home > A computer > Typical model of personal data security threats. IS

Typical model of personal data security threats. IS

Modern system ensure information security should be based on the integration of various protection measures and rely on modern methods of forecasting, analyzing and modeling possible threats to information security and the consequences of their implementation.

The simulation results are intended to select adequate optimal methods for parrying threats.

How to make a private model of information system security threats

At the modeling stage, the study and analysis of the existing situation is carried out and actual threats to the security of PD as part of ISPD are identified. For each identified ISPD, its own threat model is compiled.

The information system security threat model is built in accordance with the requirements of the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data”. In addition, methodological documents of the FSTEC of Russia can be used: "Basic model of security threats to personal data when they are processed in ISPD", "Methodology for determining actual security threats to personal data when they are processed in ISPD".

The initial data for the assessment and analysis are usually the materials of the "Act of Inspection", the results of a survey of employees of various departments and services, methodological documents of the FSTEC, etc.

A particular model of information system security threats must be approved by the head of the organization or the commission based on the report on the results of the internal audit.

The threat model may be developed by the organization's data protection officers or external experts. Threat model developers must have complete information about the personal data information system, know the regulatory framework for information protection.

Content of the information system security threat model

The ISPD security threat model reflects:

Directly the threats to the security of personal data. When processing personal data in ISPD, the following threats can be distinguished: those created by an intruder (an individual), created by a hardware tab, created by malware, threats of special effects on ISPD, threats of electromagnetic impact on ISPD, threats of information leakage through technical channels etc.
Sources of threats to ISPD. Possible sources Threats to ISPD can be: an external intruder, an internal intruder, a hardware-software tab or a malicious program.
General characteristics of ISPD vulnerabilities. It contains information about the main groups of ISPD vulnerabilities and their characteristics, as well as information about the causes of vulnerabilities.
Used means of information protection. For each ISPD, the necessary measures to reduce the risk of actual threats must be determined.

To download a private information system security threat model for a specific enterprise, answer the clarifying questions and enter the data into the template.

Information security threat model ISPD

As well as methodological documents of the FSTEC of Russia:

- "Basic model of security threats to personal data when they are processed in ISPD"

- "Methodology for determining actual threats to the security of personal data when they are processed in ISPD"

Initial data

The initial data for evaluation and analysis are:

Materials of the "Inspection Act";

The results of a survey of employees of various departments and services;

Methodological documents of the FSTEC;

- the requirements of a government decree;

Description of the approach to modeling personal data security threats

2.1.

The security threat model was developed on the basis of FSTEC methodological documents:

Based on the "Basic model of security threats to personal data during their processing in ISPD", a classification of security threats was carried out and a list of security threats was compiled.
Based on the compiled list of PD security threats as part of ISPD using the "Methodology for determining actual PD security threats when they are processed in ISPD", a model of PD security threats as part of ISPD ACS was built and actual threats were identified.

2.2.

Actual threats to the security of personal data are understood as a set of conditions and factors that create an actual danger of unauthorized, including accidental, access to personal data during their processing in an information system, which may result in the destruction, modification, blocking, copying, provision, distribution of personal data and other illegal activities.

2.3.

Threats of the 1st type are relevant for an information system if, among other things, it is subject to threats related to the presence of undocumented (undeclared) capabilities in the system software used in the information system.

2.4.

Threats of the 2nd type are relevant for an information system if, among other things, it is subject to threats related to the presence of undocumented (undeclared) capabilities in the application software used in the information system.

2.5.

Threats of the 3rd type are relevant for an information system if it is subject to threats that are not related to the presence of undocumented (undeclared) capabilities in the system and application software used in the information system.

Threat model

3.1.

Classification of personal data security threats

When processing personal data in ISPD, the following threats can be distinguished:


№	Name of the threat	Description of the threat	Probability of occurrence	Possibility of realization of the threat

3.2.

Sources of threats to ISPD

Sources of threats in ISPD can be:


№	Name of threat source	General characteristics of the source of threats

Annotation: The lecture studies the concepts and classifications of vulnerabilities and threats, and considers the most common attacks. Composition and content of organizational and administrative documentation for the protection of personal data.

4.1. Information security threats

When building a system personal data protection(hereinafter referred to as SZPD) the key step is to build a private threat model for a particular organization. Based on this model, adequate and sufficient means of protection are subsequently selected, in accordance with the principles discussed in "Automated and non-automated processing of personal data" .

Under PD security threats when processing them, ISPD understands the totality of conditions and factors that create the danger of unauthorized, including random, access to personal data, which may result in the destruction, modification, blocking, copying, distribution of personal data, as well as other unauthorized actions during their processing in the personal data information system.

The emergence of security threats can be associated with both deliberate actions of intruders and unintentional actions of personnel or users of the ISPD.

Security Threats can be implemented in two ways:

through technical channels of leakage;
through unauthorized access.

A generalized scheme for implementing the PD threat channel is shown in Figure 4.1

Rice. 4.1.

Technical channel of information leakage- a set of information carrier (processing means), the physical environment for the propagation of an informative signal and the means by which protected information is obtained. The propagation medium can be homogeneous, for example, only air during the propagation of electromagnetic radiation, or inhomogeneous, when the signal passes from one medium to another. PD carriers can be people working with ISPD, technical means, auxiliary means, etc. The main thing is that information is displayed in the form of fields, signals, images, quantitative characteristics of physical quantities.

As a rule, the following threats are distinguished due to the implementation of technical leakage channels:

threats of leakage of speech information. In fact, an attacker intercepts information using special equipment in the form of acoustic, vibroacoustic waves, as well as electromagnetic radiation modulated by an acoustic signal. As means, various kinds of electronic devices connected either to communication channels or to technical means of processing PD can be used.
threats of species information leakage. In this case, we are talking about direct viewing of the PD in the presence of direct visibility between the monitoring device and the PD carrier. Optical means and video bookmarks are used as means of observation;
threats of information leakage through the channels of spurious electromagnetic radiation and pickups (PEMIN). We are talking about the interception of side (not related to the direct functional significance of the ISPD elements) informative electromagnetic fields and electrical signals that arise during the processing of PD by the ISPD technical means. To register PEMIN, equipment is used as part of radio receivers and terminal devices for information recovery. In addition, PEMIN interception is possible using electronic information interception devices connected to communication channels or technical means for processing PD. Induction of electromagnetic radiation occurs when informative signals are emitted by the elements of the ISPD technical means in the presence of capacitive, inductive or galvanic couplings of the connecting lines of the ISPD technical means and various auxiliary devices.

Sources of threats implemented through unauthorized access to databases using standard or specially developed software, are subjects whose actions violate those regulated in the ISPD access control rules to information. These entities may be:

intruder;
malware carrier;
hardware bookmark.

Under violator hereinafter, we mean an individual (persons) who accidentally or intentionally performs actions that result in a violation of the security of PD when they are processed by technical means in information systems. From the point of view of having the right of legal access to the premises where hardware that provide access to ISPD resources, violators are divided into two types:

violators who do not have access to ISPD, realizing threats from external public communication networks and (or) international information exchange networks, are external violators;
violators who have access to the ISPD, including ISPD users who implement threats directly in the ISPD, are internal violators.

For ISPDs that provide information services to remote users, external violators may be persons who have the ability to carry out unauthorized access to information using special software actions, algorithmic or software bookmarks through automated workstations, terminal devices ISPD connected to public networks.

Let's generalize the received knowledge by means of figure 4.2.

Rice. 4.2.

Threats can be classified according to various criteria, for example, by the type of information properties ( confidentiality, integrity , availability), by type of ISPD, which is targeted by the attack, by the type of vulnerability used for the attack.

4.2. General characteristics of personal data information system vulnerabilities

The emergence of potential security threats is associated with the presence of weaknesses in the ISPD - vulnerabilities. Vulnerability of the personal data information system- a flaw or weakness in the system or application software (software and hardware) of the ISPD, which can be used to implement security threats personal data.

Causes of vulnerabilities in general case are:

errors in software development;
deliberate changes to software to introduce vulnerabilities;
incorrect software settings;
unauthorized intrusion malware;
unintentional actions of users;
software and hardware failures.

Vulnerabilities, like threats, can be classified according to various criteria:

by type of software - system or application.
by stage life cycle Vulnerable software - design, operation, etc.
due to a vulnerability, for example, weaknesses in the authentication mechanisms of network protocols.
by the nature of the consequences of the implementation of attacks - changing access rights, guessing a password, disabling the system as a whole, etc.

The most commonly exploited vulnerabilities relate to network communication protocols and operating systems, including application software.

Vulnerabilities of the operating system and application software in a particular case can be:

functions, procedures, changing the parameters of which in a certain way allows them to be used for unauthorized access without detection of such changes by the operating system;
fragments of the program code ("holes", "hatches") introduced by the developer, allowing to bypass the procedures of identification, authentication, integrity checks, etc.;
lack of necessary protection means (authentication, integrity checks, message format checks, blocking of unauthorized modified functions, etc.);
errors in programs (in the declaration of variables, functions and procedures, in program codes), which under certain conditions (for example, when performing logical transitions) lead to failures, including failures in the functioning of information security tools and systems.

Vulnerabilities of network communication protocols are related to the peculiarities of their software implementation and are due to restrictions on the size of the buffer used, the shortcomings of the authentication procedure, the lack of checks for the correctness of service information, etc. For example, the protocol application layer FTP, widely used on the Internet, provides clear text based authentication, thereby allowing data to be intercepted. account.

Before proceeding with the construction of an information security system, it is necessary to carry out vulnerability analysis ISPD and try to reduce their number, that is, use the preventive method. You can close unnecessary ports, put "patches" on software(for example, a service pack for Windows ), introduce stronger authentication methods, etc. These measures can significantly reduce material, time and labor costs for building a system personal data protection further.

4.3. The most frequently implemented threats

Due to the ubiquitous development of the Internet, attacks are most often carried out using vulnerabilities in network communication protocols. Consider the 7 most common attacks.

Network traffic analysis
This type of attack is primarily aimed at obtaining the password and user ID by "listening to the network". This is implemented using sniffer - a special analyzer program that intercepts all packets traveling over the network. And if a protocol, such as FTP or TELNET, transmits authentication information in the clear, then an attacker easily gains access to a user account.

Rice. 4.3.
Network Scan
The essence of this attack is to collect information about the network topology, about open ports protocols used, etc. As a rule, the implementation of this threat precedes further actions of the attacker using the data obtained as a result of scanning.
Password Reveal Threat
The purpose of the attack is to overcome password protection and obtaining UA to someone else's information. There are a lot of methods for stealing a password: a simple enumeration of all possible password values, enumeration with the help of special programs (dictionary attack), password interception using a network traffic analyzer program.
Substitution of a trusted network object and transmission of messages over communication channels on its behalf with the assignment of its access rights. A trusted entity is a network element that is legally connected to a server.
Such a threat is effectively implemented in systems where unstable algorithms for identifying and authenticating hosts, users, etc. are used.

Two varieties of the process of implementing this threat can be distinguished: with and without establishing a virtual connection.

The implementation process with the establishment of a virtual connection is to assign rights trusted entity interaction, which allows the intruder to conduct a session with the network object on behalf of trusted entity. Implementation of the threat of this type requires overcoming the message identification and authentication system (for example, attacking the rsh service of a UNIX host).

The process of implementing a threat without establishing a virtual connection can take place in networks that identify transmitted messages only by the sender's network address. The essence lies in the transmission of service messages on behalf of network control devices (for example, on behalf of routers) about changing routing and address data.

As a result of the implementation of the threat, the violator receives the access rights set by his user for a trusted subscriber to the technical means of ISPD - the purpose of the threats.
Fake network route imposition
This attack was made possible due to weaknesses in routing protocols (RIP, OSPF, LSP) and network management (ICMP, SNMP), such as weak router authentication. The essence of the attack is that an attacker, using protocol vulnerabilities, makes unauthorized changes to the routing and address tables.
Injection of a mock network object
When initially network objects do not know information about each other, then to build address tables and subsequent interaction, a request (usually broadcast) mechanism is used - a response with the required information. Moreover, if the intruder intercepted such a request, then he can give a false answer, change the routing table of the entire network, and impersonate a legal network subject. In the future, all packets directed to a legal entity will pass through the attacker.
Denial of Service
This type of attack is one of the most widespread at present. The purpose of such an attack is a denial of service, that is, a violation of the availability of information for legitimate subjects of information exchange.

Several types of such threats can be distinguished:

a latent denial of service caused by the involvement of part of the ISPD resources for processing packets transmitted by an attacker with a decrease in the throughput of communication channels, performance network devices, violation of the requirements for the processing time of requests. Examples of the implementation of threats of this kind can be: a directed storm of echo requests via the ICMP protocol (Ping flooding), a storm of requests to establish TCP connections (SYN-flooding), a storm of requests to an FTP server;
an explicit denial of service caused by the exhaustion of ISPD resources when processing packets transmitted by an attacker (occupation of the entire bandwidth of communication channels, overflow request queues service), in which legitimate requests cannot be transmitted through the network due to the unavailability of the transmission medium or receive a denial of service due to overflow request queues, memory disk space, etc. Examples of threats of this type are broadcast ICMP echo request storm (Smurf), directed storm (SYN-flooding), message storm mail server( Spam );
explicit denial of service caused by a violation of the logical connectivity between the ISPD technical means when the intruder transmits control messages on behalf of network devices, leading to a change in routing and address data (for example, ICMP Redirect Host, DNS flooding) or identification and authentication information;
explicit denial of service caused by an attacker transmitting packets with non-standard attributes (threats like "Land", "TearDrop", "Bonk", "Nuke", "UDP-bomb") or having a length exceeding the maximum allowable size (threat like "Ping Death"), which can lead to failure of network devices involved in processing requests, provided there are errors in programs that implement network exchange protocols.

The result of the implementation of this threat may be a violation of the operability of the corresponding provisioning service. remote access to PD in ISPD, transmission from one address of as many requests for connection to the technical facility as part of ISPD, which can "accommodate" the traffic as much as possible (directed "storm of requests"), which entails an overflow of the request queue and a failure of one of the network services, or a complete shutdown of the computer due to the inability of the system to do anything other than processing requests.

We have considered the most frequently implemented threats in network interaction. In practice, there are many more threats. A private model of security threats is built on the basis of two documents of the FSTEC - "The basic model of threats to the security of personal data during their processing in information systems of personal data" and " Methodology for determining actual threats to the security of personal data during their processing in ISPD". If the organization is large, and it has several ISPD systems, the most reasonable solution would be to involve qualified third-party specialists to build a private threat model and design DPDS.

4.4. Organizational and administrative documentation for the protection of personal data

In addition to the technical and procedural solutions of the system being created personal data protection, the operator must ensure the development of organizational and administrative documents that will regulate all emerging issues of ensuring the security of PD during their processing in ISPD and operation of the system personal data protection(hereinafter SZPD). There are a lot of such documents, the main ones are:

1. Regulation on ensuring the security of PD. This is an internal (local) document of the organization. Strict form this document no, but it must meet the requirements of the Labor Code and FZ-152, and, therefore, it must indicate:

goal and objectives in the field personal data protection;
the concept and composition of personal data;
in which structural units and on what media (paper, electronic) these data are accumulated and stored;
how personal data is collected and stored;
how they are processed and used;
who (by position) within the firm has access to them;

The list of persons admitted to the processing of PD can be issued in the form of an annex to the Regulation on ensuring the security of personal data or a separate document approved by the head.

3. A private threat model (if there are several ISPDs, then a threat model is developed for each of them) - developed based on the results of a preliminary survey. The FSTEC of Russia proposes a Basic model of personal data security threats during their processing in personal data information systems, according to which, when creating a private model, the following should be considered:

threats of information leakage through technical channels;
unauthorized access threats associated with the actions of violators who have access to the ISPD, implementing threats directly in the ISPD. At the same time, it is necessary to consider legal users of ISPD as potential violators;
unauthorized access threats related to the actions of violators who do not have access to the ISPD, realizing threats from external public communication networks and (or) international information exchange networks.

The developed threat model is approved by the manager.

4. Based on the approved ISPD threat model, it is necessary to develop requirements for ensuring the security of PD during their processing in ISPD. The requirements, like the threat model, are a stand-alone document that must be approved by the head of the organization.

To develop a model of threats and requirements, it is advisable for the operator to involve specialists from FSTEC licensees.

5. Instructions in terms of ensuring the security of PD during their processing in ISPD.

We have considered only the main organizational and administrative documents. In addition to the above documents, it is necessary to draw up the ISPD Classification Act, the ISPD Technical Passport, the Electronic Journal of Registration of ISPD Users' Requests for PD, the Regulations on the Differentiation of Access Rights, orders for the appointment of persons working with ISPD, etc.

In addition, prior to carrying out all measures to protect the PD, the operator must appoint an official or (if the ISPD is large enough) a structural unit responsible for ensuring the security of the PD. The decision on the appointment is made by order of the head. The tasks, functions and powers of the official (division) responsible for ensuring the security of PD are determined by internal organizational and administrative documents (job descriptions, regulations).

As you probably know, recently, ambiguous changes were made to the FSTEC order No. 17 “Requirements for the protection of information that does not contain state secrets contained in state information systems”, for which there are questions and problems with their application. Today let's discuss one of these problems:

now, when modeling threats, it is necessary to use the “new” BDU of the FSTEC of Russia, and a new methodology for modeling threats is not expected. Further details…

In accordance with paragraph 14 of the order, the charming stage in the formation of requirements for the protection of information in a GIS is:

“threat identification information security, the implementation of which may lead to a breach of information security in the information system, and development based on them threat models information security;”

In fact, these are two separate works, the requirements for each of which are detailed in paragraph 14.3 of the order:

I. Definition of threats

“14.3. Information Security Threats determined according to the results capacity assessment(potential) external and internal violators, analysis possible vulnerabilities information system, possible ways to implement information security threats and consequences from violation of information security properties (confidentiality, integrity, availability).

The database of information security threats ( bdu.fstec.ru) …”

II. Development of a threat model

“Information Security Threat Model must contain a description information system and its structural and functional characteristics, as well as a description threats security information, including a description offenders' capabilities(intruder model), possible vulnerabilities information system, ways to implement threats information security and consequences from violation of information security properties”

Is it possible to use arbitrary methods in this case? Not…

"For threat definitions information security and threat model development information security apply methodological documents, developed and approved by the FSTEC of Russia”

III. Let's figure out what methodological document should be used? In accordance with what document should the state body require the performance of work from the contractor?

The only approved and published methodological document of the FSTEC of Russia in terms of threat modeling is “Methodology for determining actual threats to the security of personal data during their processing in personal data information systems. FSTEC of Russia, 2008”. We will conditionally call it “the old technique”. (There is also an approved but not published document - "Methodology for determining actual threats to information security in key information infrastructure systems", approved by the FSTEC of Russia on May 18, 2007, but we will not consider it).

According to informal information, a “new” methodology for GIS should not be expected in the near future. Then you need to decide on the "old" method. Is it necessary and can it be used? There are several reasons against using the technique:

First: The “old” methodology is intended only for identifying threats to PD and ISPD. We are considering State information systems, which may not always be PD. The requirements of the Order also apply to other information in the GIS, including publicly available information and information subject to mandatory publication.

Second: The “old” methodology was developed on the basis of Government Decree No. 781, which has already been canceled. At the same time, the following applies in legal practice: general rule “Recognition of the main normative legal act as invalid means the loss of legal force of derivative and auxiliary normative legal acts, unless otherwise established”. That is, it has lost its legal force.

Third: The “old” technique is designed to identify current threats - “A current threat is considered to be a threat that can be implemented in ISPD and poses a danger for PD", and in accordance with the Order, we are required to determine “information security threats whose implementation may lead to violation information security”. Agree that there is a difference and these concepts are not identical.

Fourth: The methodological document should also cover the second part of the work - namely, describe how a document called the Threat Model is being developed. There is not a word about this in the “old” methodology.

Fifth: According to the Order, threats must be defined according to one set of characteristics. Approximately the same set of characteristics is used in the BDU FSTEC. And in the “old” method, they are determined depending on another set. More details in the picture.

On the one hand, all findings point to the fact that this is not a suitable technique for GIS. On the other hand, there is one weighty argument for its use - this is the only approved and published methodology of the FSTEC of Russia in the field of threat modeling.

PS : In fact, all these arguments against the use of the “old” methodology could be eliminated by making small “cosmetic” updates to the methodology. Change the terms, ISPD for IP, PD for information, etc. + add some descriptive sections from the draft “new” methodology + slightly update the table for calculating the initial security. And all the formulas for calculating the relevance of threats could be left unchanged - they have shown themselves well since 2008.

I think that for such a small update of the threat modeling methodology, a month would be quite enough. But three years is already too much.

UDC 004.056

I. V. Bondar

METHODOLOGY FOR BUILDING A MODEL OF INFORMATION SECURITY THREATS FOR AUTOMATED SYSTEMS*

A technique for constructing a model of information security threats is considered. The purpose of modeling is to control the level of information system security by risk analysis methods and to develop an effective information security system that ensures the neutralization of alleged threats by appropriate protective measures.

Keywords Key words: threat model, information system, information security system model.

At present, the development of a methodology that allows solving design problems within the framework of a unified approach is of particular relevance. automated systems in a secure design in compliance with the requirements of regulatory and methodological documents and automatic generation of a list of protective measures and search for the optimal set of information security tools (ISP) corresponding to this list.

One of the main tasks of ensuring information security is to determine the list of threats and assess the risks of exposure to current threats, which makes it possible to justify the rational composition of the information security system. Although problems of this kind are already being solved (see, for example,), including within the framework of a unified methodology, all of them are not without limitations and are aimed at creating a threat model suitable for solving a particular problem. I would especially like to note the rarity of attempts to visualize threat models.

This article presents a technique for modeling information security threats for automated systems based on a geometric model. This technique is interesting primarily for the universality of taking into account negative impacts, which was previously encountered only in work where the model was built on the basis of perturbation theory, and the possibility of visualizing the result. The usual way of visualization - the use of Kohonen maps with their inherent limitations and disadvantages - is not considered by the author, which increases the universality of the solution.

Geometric model of the SZI. Let P = (p P2, ■ ■ -, p2) be the set of means of defense, and A = (ab a2, ..., an) be the set of attacks. Those attacks that cannot be expressed by combinations of attacks will be called independent. Their set A "is a subset of the set A - the basis of attacks. Let's choose the space K1 for constructing the geometric model of the IPS, the dimension of which coincides with the power of the set A.

Any attack AeA is associated with certain means of defense (p "b p" 2, ..., p "k) with P. Let's denote this set (p "bp" 2, ..., p "i) = Pn-.

If the agent does not belong to the set Przi, then the attack of Ai is not dangerous for it.

The coordinate axes in the Kp space represent classes of threats. The unit of measurement on the coordinate axes is an independent attack, which is associated with a security tool. For each attack, the values of the coordinates of the corresponding vector indicate the means of protection that are part of the system under study.

As an example, let's consider an attack "UAS to the information stored on the workstation by an external intruder" in the Cartesian space, where the x-axis is the threats associated with physical security; y - threats associated with software and hardware protection; z - threats associated with organizational and legal protection (Fig. 1). The attack can be implemented if three protection measures are not met: "An outsider in the controlled zone", "Unblocked OS session" and "PB violation".

Rice. 1. Model of the attack "NSD to information stored on the workstation by an external intruder"

This attack can also be implemented in other ways, such as "Connecting to technical means and systems of the OI", "Using bugging tools", "Disguising as a registered user", "Defects and vulnerabilities in software", "Introducing software bookmarks", "Using viruses and other malicious program code”, “Theft of the carrier of protected information”, “Violation of the functioning of the information processing system” (Fig. 2).

*The work was carried out as part of the implementation of the Federal Target Program "Research and development in priority areas of development of the scientific and technological complex of Russia for 2007-2013" (GK No. 07.514.11.4047 dated 06.10.2011).

Initially, each P1 vector is in the first coordinate octant. Let us construct the surface of a convex polyhedron £ in R" so that each of its vertices coincides with the end of one of the vectors p1, p2, p.

Rice. 2. Model of the attack "NSD to information stored on the workstation by an external intruder"

It is natural to formalize the result of the impact of any attack A( by the reflection of a vector along the axis with an unfulfilled protection measure. Due to this method of modeling, the vectors corresponding to the means for which this attack is not dangerous will not change their position (Fig. 3).

So, after the impact of the A^ attack, with the proposed modeling method, only the i-th coordinate of the vectors p1, p2, ..., pr, included in the geometric model, will change, and all other coordinates will remain unchanged.

Based on the results of attack modeling, one can judge the sensitivity or insensitivity of the information system (IS) to disturbing influences. If the coordinates of the polyhedron belong to

to the first coordinate octant, then the conclusion is made about the insensitivity of the IS to the disturbing influence, in otherwise it is concluded that the protective measures are insufficient. The stability measure is reduced to carrying out such a number of iterations in which the IS remains unperturbed by the effects of combinations of attacks.

threat model. The primary list of threats is formed by combinations of various factors affecting the protected information, categories of protection tools and levels of influence of violators (Fig. 4).

Identification and consideration of factors that affect or may affect protected information in specific conditions form the basis for planning and implementing effective measures to ensure the protection of information at the informatization object. The completeness and reliability of identifying factors is achieved by considering the full set of factors that affect all elements of the informatization object at all stages of information processing. The list of main subclasses (groups, subgroups, etc.) of factors in accordance with their classification is presented in section 6 of GOST 51275-2006 “Information security. Informatization object. Factors affecting information. General Provisions".

Threats of information leakage through technical channels are unambiguously described by the characteristics of the information source, the medium (path) of propagation and the receiver of the informative signal, i.e., they are determined by the characteristics of the technical channel of information leakage.

The formation of the secondary list of threats occurs due to its replenishment based on statistics on incidents that have taken place and based on the conditional degree of their destructive impact.

The degree of disturbing influence can be determined:

The likelihood of a threat;

Loss from the implementation of the threat;

System recovery time.

Rice. 3. Simulation results

The level of impact of violators

Rice. 4. BL-model of the threat model database in Chen's notation

Disturbance can lead to:

Violation of the confidentiality of information (copying or unauthorized distribution), when the implementation of threats does not directly affect the content of information;

Unauthorized, including accidental, influence on the content of information, as a result of which the information is changed or destroyed;

Unauthorized, including accidental, impact on software or hardware elements of the IS, as a result of which information is blocked;

Loss of accountability of system users or entities acting on behalf of the user, which is especially dangerous for distributed systems;

Loss of data authenticity;

Loss of system reliability.

The measure of risk, which allows one to compare threats and prioritize them, can be determined by the total damage from each type of problem.

The result of the risk assessment for each threat should be:

Integrated use of appropriate information security tools;

Reasonable and targeted risk taking, ensuring full satisfaction of the requirements of the organization's policies and its risk acceptance criteria;

The maximum possible rejection of risks, the transfer of related business risks to other parties, such as insurers, suppliers, etc.

The considered method of constructing a threat model allows solving the problems of developing particular models of threats to information security in specific systems, taking into account their purpose, conditions and features of functioning. The purpose of such modeling is to control the level of IP security by risk analysis methods and to develop an effective information protection system that ensures the neutralization of alleged threats.

In the future, this technique can be the basis for the development of universal algorithmic, and then mathematical models security, effectively combining the requirements of regulatory and methodological documents, the methodology for building threat models, intruder models, etc. Availability of such methodological support

will allow you to move to a higher quality high level design, development and security assessment of information security systems.

1. Kobozeva A. A., Khoroshko V. A. Analysis of information security: monograph. Kyiv: Publishing House of the State. un-ta inform.-communication. technologies, 2009.

2. Vasiliev V. I., Mashkina I. V., Stepanova E. S. Development of a threat model based on the construction of a fuzzy cognitive map for numerical assessment of the risk of information security violations. Izv. South feder. university Technical science. 2010. V. 112, No. 11. S. 31-40.

3. Operationally Critical Threat, Asset, and Vulnerability Evaluation (Octave) Framework: Techn. Rep. CMU/SEI-SS-TR-017 / C. J. Alberts, S. G. Behrens, R. D. Pethia, and W. R. Wilson; Carnegie Mellon Univ. Pittsburgh, PA, 2005.

4. Burns S. F. Threat Modeling: a Process to Ensure Application Security // GIAC Security Essentials

Certification Practical Assignments. Version 1.4c / SANS Inst. Bethesola, Md, 2005.

5. Popov A. M., Zolotarev V. V., Bondar I. V. Methodology for assessing the security of an information system according to the requirements of information security standards // Informatika i sistemy upr. / Pacific Ocean. state un-t. Khabarovsk, 2010. No. 4 (26). pp. 3-12.

6. Analysis of reliability and risk of special systems: monograph / M. N. Zhukova, V. V. Zolotarev, I. A. Panfilov et al.; Sib. state aerospace un-t. Krasnoyarsk, 2011.

7. Zhukov V. G., Zhukova M. N., Stefarov A. P.

Model of an access violator in an automated system // Program. products and systems / Research Institute Centerprogramsystems. Tver, 2012. Issue. 2.

8. Bondar I. V., Zolotarev V. V., Gumennikova A. V., Popov A. M. Decision support system for information security “OASIS” // Program. products and systems / Research Institute Centerprogramsystems. Tver, 2011. Issue. 3. S. 186-189.

CONSTRUCTION METHOD FOR INFORMATION SECURITY THREAT MODELS

OF AUTOMATED SYSTEMS

The authors consider a technique of threat models constructing. The purpose of modeling is to control the information system security level with risk analysis methods and describe the development of an effective information security system that ensures the neutralization of the supposed threats with appropriate security measures.

Keywords: threat model, information system, information security system model.

V. V. Buryachenko

VIDEO STABILIZATION FOR A STATIC SCENE BASED ON A MODIFIED BLOCK MATCHING METHOD

The main approaches to the stabilization of video materials are considered, in particular, finding the global motion of the frame caused by external influences. An algorithm for stabilizing video materials based on a modified block matching method for successive frames is constructed.

Keywords: video stabilization, block matching method, Gaussian distribution.

digital system Image stabilization first assesses unwanted motion and then corrects image sequences to compensate for external factors such as shooting instability, weather conditions, etc. It is likely that motion capture hardware systems will include image stabilization, so this study is focused on modeling and implementation of algorithms that can work effectively on hardware platforms.

There are two main approaches to solving the problem of stabilizing video materials: a mechanical approach (optical stabilization) and digital image processing. The mechanical approach is used in optical systems to adjust motion sensors during camera shake and means the use of a stable camera installation or the presence of gyroscopic stabilizers. While this approach may work well in practice, it is rarely used due to high cost stabilization devices and availability

Budget institution of the Chuvash Republic

"Yadrinsky complex center of social services for the population"

Ministry of Labor and Social Protection

Chuvash Republic

Approved by order

BU "Yadrinsky KTsSON"

Ministry of Labor of Chuvashia

Personal data security threat model

during their processing in the information system

personal data "Accounting and personnel"

Yadrin 2018

Symbols and abbreviations 4

Terms and definitions 4

Introduction 6

Description of the personal data information system

"Accounting and personnel" BU "Yadrinsky KTSSON" Ministry of Labor of Chuvashia 7

1.1 Characteristics of objects of protection 7

"Accounting and personnel" BU "BU "Yadrinsky KTSSON" Ministry of Labor of Chuvashia 8

1.3 Use of protective equipment 8

1.4 Functioning model of ISPD "Accounting and personnel

BU "Yadrinsky KTsSON" Ministry of Labor of Chuvashia 9

1.5 Controlled areas of BU "Yadrinsky KTsSON" of the Ministry of Labor of Chuvashia 10

"Accounting and personnel" BU "Yadrinsky KTSSON" Ministry of Labor of Chuvashia 10

Structural and functional characteristics of ISPD "Accounting and personnel"

BU "Yadrinsky KTSSON" Ministry of Labor of Chuvashia 12

Protected resources ISPD "Accounting and personnel" BU "Yadrinsky KTsSON"
Ministry of Labor of Chuvashia 12
The main security threats ISPD "Accounting and personnel"
BU "Yadrinsky KTSSON" Ministry of Labor of Chuvashia 13

4.1. Information leakage channels 13

4.1.1. Threats of leakage of acoustic (speech) information 13

4. 13

4.1.3. Threats of information leakage through the channels of side electromagnetic

radiation and interference (PEMIN) 14

4.2 Threats of unauthorized access to ISPD "Accounting and Personnel"

BU "Yadrinsky KTsSON" Ministry of Labor of Chuvashia 14

4.3. Sources of threats of unauthorized access to ISPD "Accounting and

personnel "BU "Yadrinsky KTSSON" Ministry of Labor of Chuvashia 15

4.3.1. Source of threats to NSD - intruder 15

4.3.2. Source of threats to NSD - carriers of malicious programs 17

5. Model of threats to the security of personal data during their processing in

personal data information system "Accounting and Personnel"

BU "Yadrinsky KTSSON" Ministry of Labor of Chuvashia 17

5.1. Determining the level of initial security of ISPD "Accounting and Personnel" 18

5.2. Determining the likelihood of threats in the ISPD "Accounting and Personnel"

BU "Yadrinsky KTSSON" Ministry of Labor of Chuvashia 19

BU "Yadrinsky KTSSON" Ministry of Labor of Chuvashia 21

BU "Yadrinsky KTSSON" Ministry of Labor of Chuvashia 23

5.5. Determining the relevance of threats in ISPD 24

6. Model of the violator of the ISPD "Accounting and personnel" BU "Yadrinsky KTsSON"

Ministry of Labor of Chuvashia 26

6.1. Description of offenders (sources of attacks) 33

6.2. Determination of the type of violator of ISPD BU "Yadrinsky KTsSON"

Ministry of Labor of Chuvashia 34

6.3. The level of cryptographic protection of PD in ISPD 34

Conclusion 34

Designations and abbreviations

VTSS - auxiliary technical means of communication

ISPD - personal data information system

KZ - controlled zones

ME - firewall

NDV - undeclared opportunities

NSD - unauthorized access

OS - operating system

OTSS - basic technical means of communication

PD - personal data

PPO - application software

PEMIN - spurious electromagnetic radiation and interference

PMV - program-mathematical impact

SZPDn - personal data protection system

CIPF - a means of cryptographic information protection

SF - CIPF functioning environment

Иi - sources of security threats of the i-th category (i=0,1...,8), where И0 - external
violator, I1,...,I8 - internal violators according to the FSTEC classification

FSB of Russia - Federal Security Service Russian Federation

FSTEC of Russia - Federal Service for Technical and Export Control

Terms and Definitions

The following terms and their definitions are used in this document:

Blocking personal data- temporary suspension of the collection, systematization, accumulation, use, distribution of personal data, including their transfer.

Virus (computer, software) - executable program code or an interpreted set of instructions that has the properties of unauthorized distribution and self-reproduction. Created duplicates computer virus do not always coincide with the original, but retain the ability for further distribution and self-reproduction.

Malware- a program designed to carry out unauthorized access and (or) impact on personal data or resources of the personal data information system.

Auxiliary technical means and systems- technical means and systems not intended for the transfer, processing and storage of personal data, installed together with technical means and systems intended for processing personal data, or in premises where personal data information systems are installed.

Access to the information- the possibility of obtaining information and its use.

Protected information- information that is the subject of property and subject to protection in accordance with the requirements legal documents or requirements set by the owner of the information.

Identification- assigning an identifier to subjects and objects of access and (or) comparing the presented identifier with the list of assigned identifiers.

Information system of personal data - information system, which is a collection of personal data contained in the database, as well as information technologies and technical means that allow the processing of such personal data with or without the use of automation tools.

Information Technology- processes, methods for searching, collecting, storing, processing, presenting, disseminating information and methods for implementing such processes and methods.

controlled area- a space (territory, building, part of a building, premises) in which the uncontrolled stay of unauthorized persons, as well as transport, technical and other material means, is excluded.

Confidentiality of personal data- a mandatory requirement for an operator or other person who has gained access to personal data to prevent their distribution without the consent of the subject of personal data or other legal grounds.

Firewall- local (single-component) or functionally distributed software (software and hardware) tool (complex) that implements control over information entering the personal data information system and (or) leaving the information system.

Undeclared Capabilities- functionality of computer equipment and (or) software that is not described or does not correspond to those described in the documentation, the use of which may violate the confidentiality, availability or integrity of the information being processed.

Unauthorized access (unauthorized actions)- access to information or actions with information carried out in violation of established rights and (or) rules for access to information or actions with it using standard information system tools or tools similar to them in terms of their functional purpose and technical characteristics.

Processing of personal data- actions (operations) with personal data, including collection, systematization, accumulation, storage, clarification (updating, change), use, distribution (including transfer), depersonalization, blocking, destruction of personal data.

Operator- a state body, municipal body, legal or natural person organizing and (or) carrying out the processing of personal data, as well as determining the purposes and content of the processing of personal data.

Intercept (information)- illegal receipt of information using a technical means that detects, receives and processes informative signals.

Personal data- any information relating to an individual identified or determined on the basis of such information (subject of personal data), including his last name, first name, patronymic, date and place of birth, address, marital, social, property status, education, profession, income , other information.

Spurious electromagnetic radiation and interference- electromagnetic radiation of technical means for processing protected information, arising as a side effect and caused by electrical signals acting in their electrical and magnetic circuits, as well as electromagnetic pickups of these signals on conductive lines, structures and power circuits.

Access control rules- a set of rules governing the access rights of access subjects to access objects.

Program bookmark- a functional object secretly introduced into the software, which, under certain conditions, is capable of providing unauthorized software impact. A software bookmark can be implemented in the form of a malicious program or program code.

Program (program-mathematical) impact- unauthorized impact on the resources of an automated information system, carried out using malicious programs.

Information system resource- a named element of the system, application or hardware of the functioning of the information system.

Computer facilities- a set of software and technical elements of data processing systems capable of functioning independently or as part of other systems.

Access subject (subject)- a person or process whose actions are regulated by the rules of access control.

Technical means of the personal data information system- computer equipment, information and computer systems and networks, means and systems for transmitting, receiving and processing personal data (means and systems for sound recording, sound amplification, sound reproduction, intercom and television devices, means for manufacturing, replicating documents and other technical means for processing speech, graphic , video and alphanumeric information), software (operating systems, database management systems, etc.), information security tools.

Technical channel of information leakage- the totality of the information carrier (means of processing), the physical environment for the propagation of an informative signal and the means by which the protected information is obtained.

Personal data security threats- a set of conditions and factors that create the danger of unauthorized, including accidental, access to personal data, which may result in the destruction, modification, blocking, copying, distribution of personal data, as well as other unauthorized actions during their processing in the personal data information system.

Destruction of personal data- actions as a result of which it is impossible to restore the content of personal data in the information system of personal data or as a result of which material carriers of personal data are destroyed.

Leakage of (protected) information through technical channels- uncontrolled dissemination of information from the carrier of protected information through the physical environment to the technical means that intercepts information.

Person authorized by the operator- a person to whom, on the basis of an agreement, the operator entrusts the processing of personal data.

Information integrity- the state of information in which there is no any change in it or the change is carried out only intentionally by the subjects that have the right to it.

Introduction

This document presents an information security threat model (a list of threats) and an intruder model (assumptions about the intruder's capabilities that he can use to develop and carry out attacks, as well as restrictions on these capabilities) to create an information protection system (IPS) of an information system of personal data "Accounting and personnel" BU "Yadrinsky KTsSON" of the Ministry of Labor of Chuvashia.

The threat model was developed in accordance with the “Methodology for determining actual threats to the security of personal data during their processing in personal data information systems”, approved by the Deputy Director of the FSTEC of Russia on February 14, 2008, based on the “Basic model of threats to the security of personal data during their processing in personal data information systems” ”, approved by the Deputy Director of the FSTEC of Russia on February 15, 2008.

When forming this Personal Data Security Threats Model, the following legal documents were used:

Federal Law No. 149-FZ of July 27, 2006 “On Information, Information Technologies and Information Protection”;

Federal Law of July 27, 2006 No. 152-FZ “On Personal Data”;

Decree of the Government of the Russian Federation dated November 1, 2012 No. 1119 “On approval of requirements for the protection of personal data during their processing in personal data information systems”;

Order of the FSTEC of Russia dated February 18, 2013 No. 21 “On approval of the Composition and content of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems”;

Regulation on the development, production, sale and operation of encryption (cryptographic) means of information protection (Regulation PKZ-2005), approved by order of the Federal Security Service of Russia dated 09.02.2005 No. 66;

The basic model of personal data security threats during their processing in personal data information systems, approved by the Deputy Director of the FSTEC of Russia on February 15, 2008;

Methodology for determining actual threats to the security of personal data during their processing in personal data information systems, approved by the Deputy Director of the FSTEC of Russia on February 14, 2008;

Guidelines for the development of regulatory legal acts that define threats to the security of personal data that are relevant when processing personal data in information systems of personal data operated in the course of the relevant activities, approved by the leadership of the 8th Center of the FSB of Russia on March 31, 2015 No. 149/7/2/6- 432;

GOST R 50922-2006 “Information security. Basic terms and definitions”;

GOST R 51275-2006 “Information security. Informatization object. Factors affecting information. General Provisions”;

GOST R 51583-2014 “Information security. The order of creation of automated systems in protected execution. General Provisions".

1. Description of the personal data information systemBU "Yadrinsky KTSSON" of the Ministry of Labor of Chuvashia

1.1.Characteristic objects protection

The information system of personal data "Accounting and Personnel" of the Budgetary Institution "Yadrinsky KTSSON" of the Ministry of Labor of Chuvashia has the following characteristics:

name of ISPD - "Accounting and personnel";
location of ISPD - BU "Yadrinsky KTSSON" of the Ministry of Labor of Chuvashia (hereinafter referred to as the institution);
address of the organization - Chuvash Republic, Yadrin, st. 30 years of Victory, 29
composition of ISPD - software for automating accounting "1C: Accounting of a state institution 8" (manufacturer LLC "Softechno"); software "FIREPLACE: Payroll for budget institutions. Version 3.5" (manufacturer LLC "Kamin-Soft"), system "SBiS ++: Electronic reporting and document management" (manufacturer LLC "Company" Tenzor ").

In the process of accounting and personnel records management in the institution, databases are formed containing the following personal data:

Date of Birth;

Place of Birth;

information about the change of full name;

citizenship;

address of registration and place of residence;

marital status, information about dependents, family composition;

phone number;

information about the identity document (series, number, when and by whom it was issued);

information about education;

information about the appointment and movement;

information about work activity

information about awards and promotions;

information about the last place of work (occupation, average salary, date of dismissal, reason for dismissal, company);

information about the status of military registration;

information about your stay abroad;

special skills and qualities;

information about sick leave and interruptions;

information about vacations (annual, without pay) and compensation;

information on vacation compensation payments;

information about being a member of a trade union;

account number;

account number.

The specified personal data refers to other categories of personal data (not special, not biometric, not publicly available) of subjects who are employees of the institution.

1.3.Use of funds protection

Currently, the following means of protection are used in the ISPD "Accounting and Personnel" of the institution:

Software product "Kaspersky Internet security", no FSTEC certificate of Russia

Standard OS password systems with the transfer of logins and passwords within the local area network - to identify and authenticate users when accessing workstations and servers, including those designed to process and store protected information.

In the ISPD "Accounting and Personnel" of the institution, the following organizational protection measures have been implemented:

Processed PD and objects of protection are defined;

The circle of persons involved in the processing of PD has been determined;

The rights of access differentiation of ISPD users necessary for the performance of official duties are determined;

Persons responsible for ensuring the security of PD have been appointed;

The Concept of Information Security was approved;

The Information Security Policy was approved;

The regime of access and protection of the premises in which the ISPD hardware is installed has been organized;

Organized informing and training of employees on the procedure for processing PD;

Changes were made to the job regulations of employees on the procedure for processing PD and ensuring the introduced protection regime;

Instructions on action in case of emergency situations have been developed;

Organized accounting of technical means and means of protection, as well as documentation for them;

Brought in line with the requirements of the regulators of the premises with ISPD hardware;

Systems installed uninterruptible power supply for all key elements of ISPD;

Implemented system Reserve copy key elements of ISPD;

Responsible employees who use technical means of information protection have been trained.

1.4. Functioning model of ISPD "Accounting and personnel" BU "Yadrinsky KTSSON" of the Ministry of Labor of Chuvashia

1.5. Controlled zonesBU "Yadrinsky Complex Center for Social Services to the Population" of the Ministry of Labor of the Chuvash Republic

The boundaries of the controlled zone of the premises in which the information system of personal data "Accounting and Personnel" of the institution is located:

The organization of admission to the territory of the controlled zone in the institution is entrusted to the director.

Control over the procedure for admission to the premises located on the territory of the controlled zone of the institution is assigned to the director.

Control of access to premises located on the territory of the controlled zone of the institution, using local network CCTV assigned to the director.

The authorization system of admission (access matrix) to the ISPD "Accounting and Personnel" of the institution was approved in accordance with the levels of authority of employees to access ISPD resources:

. Administrator- It has full rights access to all ISPD resources (viewing, printing, modifying, adding, deleting information, copying information to registered external media, installing and configuring software and hardware);

. User- It has limited rights access to ISPD resources, does not have the rights to install and configure software and hardware.

List of ISPD resources and employees' access rights to them

depending on the level of authority.

Resource name
Accounted internal media:
ISPD database hard disk, all catalogs
ISPD database hard disk, database directory
Employee workstation hard disk, all catalogs
Employee's workstation hard magnetic disk, personal catalog
Accounted external media:
Flexible magnetic disks
CDs/DVDs
Flash drives
Portable hard disks
Devices for reading / writing external media:
Floppy drives
CD/DVD drives

Periphery equipment:
Printers

Legend:

"A" - administrator;

"P" - user;

"ARM" - automated workplace;

"+" - full access rights;

"-" - limited access rights.

In addition, in relation to the ISPD "Accounting and Personnel", institutions are allocated individuals who do not have the right to enter the controlled area within which the software and hardware are located, and who are not registered users or technical personnel, but who have authorized access to external communications and information resources located outside the short circuit:

specialists technical support provider
specialists in telephone networks(ATS);
HVAC specialists;
electricians;
firefighters;
law enforcement officers.

Also, in relation to the ISPD "Accounting and Human Resources" of the institution, individuals are identified who do not have the right to access the inside of the controlled area within which the software and hardware are located, and who are not registered users or technical personnel and who do not have authorized access to external communications and information resources located outside the short circuit.

2. Structural and functional characteristics of the ISPD "Accounting and personnel" BU "Yadrinsky KTSSON" of the Ministry of Labor of Chuvashia

The determination of the structural and functional characteristics of the ISPD "Accounting and Personnel" of the institution is carried out in order to establish the methods and means of protection necessary to ensure the security of PD.

ISPD "Accounting and Personnel" of the institution is an information system of personal data and is subject to protection in accordance with the requirements for ISPD for the protection of information during their processing in personal data information systems.

In accordance with Decree of the Government of the Russian Federation dated November 1, 2012 No. 1119 “On approval of requirements for the protection of personal data when processing them in personal data information systems” and methodological documents of the FSTEC, the following structural and functional characteristics of the ISPD “Accounting and Personnel” are defined:

Type of information system for the category of PD - ISPD is an information system that processes other categories of personal data (not special, not biometric, not publicly available);

Type of information system by category of subjects - ISPD is an information system that processes personal data of the operator's employees;

The volume of simultaneously processed personal data in ISPD (number of personal data subjects) - data of less than 100,000 personal data subjects are simultaneously processed in the information system;

The structure of the information system - ISPD is a local information system, consisting of complexes of automated workstations, combined into a single information system by means of communication without using remote access technology;

Availability of connections to public communication networks and (or) international information exchange networks - ISPD, which has connections;

Personal data processing mode - ISPD is multi-user

Differentiation of user access to the information system - ISPD is a system with access rights differentiation;

Location - all technical means of ISPD are located within the Russian Federation.

The level of information system security is determined on the basis of a personal data security threat model in accordance with the methodological documents of the FSTEC, in accordance with Decree of the Government of the Russian Federation dated 01.11.2012 No. 1119 “On approval of requirements for the protection of personal data during their processing in personal data information systems”.

3. Protected resources ISPD "Accounting and Personnel" BU "Yadrinsky KTSSON" of the Ministry of Labor of Chuvashia

ISPD "Accounting and Personnel" of the institution is a set of information and software and hardware elements.

The main elements of the ISPD "Accounting and Personnel" are:

personal data contained in databases;
information technologies, as a set of techniques, methods and methods of using computer technology in the processing of personal data;
technical means of ISPD "Accounting and Personnel" that process PD (computer equipment (CVT), information and computer systems and networks, means and systems for transmitting, receiving and processing PD);
software tools (operating systems, DBMS, application software);
information security tools (ISZ);
auxiliary technical means and systems (HTSS) (technical means and systems, their communications, not intended for processing PD, but located in the premises where the technical means of the ISPD "Accounting and Personnel" are located, such as computer equipment, means and systems of security and fire alarm systems, air conditioning equipment and systems, electronic office equipment, telephones, etc.).
carriers of protected information used in the information system in the process of cryptographic protection of personal data, carriers of key, password and authentication information of CIPF and the procedure for accessing them;
premises in which the resources of the ISPD "Accounting and personnel" are located, related to the cryptographic protection of personal data.

4. The main security threats to the ISPD "Accounting and Personnel"BU "Yadrinsky KTSSON" of the Ministry of Labor of Chuvashia

4.1. Information leakage channels

When processing PD in ISPD, threats to the security of personal data (UBPD) may occur due to the implementation of the following channels of information leakage:

threats of leakage of acoustic (speech) information;
threats of leakage of specific (visual) information;
threats of information leakage through PEMIN channels.

4.1.1. Threats of leakage of acoustic (speech) information

The emergence of threats of leakage of acoustic (speech) information contained directly in the spoken speech of the ISPD user when processing PD in the ISPD is due to the presence of voice input functions for PD in the ISPD or the functions of reproducing PD by acoustic means of the ISPD.

4.1.2. Threats of species information leakage

The source of visual (visual) information leakage threats are individuals who do not have authorized access to ISPD information, as well as technical viewing tools embedded in office premises or secretly used by these individuals.

The propagation medium of this informative signal is homogeneous (air).

Threats of leakage of visual (visual) information are realized by viewing PD using optical (optoelectronic) means from display screens and other means of displaying SVT that are part of ISPD.

A necessary condition for the viewing (registration) of PD is the presence of a direct line of sight between the indicated individuals or means of observation and the technical means of ISPD, on which PD is visually displayed.

Interception of PD in ISPD can be carried out by individuals during their uncontrolled stay in office premises or in close proximity to them using portable wearable equipment (portable photo and video cameras, etc.), portable or stationary equipment, as well as through direct personal observation in office premises or with the help of technical viewing tools, hidden in the office premises.

4.1.3. Threats of information leakage through the channels of spurious electromagnetic radiation and interference (PEMIN)

The source of information leakage threats through PEMIN channels are individuals who do not have authorized access to ISPD information.

The threat of PD leakage through PEMIN channels is possible due to the interception by technical means of secondary (not related to the direct functional meaning of ISPD elements) informative electromagnetic fields and electrical signals that occur during the processing of PD by ISPD technical means.

Generation of information containing PD and circulating in the technical means of ISPD in the form of electrical informative signals, processing and transmission of these signals to electrical circuits ISPD technical means is accompanied by spurious electromagnetic radiation, which can propagate beyond the short circuit, depending on the power, radiation and dimensions of the ISPD.

Registration of PEMIN is carried out in order to intercept information circulating in the technical means that process PD by using equipment as part of radio receivers designed to recover information. In addition, PEMIN interception is possible using electronic information interception devices connected to communication channels or technical means of processing personal data (“hardware bookmarks”).

4.2. Threats of unauthorized access to ISPD "Accounting and Personnel"BU "Yadrinsky KTSSON" of the Ministry of Labor of Chuvashia

For the ISPD "Accounting and Personnel" the following types of UA threats are considered using software and hardware and software that are implemented when unauthorized, including random access is carried out, as a result of which confidentiality (copying, unauthorized distribution), integrity (destruction, changes) and availability (blocking) of PD, and include:

threats of access (penetration) into the operating environment of a computer using standard software (operating system tools or general application programs);
threats to create abnormal modes of operation of software (hardware and software) due to deliberate changes in service data, ignoring the restrictions on the composition and characteristics of the processed information provided for in regular conditions, distortion (modification) of the data itself, etc.;
threats of malware introduction (software-mathematical impact).

In addition, combined threats are possible, which are a combination of these threats. For example, due to the introduction of malicious programs, conditions can be created for unauthorized access to the operating environment of a computer, including through the formation of non-traditional information access channels.

4.3. Sources of threats of unauthorized access to ISPD "Accounting and Personnel" BU "Yadrinsky KTSSON" of the Ministry of Labor of Chuvashia

Sources of threats to UA in ISPD can be:

intruder;
malware carrier;
hardware bookmark.

4.3.1. The source of threats to NSD is the intruder

According to the right of permanent or one-time access to controlled areas (KZ), ISPD violators are divided into two types:

External violators - violators who do not have access to ISPD, realizing threats from outside the short circuit;

Internal violators - violators who have access to ISPD in the short circuit, including users of ISPD.

The capabilities of external and internal violators significantly depend on the regime and organizational and technical measures of protection operating within the short circuit, including the admission of individuals to personal data and control of the work procedure.

An external intruder (hereinafter referred to as I0 for convenience) does not have direct access to the ISPD systems and resources located within the short circuit. This type of violator can include individuals (external entities, former employees) or organizations that carry out attacks in order to obtain PD, impose false information, disrupt the performance of ISPD, violate the integrity of PD.

Internal violators are persons who have access to the security zone and to the ISPD, including ISPD users who implement threats directly in the ISPD.

Internal potential infringers in ISPD according to the classification of the FSTEC of Russia are divided into eight categories depending on the method of access and access authority to PD.

The first category (hereinafter I1) includes persons who have authorized access to ISPD, but do not have access to PD. This type of offenders includes officials who ensure the normal functioning of the ISPD - service personnel who work in the premises where the ISPD technical means are located, employees who have access to the premises where the ISPD technical means are located.

The second category of internal potential violators (hereinafter I2) includes registered users of ISPDs who carry out limited access to ISPD resources from the workplace - authorized ISPD users who process PD. This category of violators includes registered users of the ISPD "Accounting and Personnel", employees of the institution. Registered users are trusted persons and are not considered as a violator. Therefore, there are no internal potential violators of the second category in the ISPD "Accounting and Personnel".

The third category of internal potential violators (hereinafter I3) includes registered users of ISPD, who provide remote access to PD via a distributed information system. Since ISPD is a local information system consisting of complexes of automated workstations, combined into a single information system by means of communication without using remote access technology, there are no internal potential violators of the third category in ISPD.

The fourth category of internal potential violators (hereinafter I4) includes registered users of ISPD with the authority of a security administrator for a segment (fragment) of ISPD. Registered users of the ISPD "Accounting and Personnel" with the authority of a security administrator are trusted persons and are not considered violators. Therefore, there are no internal potential violators of the fourth category in the ISPD "Accounting and Personnel".

The fifth category of internal potential violators (hereinafter I5) includes registered users of ISPD with the authority system administrator. Registered users of the ISPD "Accounting and Personnel" with the authority of the ISPD system administrator are trusted persons and are not considered violators. Therefore, there are no internal potential violators of the fifth category in the ISPD "Accounting and Personnel".

The sixth category of internal potential violators (hereinafter I6) includes registered ISPD users with the authority of an ISPD security administrator. Registered users of the ISPD "Accounting and Human Resources" with the authority of the security administrator of the ISPD "Accounting and Human Resources" are authorized persons and are not considered violators. Therefore, there are no internal potential violators of the sixth category in the ISPD "Accounting and Personnel".

The seventh category of internal potential violators (hereinafter I7) includes programmers-developers (suppliers) of application software (APS) and persons providing its support in ISPD. The internal potential violators of the seventh category in the ISPD "Accounting and Personnel" include programmers-developers who are not authorized users of the ISPD "Accounting and Personnel", but who have one-time access to the controlled area.

The eighth category of internal potential violators (hereinafter referred to as I8) includes developers and persons providing the supply, maintenance and repair of technical means in ISPD. The internal potential violators of the eighth category in the ISPD "Accounting and Human Resources" include employees who are not authorized users of the ISPD "Accounting and Human Resources", but who have one-time access to the controlled area, as well as employees of third-party organizations that support the technical means of the ISPD "Accounting and Human Resources" personnel".

Based on the foregoing, the following violators should be considered as sources of threats to UA:

external intruder I0;
internal violator Il, who has authorized access to the ISPD "Accounting and Personnel", but does not have access to PD. This type of violators includes officials who ensure the normal functioning of the ISPD "Accounting and Human Resources" - service personnel who work in the premises that house the technical means of the ISPD "Accounting and Human Resources", employees who have access to the premises that house the technical means ISPD "Accounting and Personnel";
internal violator I7, who is a programmer-developer (supplier) of software or a person who provides support for software in the ISPD "Accounting and Personnel";
internal violator I8, which is the developer or the person providing the supply, maintenance and repair of technical means in the ISPD "Accounting and Personnel".

4.3.2. Source of NSD threats - malware carriers

The carrier of a malicious program can be a hardware element of a computer or a software container.

If a malicious program is associated with any application program, then the following are considered as its carrier:

Removable media, i.e. floppy disk, optical disc (CD-R, CD-RW), flash memory, releasable hard drive, etc.;

Built-in storage media (hard drives, microcircuits random access memory, processor, motherboard chips, embedded device chips system unit- video adapter network board, sound card, modem, input / output devices of magnetic hard and optical disks, power supply, etc., microcircuits for direct access to memory of data buses, input / output ports);

microchips external devices(monitor, keyboard, printer, modem, scanner, etc.).

If a malicious program is associated with any application program, files with certain extensions or other attributes, with messages transmitted over the network, then its carriers are:

packets transmitted over a computer network of messages;
files (text, graphic, executable, etc.).

5. Model of threats to the security of personal data during their processing in the information system of personal data "Accounting and Personnel" BU "Yadrinsky KTSSON" of the Ministry of Labor of Chuvashia

It follows from the analysis that, in accordance with the requirements of the “Procedure for Classifying Personal Data Information Systems”, the ISPD “Accounting and Human Resources” of an institution is a local ISPD that has connections to public communication networks.

Thus, as a basic model of threats to the security of personal data during their processing in the ISPD "Accounting and Personnel", we can take the "Typical model of threats to the security of personal data processed in local information systems of personal data that have connections to public communication networks and (or) networks international information exchange.

In accordance with the specified typical model of PD security threats in the ISPD "Accounting and Human Resources", it is possible to implement the following PD security threats:

threats of information leakage through technical channels;
threats of UA to PD processed at the workstation.

Threats to ISPD for ISPD "Accounting and Personnel" are associated with the actions of violators who have access to ISPD, including ISPD users who implement threats directly in ISPD (internal offender), as well as violators who do not have access to ISPD and implement threats from external communication networks of the general use (external intruder).

Taking into account the composition of the means of protection used, the categories of personal data, the categories of potential violators and the recommendations of the "Basic model of personal data security threats when they are processed in personal data information systems", it is necessary to consider the following security threats for the ISPD "Accounting and Personnel":

threat of leakage of acoustic information;
the threat of leakage of species information,
the threat of information leakage through the PEMIN channel;
a threat implemented during the loading of the operating system;
a threat that is implemented after the operating system is loaded;
the threat of malware injection;
threat "Analysis of network traffic" with the interception of information transmitted over the network;
threat scanning aimed at identifying open ports and services, open connections, etc.;
the threat of password exposure;
the threat of obtaining UA by replacing a trusted network object;
Denial of Service Threat;
the threat of remote application launch;
the threat of introducing malware over the network.

5.1. Determining the level of initial security of ISPD "Accounting and Personnel"

The level of initial security is understood as a generalized indicator Y 1 , which depends on the technical and operational characteristics of the ISPD.

In accordance with the "Methodology for determining actual threats to the security of personal data during their processing in personal data information systems" to find the level of initial security of ISPD, i.e. values of the numerical coefficient Y 1 , it is necessary to determine the indicators of the initial security.

Technical and operational characteristics of ISPD	Security level
Technical and operational characteristics of ISPD	High	Average	Short
1. By territorial location:
local ISPD deployed within one building
2. By availability of connection to public networks:
ISPDn, which has a single point access to the public network;
3. For built-in (legal) operations with records of personal data bases:
recording, deleting, sorting;
4. By delimiting access to personal data:
ISPD, to which employees of the organization that owns the ISPD, specified in the list, or a PD subject have access;

From the analysis of the results of the initial security, it follows that more than 70% of the characteristics of the ISPD "Accounting and personnel" of the institution correspond to a level not lower than "average".

Therefore, in accordance with the "Methodology for determining actual threats to the security of personal data during their processing in personal data information systems" ISPD "Accounting and personnel" have an average level of initial security and a numerical coefficient Y 1 = 5.

5.2. Determining the likelihood of threats in the ISPD "Accounting and Personnel"BU "Yadrinsky KTSSON" of the Ministry of Labor of Chuvashia

The probability of a threat being realized is understood as an expert-determined indicator that characterizes how likely it is to realize a specific threat to the security of PD for a given ISPD in the prevailing conditions of the situation.

The numerical coefficient (Y 2) for assessing the likelihood of a threat is determined by four verbal gradations of this indicator:

unlikely - there are no objective prerequisites for the implementation of the threat (Y 2 = 0);
low probability - there are objective prerequisites for the realization of the threat, but the measures taken significantly complicate its implementation (Y 2 = 2);
medium probability - objective prerequisites for the implementation of the threat exist, but the measures taken to ensure the security of personal data are insufficient (Y 2 = 5);
high probability - objective prerequisites for the implementation of the threat exist and measures to ensure the security of personal data have not been taken (Y 2 = 10).

Type of PD security threat	Probability of realization of the threat Y2. Threat source - violators of categories (I0, I1, I7, I8)
Type of PD security threat		Total Y2=MAX (I0,I1,I7,I8)


1.2. Threats of species information leakage



2.1.1. PC theft









2.2.3. Installing non-work related software






2.3.6. Disaster





2.5.1.1. Interception outside the controlled zone




2.5.4 Threats of imposing a false network route

5.3. Determining the possibility of implementing threats in the ISPD "Accounting and Personnel" BU "Yadrinsky KTSSON" of the Ministry of Labor of Chuvashia

Based on the results of assessing the level of initial security (Y 1) and the probability of the threat (Y 2), the threat feasibility coefficient (Y) is calculated and the possibility of the threat being realized is determined.

The threat feasibility ratio is calculated by the formula:

Y \u003d (Y 1 + Y 2) / 20.

According to the value of the threat realizability coefficient Y, a verbal interpretation of the threat realizability is formulated as follows:

if 0≤Y≤0.3, then the possibility of a threat is considered low;
if 0.3≤Y≤0.6, then the possibility of a threat is recognized as medium;
if 0.6≤Y≤0.8, then the possibility of a threat is recognized as high;
if Y>0.8, then the possibility of a threat is recognized as very high

Type of PD security threat	Threat realization probability Y2	Threat feasibility ratio
1. Threats from leakage through technical channels
1.1. Threats of leakage of acoustic information
1.2. Threats of species information leakage
1.3. Threats of information leakage through PEMIN channels
2. Threats of unauthorized access to information
*2.1. Threats of destruction, theft of ISPD hardware of information carriers by means of physical access to ISPD elements*
2.1.1. PC theft
2.1.2. Media theft
2.1.3. Theft of keys and access attributes
2.1.4. Theft, modification, destruction of information
2.1.5. Disablement of PC nodes, communication channels
2.1.6. Unauthorized access to information during maintenance (repair, destruction) of PC nodes
2.1.7. Unauthorized disabling of protections
*2.2. Threats of theft, unauthorized modification or blocking of information due to unauthorized access (UAS) using software, hardware and software (including software and mathematical influences)*
2.2.1. Actions of malware (viruses)


2.3. Threats of unintentional actions of users and violations of the security of the functioning of ISPD and SZPDn in its composition due to software failures, as well as from non-anthropogenic threats (hardware failures due to unreliable elements, power failures) and natural (lightning strikes, fires, floods and etc.) character
2.3.1. Loss of keys and access attributes
2.3.2. Unintentional modification (destruction) of information by employees
2.3.3. Inadvertent disabling of protections
2.3.4. Failure of hardware and software
2.3.5. Power failure
2.3.6. Disaster
*2.4. Threats of deliberate actions by insiders*
2.4.1. Access to information, modification, destruction of persons not allowed to process it
2.4.2. Disclosure of information, modification, destruction by employees admitted to its processing
*2.5. Threats of unauthorized access via communication channels*
2.5.1. Threat "Analysis of network traffic" with the interception of information transmitted from ISPD and received from external networks:
2.5.1.1. Interception outside the controlled area
2.5.1.2. Interception within the controlled zone by external intruders
2.5.1.3. Interception within the controlled zone by insiders.
2.5.2 Scanning threats aimed at identifying the type or types used operating systems, network addresses of ISPD workstations, network topology, open ports and services, open connections, etc.
2.5.3 Threats of revealing passwords over the network

2.5.5 Threats of spoofing a trusted object in the network
2.5.6 Threats of introducing a false object both in ISPD and in external networks
2.5.7 Denial of Service Threats
2.5.8 Threats of remote application launch
2.5.9. Threats of introducing malware over the network

5.4. Risk assessment of threats in ISPD "Accounting and Personnel" BU "Yadrinsky KTSSON" of the Ministry of Labor of Chuvashia

The risk assessment of threats in ISPD is based on a survey of information security specialists and is determined by a verbal indicator of danger, which has three meanings:

low danger - if the implementation of the threat can lead to minor negative consequences for the subjects of personal data;
medium danger - if the implementation of the threat can lead to negative consequences for the subjects of personal data;
high danger - if the implementation of the threat can lead to significant negative consequences for personal data subjects

Type of PD security threat	The danger of threats
1. Threats from leakage through technical channels
1.1. Threats of leakage of acoustic information
1.2. Threats of species information leakage
1.3. Threats of information leakage through PEMIN channels
2. Threats of unauthorized access to information
*2.1. Threats of destruction, theft of ISPD hardware of information carriers by means of physical access to ISPD elements*
2.1.1. PC theft
2.1.2. Media theft
2.1.3. Theft of keys and access attributes
2.1.4. Theft, modification, destruction of information
2.1.5. Disablement of PC nodes, communication channels
2.1.6. Unauthorized access to information during maintenance (repair, destruction) of PC nodes
2.1.7. Unauthorized disabling of protections
*2.2. Threats of theft, unauthorized modification or blocking of information due to unauthorized access (UAS) using software, hardware and software (including software and mathematical influences)*
2.2.1. Actions of malware (viruses)

2.2.3. Installation of non-work related software
2.3. Threats of unintentional actions of users and violations of the security of the functioning of ISPD and SZPDn in its composition due to software failures, as well as from non-anthropogenic threats (hardware failures due to unreliable elements, power failures) and natural (lightning strikes, fires, floods, etc.) .p.) character
2.3.1. Loss of keys and access attributes
2.3.2. Unintentional modification (destruction) of information by employees
2.3.3. Inadvertent disabling of protections
2.3.4. Failure of hardware and software
2.3.5. Power failure
2.3.6. Disaster
*2.4. Threats of deliberate actions by insiders*


*2.5. Threats of unauthorized access via communication channels*
2.5.1. Threat "Analysis of network traffic" with the interception of information transmitted from ISPD and received from external networks:
2.5.1.1. Interception outside the controlled zone
2.5.1.2. Interception within the controlled zone by external intruders
2.5.1.3. Interception within the controlled zone by insiders.
2.5.2. Scanning threats aimed at identifying the type or types of operating systems used, network addresses of ISPD workstations, network topology, open ports and services, open connections, etc.
2.5.3 Threats of revealing passwords over the network
2.5.4 Threats imposing a false network route
2.5.5 Threats of spoofing a trusted object in the network
2.5.6 Threats of introducing a false object both in ISPD and in external networks
2.5.7 Denial of Service Threats
2.5.8 Threats of remote application launch
2.5.9. Threats of introducing malware over the network

5.5. Determining the relevance of threats in ISPD

In accordance with the rules for classifying a security threat as an actual one, for the ISPD "Accounting and Human Resources" of an institution, actual and irrelevant threats are determined.

Possibility of realization of the threat	Threat Danger
Possibility of realization of the threat
	irrelevant	irrelevant	up-to-date
	irrelevant	up-to-date	up-to-date
	up-to-date	up-to-date	up-to-date
Very high	up-to-date	up-to-date	up-to-date

Type of PD security threat	The danger of threats	Possibility of realization of the threat	Relevance of the threat
1. Threats from leakage through technical channels
1.1. Threats of leakage of acoustic information			irrelevant
1.2. Threats of species information leakage			irrelevant
1.3. Threats of information leakage through PEMIN channels			irrelevant
2. Threats of unauthorized access to information
*2.1. Threats of destruction, theft of ISPD hardware, information carriers through physical access to ISPD elements*
2.1.1. PC theft			up-to-date
2.1.2. Media theft			up-to-date
2.1.3. Theft of keys and access attributes			up-to-date
2.1.4. Theft, modification, destruction of information			up-to-date
2.1.5. Disablement of PC nodes, communication channels			irrelevant
2.1.6. Unauthorized access to information during maintenance (repair, destruction) of PC nodes			up-to-date
2.1.7. Unauthorized disabling of protections			up-to-date
*2.2. Threats of theft, unauthorized modification or blocking of information due to unauthorized access (UAS) using software, hardware and software (including software and mathematical influences)*
2.2.1. Actions of malware (viruses)			up-to-date
			irrelevant
2.2.3. Installation of non-work related software			irrelevant
2.3. Threats of unintentional actions of users and violations of the security of the functioning of ISPD and SZPDn in its composition due to software failures, as well as from non-anthropogenic threats (hardware failures due to unreliable elements, power failures) and natural (lightning strikes, fires, floods, etc.) .p.) character
2.3.1. Loss of keys and access attributes			irrelevant
2.3.2. Unintentional modification (destruction) of information by employees			up-to-date
2.3.3. Inadvertent disabling of protections			irrelevant
2.3.4. Failure of hardware and software			up-to-date
2.3.5. Power failure			irrelevant
2.3.6. Disaster			up-to-date
*2.4. Threats of deliberate actions by insiders*
2.4.1. Access to information, modification, destruction of persons not allowed to process it			up-to-date
2.4.2. Disclosure of information, modification, destruction by employees admitted to its processing			up-to-date
*2.5. Threats of unauthorized access via communication channels*
2.5.1. Threat "Analysis of network traffic" with the interception of information transmitted from ISPD and received from external networks:			up-to-date
2.5.1.1. Interception outside the controlled zone			up-to-date
2.5.1.2. Interception within the controlled zone by external intruders			up-to-date
2.5.1.3. Interception within the controlled zone by insiders.			up-to-date
2.5.2. Scanning threats aimed at identifying the type or types of operating systems used, network addresses of ISPD workstations, network topology, open ports and services, open connections, etc.			up-to-date
2.5.3 Threats of revealing passwords over the network			up-to-date
2.5.4 Threats imposing a false network route			irrelevant
2.5.5 Threats of spoofing a trusted object in the network			irrelevant
2.5.6 Threats of introducing a false object both in ISPD and in external networks			irrelevant
2.5.7 Denial of Service Threats			up-to-date
2.5.8 Threats of remote application launch			up-to-date
2.5.9. Threats of introducing malware over the network			up-to-date

Thus, the actual threats to the security of PD in the ISPD "Accounting and Human Resources" of an institution are the threats of unauthorized access to information:

Threats of destruction, theft of ISPD hardware, information carriers through physical access to ISPD elements;

Threats of unintentional actions of users and violations of the security of the functioning of ISPD and SZPDn in its composition due to software failures, as well as from non-anthropogenic threats (hardware failures due to unreliable elements, power failures) and natural (lightning strikes, fires, floods, etc.) .p.) character;

Threats of deliberate actions of insiders;

Threats of unauthorized access through communication channels.

6. Model of the violator of the ISPD "Accounting and Personnel" BU "Yadrinsky KTSSON" of the Ministry of Labor of Chuvashia

In accordance with Decree of the Government of the Russian Federation of 01.11.2012 No. 1119 “On approval of requirements for the protection of personal data when they are processed in personal data information systems”, the security of personal data when processed in an information system is ensured using a personal data protection system that neutralizes current threats, determined in accordance with paragraph 5 of Article 19 federal law"About personal data".

The personal data protection system includes organizational and (or) technical measures determined taking into account current threats to the security of personal data and information technologies used in information systems.

Hardware and software must meet the requirements established in accordance with the legislation of the Russian Federation, ensuring the protection of information.

Characteristics of the ISPD "Accounting and Human Resources" of the institution, protected resources of the ISPD "Accounting and Human Resources" of the institution, threats of leakage of PD through technical channels, threats of NSD to information of the ISPD "Accounting and Human Resources" of the institution and the Model of PD security threats are considered in the previous sections of this document.

Based on the data obtained in the indicated sections, taking into account the “Methodological recommendations for the development of regulatory legal acts that define threats to the security of personal data that are relevant when processing personal data in personal data information systems operated in the course of the relevant activities” approved by the leadership of the 8th Center of the FSB of Russia on 31.03. 2015 No. 149/7/2/6-432, it is possible to clarify the capabilities of violators (sources of attacks) when using cryptographic means to secure PD when they are processed in the ISPD "Accounting and Personnel" of the institution.

	Generalized capabilities of attack sources
	The ability to independently create attack methods, prepare and conduct attacks only outside the controlled zone
	The ability to independently create attack methods, prepare and conduct attacks within the controlled zone, but without physical access to hardware (hereinafter referred to as AS) on which cryptographic information protection tools and their operating environment are implemented
	The ability to independently create attack methods, prepare and conduct attacks within a controlled area with physical access to the AS, which implement cryptographic information protection tools and their operating environment
	Opportunity to involve specialists with experience in the development and analysis of cryptographic information protection (including specialists in the field of analysis of linear transmission signals and signals of spurious electromagnetic radiation and interference of cryptographic information protection)
	The ability to involve specialists with experience in developing and analyzing cryptographic information protection tools (including specialists in the field of using undocumented features of application software to implement attacks);
	The ability to involve specialists with experience in developing and analyzing CIPF (including specialists in the field of using undocumented capabilities of the hardware and software components of the CIPF operation environment to implement attacks).

The implementation of threats to the security of personal data processed in personal data information systems is determined by the capabilities of attack sources. Thus, the relevance of using the capabilities of attack sources determines the presence of relevant actual threats.

Refined adversary capabilities and attack vectors (relevant current threats)	Relevance of use (application) for the construction and implementation of attacks	Justification for Absence
carrying out an attack while within the controlled zone.	not relevant	representatives of technical, maintenance and other support services when working in the premises where the CIPF is located, and employees who are not users of the CIPF, are in these premises only in the presence of operating employees; employees who are users of ISPD, but who are not users of CIPF, are informed about the rules of work in ISPD and responsibility for non-compliance with the rules for ensuring information security; CIPF users are informed about the rules for working in ISPD, the rules for working with CIPF and responsibility for non-compliance with the rules for ensuring information security; the premises in which the cryptographic information protection system is located are equipped with entrance doors with locks, ensuring that the doors of the premises are locked and opened only for authorized passage; approved the rules for access to the premises where the CIPF is located, during working and non-working hours, as well as in emergency situations; a list of persons entitled to access to the premises where the CIPF is located was approved; registration and accounting of user actions with PD; the integrity of the means of protection is monitored;
carrying out attacks at the stage of CIPF operation on the following objects: Documentation for CIPF and SF components; Premises in which there is a set of software and technical elements of data processing systems capable of functioning independently or as part of other systems (hereinafter referred to as SVT) on which cryptographic information protection and SF are implemented.	not relevant	work on recruitment is carried out; documentation for CIPF is kept by the person responsible for CIPF in a metal safe; the premises in which the documentation for CIPF, CIPF and SF components are located, are equipped with entrance doors with locks, ensuring that the doors of the premises are permanently locked and opened only for authorized passage; approved the list of persons entitled to access to the premises.
Obtaining, within the framework of the granted authority, as well as as a result of observations, the following information: Information about the physical measures to protect the objects in which the resources of the information system are located; Information on measures to ensure a controlled area of objects in which information system resources are located; Information on measures to restrict access to the premises in which the SVT is located, where CIPF and SF are implemented.	not relevant	work on recruitment is carried out; information about the physical protection measures of the objects in which the ISPDs are located is available to a limited circle of employees; employees are informed about the responsibility for non-compliance with the rules for ensuring the security of information.
the use of standard ISPD tools, limited by measures implemented in the information system that uses CIPF, and aimed at preventing and suppressing unauthorized actions.	not relevant	work on the selection of personnel; the premises in which the SVT are located, on which the CIPF and SF are located, are equipped with entrance doors with locks, the doors of the premises are locked and opened only for authorized passage; employees are informed about the responsibility for non-compliance with the rules for ensuring information security; differentiation and control of user access to protected resources; ISPD uses: certified means of protecting information from unauthorized access; certified anti-virus protection.
physical access to SVT, on which CIPF and SF are implemented.	not relevant	work on recruitment is carried out; the premises where the SVT are located, on which the CIPF and SF are located, are equipped with entrance doors with locks, the doors of the premises are locked and opened only for authorized passage.
the ability to influence the hardware components of the CIPF and the SF, limited by the measures implemented in the information system in which the CIPF is used and aimed at preventing and suppressing unauthorized actions.	not relevant	work on recruitment is carried out; representatives of technical, maintenance and other support services when working in the premises where the CIPF and SF components are located, and employees who are not users of the CIPF, are in these premises only in the presence of operating employees.
creating methods, preparing and carrying out attacks with the involvement of specialists in the field of signal analysis accompanying the operation of the cryptographic information protection system and SF, and in the field of using undocumented (undeclared) application software capabilities to implement attacks.	not relevant	work on recruitment is carried out; the premises in which the CIPF and SF are located are equipped with entrance doors with locks, the doors of the premises are locked and opened only for authorized passage; differentiation and control of user access to protected resources; registration and accounting of user actions; on workstations and servers on which CIPF is installed: certified means of protecting information from unauthorized access are used; certified anti-virus protection tools are used.
conducting laboratory studies of CIPF used outside the controlled area, limited by measures implemented in the information system in which CIPF is used and aimed at preventing and suppressing unauthorized actions.	not relevant	processing of information constituting a state secret, as well as other information that may be of interest for the implementation of the opportunity is not carried out;
carrying out work on the creation of methods and means of attacks in research centers specializing in the development and analysis of cryptographic information protection tools and SF, including using the source code of the application software included in the SF, directly using calls to the CIPF software functions.	not relevant	processing of information constituting a state secret, as well as other information that may be of interest for the implementation of the opportunity is not carried out; high cost and complexity of preparing the implementation of the opportunity.
creating methods, preparing and carrying out attacks with the involvement of specialists in the field of using undocumented (undeclared) capabilities of system software to implement attacks.	not relevant	processing of information constituting a state secret, as well as other information that may be of interest for the implementation of the opportunity is not carried out; high cost and complexity of preparation for the implementation of the opportunity; work on recruitment is carried out; the premises in which the CIPF and SF are located are equipped with entrance doors with locks, the doors of the premises are locked and opened only for authorized passage; representatives of technical, maintenance and other support services when working in the premises where the CIPF and SF components are located, and employees who are not users of the CIPF, are in these premises only in the presence of operating employees; differentiation and control of user access to protected resources; registration and accounting of user actions; on workstations and servers on which CIPF is installed: certified means of protecting information from unauthorized access are used; certified anti-virus protection tools are used.
the ability to have information contained in the design documentation for hardware and software components SF.	not relevant
the ability to influence any components of the CIPF and SF.	not relevant	the processing of information constituting a state secret, as well as other information that may be of interest for the implementation of the opportunity, is not carried out.

6.1. Description of offenders (sources of attacks)

The offender (source of attacks) of ISPD is understood as a person (or a process initiated by him) that conducts (conducts) an attack.

In the case of data transfer from (to) a third-party (s) organization (s) only using paper media, the employees of this organization cannot influence the technical and software tools of the ISPD "Accounting and Human Resources" of the institution and therefore in this document cannot be considered as potential violators.

All other individuals with access to technical and software tools ISPD "Accounting and personnel" of an institution can be classified into the following categories:

All potential violators are divided into two types:

External violators - violators carrying out attacks from outside the controlled zone of the ISPD;

Internal violators - violators who carry out attacks while being within the controlled zone of the ISPD.

It is assumed that:

External intruders can be both Category I and Category II persons;

Only category II persons can be insiders.

The possibilities of potential violators of the ISPD "Accounting and Personnel" of the institution significantly depend on the security policy implemented in the ISPD "Accounting and Personnel" of the institution and the adopted regime, organizational, technical and technical measures to ensure security.

All individuals who have access to the technical and software tools of the ISPD "Accounting and Personnel" of the institution, in accordance with the basic model of threats to the security of personal data when they are processed in personal data information systems "(Extract) (approved by the FSTEC of the Russian Federation on February 15, 2008), refer to sources of threats and can be considered as potential violators.According to the analysis carried out regarding potential violators of this ISPD "Accounting and Human Resources", institutions fall into four out of nine possible categories:

Violators of category I0 (external violators) - persons who do not have direct access to the technical and software tools of the ISPD "Accounting and Personnel" of the institution, located within the KZ;

Violators of category I1 (internal violators) - persons who have authorized access to the ISPD "Accounting and Personnel" of the institution, but do not have access to PD (service personnel who work in the premises where the technical means of this ISPD are located, employees who have access to premises in which the technical means of the ISPD "Accounting and Personnel" of the institution are located;

Violators of category I7 (internal or external violators) - programmers-developers (suppliers) of software and persons who provide its support in the ISPD "Accounting and Personnel" of the institution and have or do not have one-time access to the KZ;

Violators of category I8 (internal or external violators of category 8) - developers and persons providing the supply, maintenance and repair of technical means in the ISPD "Accounting and Personnel" of the institution and having or not having one-time access to the KZ.

Taking into account the specifics of the functioning of the ISPD "Accounting and Personnel" of the institution and the nature of the PD processed in it, it is assumed that privileged users of this ISPD (administrators) who carry out technical management and maintenance of ISPD hardware and software, including security tools, including their configuration , configuration and distribution of key and password documentation, as well as a limited circle of registered users, are especially trusted persons and are excluded from potential violators.

6.2. Determining the type of ISPD violatorBU "Yadrinsky KTSSON" of the Ministry of Labor of Chuvashia

Considering the foregoing, potential violators in the ISPD "Accounting and Personnel" of the institution can be considered:

an external intruder who does not have access to the ISPD hardware and software located in the short circuit, and independently creates methods and means for implementing attacks, and also independently performs these attacks;

an internal violator who is not a user of ISPD, however, he has the right to permanent or one-time access to computer equipment on which cryptographic tools and SF are implemented, and independently creates attack methods, prepares and conducts them.

In connection with the hierarchical order of determining the capabilities of the intruder in ISPD, the above-named internal intruder has the greatest opportunities.

6.3. The level of cryptographic protection of PD in ISPD

Since the greatest opportunities in the ISPD "Accounting and Personnel" of the institution are possessed by an internal violator who is not a user of the ISPD, but has the right to permanent or one-time access to computer equipment on which cryptographic tools and SF are implemented, independently creates attack methods, prepares and their implementation, then used in the ISPD "Accounting and Personnel" of the institution cryptographic tool should provide cryptographic protection at the level of KS2. It is this level of cryptographic protection that can be provided by institutions installed in the ISPD "Accounting and Personnel", certified by the Federal Security Service of Russia, means of cryptographic information protection "ViPNet Client KS2".

Conclusion

Based on the above, the following conclusions can be drawn:

ISPD "Accounting and Personnel" of the institution is a local single-user special information system with delimitation of access rights for users who have connections to public communication networks.
The threats of leakage through technical channels, including the threats of leakage of acoustic (speech) information, the threats of leakage of visual information and the threats of leakage through the PEMIN channel in accordance with the level of initial security of the ISPD "Accounting and Personnel" of the institution, the operating conditions and technologies for processing and storing information are irrelevant.
Threats associated with:

Unauthorized access to information;

Unintentional actions of users and violations of the security of the functioning of ISPD and SZPDn in its composition due to software failures, as well as threats of non-anthropogenic (hardware failures due to unreliable elements, power failures) and natural (lightning strikes, fires, floods, etc.) n.) character;

Deliberate actions of insiders;

Unauthorized access through communication channels

are neutralized by the means of anti-virus protection installed in the ISPD "Accounting and Personnel" of the institution, means of protection against unauthorized access, including firewalls, the use of cryptographic protection tools, as well as organizational measures that ensure the safe functioning of the ISPD "Accounting and Personnel" of the institution in the normal mode . Therefore, the above threats are irrelevant. (If these protections are installed.

Actual threats to the security of personal data, identified in the course of studying the ISPD "Accounting and Human Resources" of the institution, are conditions and factors that create a real danger of unauthorized access to personal data in order to violate their confidentiality, integrity and availability.

These types of threats can be neutralized by using the Dallas Lock information security system.

Potential violators of the security of personal data of the ISPD "Accounting and Personnel" of the institution refer to violators of external (I0) and internal 1, 7 and 8 categories (I1, I7, I8) according to the classification of the FSTEC of Russia. In accordance with the constructed model of the intruder, the greatest opportunities in the ISPD "Accounting and Personnel" of the institution are possessed by an internal intruder who is not a user of the ISPD, but has the right to permanent or one-time access to computer equipment on which cryptographic tools and SF are implemented, independently creates methods of attacks, preparation and implementation. To ensure cryptographic protection of at least KS2, it is recommended to use the CIPF "ViPNet Coordinator KS2", CIPF "ViPNet Client KS2" in the ISPD of the institution, provided that the information security system Dallas Lock is installed. (If not used)

In accordance with the requirements for this ISPD "Accounting and Personnel", it is recommended that the institution establish a security level of UZ 3. In accordance with the order of the FSTEC of Russia dated February 18, 2013 No. 21 "On approval of the Composition and content of organizational and technical measures to ensure the security of personal data during their processing in information systems of personal data" it is necessary to carry out the following measures to ensure the security of personal data in the ISPD "Accounting and Personnel" of the institution:

Conditional designation	personal data	Required list of measures to ensure the security of personal data for the level of security of personal data UZ 3

Identification and authentication of access subjects and access objects (AAF)
	Identification and authentication of users, who are employees of the operator
	ID management, including creation, assignment, destruction of identifiers
	Authentication management, including storage, issuance, initialization, blocking means of authentication and taking action in case of loss and (or) compromise of authentication means
	Protection feedback when entering authentication information
	Identification and authentication of users, not who are employees of the operator (external users)
Access control of access subjects to access objects (UAD)
	Management (institution, activation, blocking and destruction) user accounts, including number of external users
	Implementation of the necessary methods (discretionary, mandate, role or other method), types (reading, record, execution or other type) and rules access control
	Management (filtering, routing, control connections, unidirectional transmission and other ways of managing) information flows between devices, information system segments, as well as between information systems
	Separation of powers (roles) of users, administrators and persons providing functioning of the information system
	Assigning the minimum necessary rights and privileges for users, administrators and persons ensuring the functioning of the information system
	Limiting unsuccessful login attempts information system (access to information system)
	Blocking a session of access to the information system after the set idle time (inactivity) of the user or at his request
	Permission (prohibition) of user actions, allowed before identification and authentication
	Implementation of secure remote access of access subjects to access objects through external information and telecommunication networks
	information system technology wireless
	Regulation and control of use in information system of mobile technical means
	Management of interaction with information systems of third parties (external Information Systems)
III. Protection of machine carriers of personal data (PDR)
	Destruction (erasure) or depersonalization personal data on machine media when they are transfer between users, to third parties organization for repair or disposal, and control of destruction (erasure) or depersonalization
Security Event Logging (SEL)
	Definition of security events to be registration and retention periods
	Determining the composition and content of information about security events to be logged
	Collection, recording and storage of information about events security within the set time storage
	Protecting information about security events
V. Antivirus protection (AVZ)
	Implementation of anti-virus protection
	Update the Malware Signs Database computer programs (viruses)
Control (analysis) of personal data security (ANZ)
	Identification, analysis of information vulnerabilities systems and prompt elimination of newly identified vulnerabilities
	Controlling the installation of software updates software, including software updates providing means of information protection
	Health monitoring, settings and correct functioning of the software
	Control of the composition of hardware, software provision and means of information protection
VII. Virtualization Environment Protection (SEP)
	Identification and authentication of access subjects and access objects in the virtual infrastructure, including number of fund management administrators virtualization
	Managing Access Subject Access to Objects access to virtual infrastructure, including inside virtual machines
	Logging Security Events in a Virtual infrastructure
	Implementation and management antivirus protection in virtual infrastructure
	Partitioning virtual infrastructure into segments (segmentation of virtual infrastructure) for processing of personal data by a separate user and (or) user group
VIII. Protection of technical means (ZTS)
	Control and management of physical access to technical means, means of protecting information, means of ensuring the functioning, as well as to the premises and structures in which they are installed, excluding unauthorized physical access to the means of processing information, means of protecting information and means of ensuring the functioning of the information system, to the premises and structures in which they installed
	Placement of output devices (displays) of information tion, excluding its unauthorized viewing
IX. Protection of the information system, its means, communication and data transmission systems (3IS)
	Ensuring the protection of personal data from disclosure, modification and imposition (input of false information) during its transmission (preparation for transmission) through communication channels that go beyond controlled area, including wireless communication channels
	Protecting wireless connections used in information system
X. Information system configuration management and personal data protection systems (UKF)
	Determination of persons who are allowed to act on making changes to the configuration of the information system and the personal data protection system
	Management of changes in the configuration of the information system and the personal data protection system
	Analysis of the potential impact of planned changes in the configuration of the information system and the personal data protection system to ensure the protection of personal data and the coordination of changes in the configuration of the information system with the official (employee) responsible for ensuring the security of personal data
	Documentation of information (data) about changes in the configuration of the information system and personal data protection system

06.07.2020

A computer

The most interesting:

How to connect the printer via LAN

Instagram self-promotion tools

How to make money on Glopart