.

§ Vykoristannya zasob_v OS skin computer. Creating cloud records for specialists and regularly changing the password for these cloud records.

§ Navchannya staff of the enterprise robots with computers. Necessary intelligence for the correct work at the work stations and the protection of waste and poor information. Vіd novice volodіnnya PK staff to lay down the robot of the entire enterprise, to ensure the correctness of vikonannya.

§ Installed on a computer antivirus programs such yak: Avast, NOD, Doctor Web just. Do not allow infected computers to be infected with various shkidlivy programs, as they are called viruses. What is even more important for this business, because a PC can have access to the Internet and spyware for the exchange of information are flash-carried.

§ Vedennya control over spіvrobіtniki for additional video cameras. It is necessary to allow the shortness of the fluctuations of a not-so-bad occasion from the possessions, the risk of stealing the possession of that їх psuvannya, and also to allow the control of the "guilt" of service information from the territory of the court.

§ Development of the normative document “Come in for information in TOV “Aries” and reparation for their damage”, which bipowed to the dignified legislation of the Russian Federation and to assign risks, damage and reparation for damage (penalties, punishment). And also the introduction of a separate graph to the employment contract of the partnership, which is necessary for the recognition of such a need to comply with the provisions of this document.

2.4 Efficiency of proponing entries

Please come in to carry positive moments in your life, as well as to solve the main problems in the enterprise, which are necessary for information security. But with all the stench, we need to make additional contributions to the training of personnel, the development of regulatory documents regarding the security policy. Vimagatim dodatkovykh vitrate pratsі not include stovіdsotkovo riziki. Start your mother's place human factor, force majeure furnish. But still, don’t come in and check on the updated information, use the ability to turn over those checks that are needed to expand the security system.

Let's take a look at the results of the requested visits:

1. Promotion of the reliability of the IB organization system;

2. Promotion of the salary of the PC to the staff;

3. Changed the risk of wasting information;

4. The presence of a normative document of the initial security policy.

5. It is possible to change the risk of entering / faulting information from the undertaking.

3 Information security model

The model of information security is presented (Figure 2) - the totality of objective external and internal factors and their impact on the camp of information security on the object and on the conservation of material and information resources.

Malyunok 2 - Information security system model

Ця модель відповідає спеціальним нормативним документам щодо забезпечення інформаційної безпеки, прийнятим в Російській Федерації, міжнародному стандарту ISO/IEC 15408 "Інформаційна технологія - методи захисту - критерії оцінки інформаційної безпеки", стандарту ISO/IEC 17799 "Управління інформаційною безпекою", та враховує тенденції розвитку domestic regulatory framework (Zokrema, State Technical Committee of the Russian Federation) from the nutrition of information security.

Visnovki and propositions

The information era has led to dramatic changes in the way of making one's shoes for a great number of professions. Now a non-technical specialist of an average level can beat the robot, as before he beat a highly qualified programmer. The serviceman may have his own ordering style of accurate and operational information, but not in any way.

Ale vikoristannya computers and automated technologies to produce before the appearance of low problems for the organization. Computers, often combined in a merezhі, can give access to a colossal amount of the most addictive data. That is why people are worried about the security of information and the visibility of the risks associated with automation and the data of significantly greater access to confidential, personal and other critical data. All zbіlshuєtsya kіlkіst kom'yuternyh malchinіnі, scho mozhe cause, zreshtoyu, to boost the economy. Therefore, it may be clear that information is a valuable resource that needs to be protected.

І oskolki automation has brought to the point that now operations with computational equipment are counted by simple employees of the organization, and not by specially trained technical personnel, it is necessary, schob kіntsі koristuvachі knew about their viability for defending information.

There is no single recipe that will provide a 100% guarantee for the safety of data and other work. The solution of a complex, well-thought-out concept of security, which is specific to the specifics of the head of a particular organization, will help to reduce the risk of using the most important information to a minimum. Computer zahist is a permanent struggle against the foolishness of the hackers and the intellect of hackers.

Nasamkinets want to say about those who defend information are not surrounded by technical methods. The problem is clearly wider. The main nedolіk zakhistu is people, and to that the need of the security system is to lay a lot of the best kind of installation before her company's servicemen. Krіm tsgogo, zakhist is guilty of postіyno doskonalyuvatsya at once with the development of a computer system. Don't forget that it's not the security system that matters, but the daily routine.

Also, I would like to, pіdbivayuchi pіdbіvayuchi pіdbags dany course project, vіznáchiti, scho, having analyzed the system of ІБ enterprise “Aries”, five shortcomings were revealed. After a search, a solution was found out about their adoption, and the shortfalls can be corrected in order to improve the business as a whole.

As a result of the above descriptions, the practical and theoretical skills of the development of the IB system were developed, and the meta-course project was achieved. With the knowledge of the decisions, we can say that all the project's orders were taken.

List of references

1. GOST 7.1-2003. Bibliographic record. Bibliographic description. Zagalnі vimogi that rules of folding (M.: Vid-vo standartіv, 2004).

2. Galatenko, V.A. "Fundamentals of information security". - M: "Intuit", 2003.

3. Zavgorodniy, V. I. "Comprehensive defense of information in computer systems". - M: "Logos", 2001.

4. Zegzhda, D.P., Ivashko, A.M. "Fundamentals of security of information systems".

5. Nosov, V.A. Introductory course from the discipline "Information security".

6. Federal Law of the Russian Federation dated April 27, 2006 N 149-FZ "On information, information technology and protection of information"

Placed on Allbest.ru

Similar documents

Characteristics of information resources of the agricultural holding "Ashatli". Threats to information security, characteristic of businesses. Come in, method and get the protection of information. Analysis of the shortcomings of the essential and the progress of the upgraded security system.

course work, donations 03.02.2011


Zagalni vіdomostі about the activity of business. Objects of information security for business. Come in and get the information. Copy data to change nose. Installed internal backup server. Efficiency of improvement of the IB system.

control of the robot, additions 29.08.2013


Understand, the meaning is directly informational security. Systemic support to the organization of information security; protection of information from unauthorized access. Save the zakhist. Methods and systems of information security.

abstract, additions 11/15/2011


Molding system for information security. Head of Information Security of the Suspіlstva. Take care of information: the main methods of the system. Protection of information in computer networks. Regulations of the most important legislative acts of Russia.

abstract, additions 20.01.2014


Analysis of the risks of information security. Evaluation of the essential and planning benefits of defense. A complex of organizational visits for the security of information security and protection of information for business. The control example of the implementation of the project is described.

thesis work, donation 12/19/2012


The strategy of informational security of business seems to be a system of effective policies, which would indicate an effective and sufficient recruitment of security. Identification of threats to information security. Internal control and risk management.

course work, donations 06/14/2015


Characteristics of the complex of the manager and the need for a thorough system of information security and protection of information in the enterprises. Development of the DBMS project, information security and protection of personal data.

thesis work, donations 11/17/2012


Regulatory legal documents in the sphere of information security in Russia. Analysis of the threats of information systems. Characteristics of the organization of the system for the protection of personal data of the clinic. Implementation of the authentication system for the help of electronic keys.

thesis work, donation 10/31/2016


Causes the creation of a security system for personal data. Threaten information security. Dzherela unauthorized access to ІSPDN. Power of information systems of personal data. Save the zakhist. Security policy.

course work, donations 10/07/2016


Manager, structure, physical, software and hardware information system. Types of causes of computer mischief, ways to improve the security policy of the organization. Assigned to the main functions of the "Schodennik" folder in MS Outlook 97.

Meta and task, object and subject of follow-up

Fundamentals of understanding and understanding of the activities of the security of the national security of the Russian Federation

Regulatory and legal framework for public security of the Russian Federation

Strategy of National Security of the Russian Federation and Head of Law Enforcement Agencies

Problems of the Federal Law of the Russian Federation "On safety" No. 390-FZ

Ways of a thorough legislature base of public security

Designated economic security

The structure of the economic security system of the Russian Federation

Threaten economic security

Criteria assessment of the level of economic security in the country's transmission environment, the purpose of which is the analysis of the offensive parameters

The main warehouse mechanism for ensuring the economic security of the state and regions

Propositions and recommendations for optimizing the strategy of national security of the Russian Federation for the help of an efficient system of economy

The main directives for the implementation of the state strategy for ensuring economic security at the regional level

Having analyzed the information security of the enterprise, it is possible to grow visnovoks, which in the information security add a lack of respect for the coming moments:

- Irregular backup copies of the data base of the enterprise;

- No backup copies of data on personal computers of practitioners;

– reminder email are saved on the servers of postal services on the Internet;

– practical practitioners may have insufficient skills in robotics with automated systems;

– spіvrobіtniki mayut access to personal computers your colleagues;

- Availability of anti-virus programs on other working stations;

- Poor demarcation of access rights to merezhevyh resources;

- Vіdsutnі normative documents from safety.

Everything has been rehabilitated by even more important shortfalls in the information security of business.

Risk analysis

Nebezpeka threats are recognized as a risk in times of successful implementation. Rizik - potentially possible Skoda. The admissibility of risks means that the threats in the implementation of threats will not lead to serious negative consequences for the data collector. The organization has the following risks:

1. Irregular backup copies of the database of business data;

Aftermath: the cost of data work and business.

2. No backup copy of data on personal computers of practitioners;

Notes: in case of possession of a deed, important data can be spent.

3. Email notifications are collected on the servers of postal services on the Internet;

4. Deyakі pracіvniki mayut lack of skills in robotics with automated systems;

Hints: you can give before the appearance of wrong data.

5. Spivrobitniki may have access to personal computers of their colleagues;

6. Availability of anti-virus programs on other working stations;

Effects: appearance in the system of virus programs, shoddy software security

7. Pogane razmezhuvannya access rights to merezhevyh resources;

Last words: through negligence, you can lead to a waste of money.

8. Vіdsutnі normative documents about safety.

Meta and task of the information security system

The main method of the security system of the enterprise is to protect the company from work for the account of the distribution of material and technical resources and documentation; the lowering of the lane of those values; rassholoshennya, round and unsanctioned access to dzherel confidential information; disruption of the work and technical facilities for the security of virobnichoy activities, including the work of informatization, as well as the threat of mischief to the staff of the enterprise.

The goals of the security system are:

· Defender of the rights of business, yogo structural subdivisions and spivrobitnikiv;

· Saving and efficient use of financial, material and information resources;

· Improving the image and increasing the income of the business for the financial security of the service and security of the clients.

Head of the business security system:

· Self-identification of threats to personnel and resources; the reasons for that minds, scho priyatnyu zavdannya financial, material and moral shkoda to the interests of business, disruption of its normal functioning and development;

· introduction of information up to the category of limited access, and other resources - up to different levels of inconsistency (not security) and saving;

· Creation of a mechanism and minds of an operational response to security threats and show negative trends in the functioning of the enterprise;

· effectively pinning on resources and threats to personnel on the basis of an integrated approach to security;

The organization and functioning of the security system is based on the following principles:

Complexity. Transferring security to personnel, material and financial resources, information against all possible threats using available legal means and methods, extending the entire life cycle and in all modes of operation, as well as building the system to the development and full operation of the process.

Hopefulness. Different security zones may be, however, superior to the appearance of the threat implementation.

Ownership. The development of the system is of a foreign nature based on the analysis and forecasting of threats, security and the development of effective approaches against them.

Bezperervnist. Vidsutnist interruption at di ї security systems, caused by repair, replacement, prevention, etc.

Legality. Development of security systems with the urahuvannyam іsnuyuchogo legislation.

Reasonable wealth. Establishment of an acceptable level of security, with the help of which the capacity and expansion of the possible shkoda will go beyond the marginally permissible limits for the development of the functioning of the security system.

Centralization of care. Independent functioning of the security system for single organizational, functional and methodological principles.

Competence. The security system is guilty of creating and cursing individuals, as a professional training, sufficient for a correct assessment of the situation, that adequate praise of the decision, including in the minds of the raised risk.