What is the problem of information security. Russian legislation in the field of information security
UDC 323.2
BBK 66.2 (2Ros)
Information security is a component of general security and is rapidly developing both throughout the world and in the Russian Federation. Until recently, the idea of information protection as a prevention of its unauthorized receipt (secrecy) that prevailed until recently is excessively narrow. An analysis of the current state of information security in Russia shows that the level of information security currently does not meet the vital needs of the individual, society and the state. The legislator of the Russian Federation does not give the concept of information security, the phenomenon is presented at the level of the “Information Security Doctrine of the Russian Federation”.
Keywords: data protection , information security , information , objects , threats .An analysis of the current state of information security in Russia shows that the level of information security currently does not meet the vital needs of the individual, society and the state. The current conditions of the country's political and socio-economic development cause an aggravation of contradictions between the needs of society to expand the free exchange of information and the need to maintain certain restrictions on its dissemination. The lack of effective mechanisms for regulating information relations in society and the state leads to many negative consequences.
Information security is a component of general security and is rapidly developing both throughout the world and in the Russian Federation, global informatization covers all spheres of the state - economic, military, political, industrial, etc. In addition, computing technology is becoming an integral part of human life. Information security, like any other object, has threats that encroach on both the integrity of the physical and its derivatives.
Historically, information has always been of great importance in the life of people and has always been given a special place in it, much attention has been paid to the development of means and methods for its protection. Analysis of the process of development of these means and methods of information protection allows us to divide it into three relatively independent periods. This division is based on the evolution of types of information carriers.
First period is determined by the beginning of the creation of meaningful and independent means and methods of information protection and is associated with the emergence of the possibility of fixing information messages on solid media, i.e. with the invention of writing. Along with the indisputable advantage of storing and moving data, there was a problem of ensuring the secrecy of confidential information already existing separately from the source. Therefore, almost simultaneously with the birth of writing, such methods of protecting information as encryption and hiding arose.
According to a number of experts, cryptography is as old as the Egyptian pyramids. In the documents of ancient civilizations - India, Egypt, Mesopotamia - there is information about systems and methods for compiling encrypted letters. The ancient religious books of India indicate that the Buddha himself knew several dozen ways of writing, among which there were permutation ciphers (according to modern classification). One of the oldest coded tests from Mesopotamia (20th century BC) is a clay tablet containing a recipe for making glaze in pottery, which ignored some vowels and consonants and used numbers instead of names.
Second period(from about the middle of the 19th century) is characterized by the emergence of technical means of information processing and the possibility of storing and transmitting messages using such media as electrical signals and electromagnetic fields (for example, telephone, telegraph, radio). There were problems of protection against the so-called technical channels of leakage (spurious radiation, interference, etc.). There are ways to encrypt messages in real time (during transmission over telephone and telegraph channels connections), etc. In addition, this is a period of active development of technical means of reconnaissance, which greatly increase the possibilities of conducting industrial and state espionage. Huge, ever-increasing losses of enterprises and firms contributed to scientific and technological progress in the creation of new and improvement of old means and methods of information protection.
The most intensive development of these methods falls on the period of mass informatization of society ( third period). Therefore, the history of the most intensive development of the problem of information security is associated with the introduction of automated information processing systems and is measured by a period of more than 40 years. In the 1960s, a large number of open publications began to appear in the West on various aspects of information security. Such attention to this problem was primarily caused by the ever-increasing financial losses of firms and government organizations from crimes in the computer sphere.
In the annual report of the FBI, it was said that in 1997 American intellectual property owners suffered damage in excess of $ 300 billion from the illegal activities of foreign intelligence agencies.
The conclusions of Western experts show that the leakage of 20% of commercial information in sixty cases out of a hundred leads to the bankruptcy of the company.
All big financial losses bring virus attacks to computer networks. Thus, the “I love you” virus, launched via Internet e-mail in May 2000, disabled over five million computers and caused damage over 10 billion dollars.
In this case, the issue of security arises, which can prevent, stop such negative, harmful phenomena.
Security - the state of protection of the vital interests of the individual, society and the state from internal and external threats.
Vital interests - a set of needs, the satisfaction of which reliably ensures the existence and possibilities for the progressive development of the individual, society and the state. From the above examples, it becomes clear that the vital interests are information with a certain value for the subject that used it, as well as other objects of the information system (in our example, it was a telecommunications system). In this regard, in foreign countries, the role of information protection has increased, which is associated with the development of technologies for transmitting information (data) using electronic computers in telecommunication systems, both for general use and for special purposes, and the formation of an "information" society.
In our country, for a long time and not without success, they also began to deal with the problems of information security. And it is not for nothing that the Soviet cryptographic school is still considered the best in the world. However, the excessive secrecy of all work on information security, concentrated mainly in individual law enforcement agencies, due to the lack of a regular system for training professionals in this area and the possibility of a wide exchange of experience, has led to some backlog in certain areas of information security, especially in computer security.
At this time, there is every reason to assert that a national school of information protection has developed in Russia. Its distinguishing feature is that, along with the solution of purely applied protection problems, much attention is paid to the formation of a developed scientific and methodological basis that creates objective prerequisites for solving the entire set of relevant tasks on a regular basis.
Naturally, over the time that has elapsed after the emergence of the problem of information security, both the idea of its essence and the methodological approaches to solving it have changed significantly. These changes occurred gradually and continuously, so any periodization of this process will to a large extent be artificial. Nevertheless, the entire period of active work on the problem under consideration, depending on the approaches to its solution, is quite clearly divided into three stages.
Until recently, the idea of information protection as a prevention of its unauthorized receipt (secrecy) that prevailed until recently is excessively narrow. Moreover, the very concept of "secret" until recently was associated mainly with state secrets, while in modern conditions the concepts industrial, commercial, banking, personal and other secrets. In the current legislative acts of the Russian Federation (RF) there are concepts of more than 40 types of secrets. Thus, even within the framework of the traditional concept of information protection, its content should be significantly expanded.
But in this work, studying information security, it is necessary to pay special attention to the consideration of the concept of state secrets, since the level of importance of a secret is always determined by the degree of damage not only in relation to one individual, but also to social group, society and the state, respectively. Based on this, state secrets come first.
State secret - information protected by the state in the field of its military, foreign policy, economic, intelligence, counterintelligence and operational-search activities, the dissemination of which may harm the security of the Russian Federation.
A certain systemic approach to resolving issues of the place of state secrets in the life of society and the state was introduced by the Law of the Russian Federation “On State Secrets” adopted in 1993. Continuing the tradition of classifying certain categories of information as a secret, the Law takes a fundamental step forward by establishing a whole block of socially significant information that cannot be classified (Article 7). The law has developed a specific legal mechanism, according to which officials who have made a decision to classify the specified information bear various types of legal liability, and citizens have the right to appeal such decisions in court.
The second fundamental innovation of this Law is the introduction of norms regulating the relationship between the state and the owner of information when classifying information as a state secret. Authorized officials retain the imperative right to classify information owned by institutions, organizations or citizens. At the same time, the information owner has the right to compensation for material damage arising from the classification of information, the amount of which is determined by the contract, as well as the right to appeal against the actions of a public authority in court.
Of course, the Law "On State Secrets" is only the first step towards a rational and reasonable approach to regulating relations related to state secrets. The above example can serve as confirmation of one indisputable fact - the principle of determining the categories of information classified as state secrets is a state imperative, in some cases depending on a specific economic or political situation, and therefore cannot be unshakable. In addition, no matter what legislative framework exists, in the mechanism for classifying information as a state secret, the most important link has been and remains a specific executive authority, since it is on its proposals (read - interests) that the categories of the nationwide list are formed. Taking into account the fact that the very concept of a state secret still arouses a certain reverence among most officials and citizens, and the vast majority of heads of federal executive bodies, on the basis of Article 9 of the Law, are empowered to classify information as state secrets, the system of "checks and balances" laid down in the principle of separation of powers proclaimed by the Constitution, is still working extremely poorly in regulating this sphere of relations.
In addition, the analysis of security and information separately from information security shows that a specific concept is defined by law, but in laws based on the information security doctrine there is no definition as such.
Recently, the problem of information security is considered as a problem information security- an integral part of the national security of the Russian Federation. This is clearly defined by the National Security Concept of the Russian Federation, approved by Decree of the President of the Russian Federation of December 17, 1997 No. 1300 (last edition - January 2000) and the Information Security Doctrine of the Russian Federation, adopted in September 2000. Here the system of national interests of Russia is determined by the totality of the main interests of the individual, society and the state.
Before considering what information security is and its role in the state, its management, it is necessary to define such a phenomenon, an object of life as information.
In this paper, the content of information will be considered taking into account the tasks and problems of informatization, as an organizational socio-economic and scientific and technical process of creating optimal conditions for meeting information needs and realization of the rights of citizens, public authorities, local governments, organizations, public associations on the basis of the formation and use of information resources and the resulting public and, above all, legal relations. From the standpoint of this approach, as well as the concepts considered, information will be of a dual nature.
Firstly , it is an information resource of society, which has certain properties and is necessary for information support of social activities and everyday life of people.
Secondly , information is a specific raw material to be processed by special technologies in order to obtain a specific information product with a given property (quality). In this case, the requirements for the properties of information are determined by the owner, owner or user (consumer).
There are many definitions of the concept of "information": from the most general, philosophical (information is a reflection of the material world) to the narrowest, practical (information is all information that is the object of storage, transmission and transformation).
Until the mid-20s of the twentieth century, information really meant “messages and information” transmitted by people orally, in writing or in any other way. Since the middle of the twentieth century, information has been turning into a general scientific concept, including the exchange of information between people, a person and an automaton, an automaton and an automaton; signal exchange in the animal and plant world; transmission of traits from cell to cell, from organism to organism (genetic information). This is one of the basic concepts of cybernetics.
With the development of communications and telecommunications, computer science and their use for processing and transmitting information, it became necessary to measure its quantitative characteristics. K. Shannon and W. Weaver proposed probabilistic methods for determining the amount of transmitted information. The concept of “entropy of information” appeared as a measure of its uncertainty. .
N. Wiener proposed to consider the "information vision" of cybernetics as the science of control in living organisms and technical systems. Under the information began to understand not just information, but only those of them that are new and useful for making a decision that ensures the achievement of the goal of management.
For many years, the semantic theory of information has been developing, which studies the meaning contained in the information, their usefulness and value for the consumer.
To reveal the definition of the content of the concept of information, let's consider its complementary components adopted in the current regulatory legal acts.
Documented information (documents) - information recorded on a material carrier with details that allow it to be identified.
Confidential information is documented information, access to which is restricted in accordance with the law.
Mass information - printed, audio, audiovisual and other messages and materials intended for unlimited circles.
Information resources - individual documents and individual arrays of documents, documents and arrays of documents in information systems (libraries, archives, funds, data banks, other types of information systems).
Information products (products) - documented information prepared in accordance with the needs of users and intended or used to meet the needs of users.
Computer information - information on a machine carrier, in a computer, a computer system or their network.
From the point of view of the information security process, it is important for us to present this concept in a more materialistic plane, which allows us to direct security actions to a specific object. Therefore, we will dwell on the following definition: information is information (messages, data), regardless of the form of their presentation. .
Regardless of the areas of activity of the individual, society and the state, ensuring the security of information is closely related to the receipt, accumulation, processing and use of a variety of information coming from various sources. Because of this, the source is an integral part of the object of legal regulation of relations in the field of information security. A source of information is understood as an object that has certain information that can be obtained (received) once or repeatedly for the intended purposes by a certain receiver. The source is associated with some recipient (subject) that has one or another opportunity to access information. The source in this pair acts as if the passive side, and the recipient - the active subject. Taking into account the concepts of confidential information discussed above, a source of confidential information will be understood as an object that has certain protected information that is of interest to intruders.
The objects of information security of the Russian Federation include:
Information resources, regardless of the form of storage, containing information constituting a state secret and limited access, as well as open (public) information and knowledge;
A system for the formation, distribution and use of information resources, including information systems of various classes and purposes, libraries, archives, databases and data banks, information technologies, regulations and procedures for collecting, processing, storing and transmitting information, scientific, technical and maintenance personnel;
Information infrastructure, including information processing and analysis centers, channels information exchange and telecommunications, mechanisms for ensuring the functioning of telecommunication systems and networks, including systems and means of protecting information;
The system of formation of public consciousness (worldview, political views, moral values, etc.), based on the media and propaganda;
The rights of citizens, legal entities and the state to receive, distribute and use information, protect confidential information and intellectual property.
The information security of all the above objects creates conditions for the reliable functioning of state and public institutions, as well as the formation of public consciousness that meets the progressive development of the country.
To date, a large number of diverse threats to information are known (in information processing systems, it is understood as the possibility of such a phenomenon or event occurring at any stage of the system’s life, which may result in undesirable effects on information) of various origins, fraught with various dangers to it. . For a systemic representation, it is convenient to classify them by type, possible sources, the prerequisites for the appearance and the nature of the manifestation.
Having defined the concept of “information threat”, we will consider it in relation to the direct impact on information processed at any object (office, enterprise, firm). Analyzing possible ways of influencing information presented as a set n information elements interconnected by logical links, it is possible to identify the main violations that will be types of information security threats:
Physical integrity (destruction, destruction of elements);
Logical integrity (destruction of logical connections);
Confidentiality (destruction of protection, reduction of the degree of information security);
Ownership of information (unauthorized copying, use).
The Law of the Russian Federation "On Security" defines a threat to security as a set of conditions, factors that create a danger to the vital interests of the individual, society and the state. In connection with this and the above, information security is understood as the state of protection of its national interests in the information sphere, determined by the totality of balanced interests of the individual, society and the state. Then, from the position of ensuring information security, it can be determined that under information threat is understood as the impact of destabilizing factors on the state of awareness, both from outside and within the state, endangering the vital interests of the individual, society and the state.
From the definition, we see that there are external and internal sources of threat to information security.
External sources include: unfriendly policy of a foreign state in the field of global information monitoring, dissemination of information and new information technologies; activities of foreign intelligence and special services; activities of foreign political and economic structures directed against the interests of Russia; criminal actions of international groups, formations and individuals; natural disasters and catastrophes.
Internal sources of threats are: illegal activities of political and economic structures in the field of formation, dissemination and use of information; illegal actions of state structures, leading to violation of the legal rights of citizens and organizations in the information sphere; violations of the established regulations for the collection, processing and transmission of information; intentional actions and unintentional errors of information systems personnel; technical failures and failures software in information and telecommunication systems. As a result of the impact of threats to information security, serious damage can be caused to the vital interests of the Russian Federation in the political, economic, defense and other spheres of the state's activity, socio-economic damage to society and individual citizens can be caused.
The consequences of such an impact may be: the creation of obstacles to equal cooperation between Russia and developed countries and friendly states; difficulties in making the most important political, economic and other decisions; undermining the state authority of the Russian Federation in the international arena; creating an atmosphere of tension and political instability in society; violation of the balance of interests of the individual, society and the state; discrediting public authorities and administration; provoking social, national and religious conflicts; initiation of strikes and riots; violation of the functioning of the public administration system, as well as the systems of command and control of troops, weapons and military equipment, objects of increased danger.
Also, a consequence of the impact of threats may be a decrease in the pace of scientific and technological development of the country, the loss cultural heritage manifestations of spirituality and immorality. Very significant economic damage in various areas of public life and business can be caused as a result of violations of the law in the information sphere and computer crimes.
Information security threats can cause physical, material and moral damage to citizens, cause inadequate social or criminal behavior of groups of people or individuals, and affect the processes of education and personality formation.
Methods of impact of threats on information security objects in the Russian Federation are divided into information, software and mathematical, physical, electronic, organizational and legal.
Information methods include: violations of the targeting and timeliness of information exchange, illegal collection and use of information; unauthorized access to information resources; manipulation of information (disinformation, concealment or distortion of information); illegal copying of data in information systems; use of the media from positions that are contrary to the interests of citizens, organizations and the state; theft of information from libraries, archives, banks and databases; violation of information processing technology.
Software-mathematical methods include: the introduction of virus programs; installation of software and hardware embedded devices; destruction or modification of data in information systems.
Physical methods include: destruction or destruction of information processing and communication facilities; destruction, destruction or theft of software or hardware keys and means of cryptographic information protection; impact on staff; delivery of "infected" components of information systems.
Electronic methods are: interception of information in the technical channels of its leakage; introduction of electronic devices for intercepting information in technical channels and premises; interception, decryption and imposition of false information in data networks and communication lines; impact on password-key systems; electronic suppression of communication lines and control systems.
Organizational and legal methods include: the purchase of imperfect or outdated information technologies and informatization tools; non-compliance with legal requirements and delays in adopting the necessary legal and regulatory provisions in the information sphere; unlawful restriction of access to documents containing important information for citizens and organizations.
In order to prevent, parry and neutralize threats to information security, basic methods are used. These include legal, software-technical and organizational-economic methods.
Legal methods provide for the development of a set of legal acts and regulations governing information relations in society, guiding and regulatory and methodological documents to ensure information security.
Software and hardware methods include preventing the leakage of processed information by eliminating unauthorized access to it; prevention of special impacts that cause destruction, destruction, distortion of information or failures in the operation of informatization tools; identification of embedded software or hardware embedded devices; eavesdropping exclusion technical means; the use of cryptographic means of protecting information during transmission over communication channels.
Organizational and economic methods provide for the formation and maintenance of the functioning of systems for the protection of secret and confidential information; certification of these systems according to information security requirements; licensing activities in the field of information security; standardization of methods and means of information protection; control over the actions of personnel in secure information systems.
An important place among these methods is occupied by motivation, economic incentives and psychological support for the activities of personnel involved in information security.
The ongoing processes of transformation in the political life and economy of Russia have a direct impact on the state of its information security. At the same time, new factors arise that must be taken into account when assessing the real state of information security and identifying key problems in this area. They can be divided into political, economic and organizational-technical ones.
Political factors include:
Changes in the geopolitical situation due to fundamental changes in various regions of the world, minimizing the likelihood of world nuclear and conventional wars;
Information expansion of the United States and other developed countries that carry out global monitoring of world political, economic, military, environmental and other processes, disseminating information in order to obtain unilateral advantages;
Formation of a new Russian statehood based on the principles of democracy, legality and information openness;
Destruction of the previously existing command-administrative state control system, as well as the existing system of ensuring the country's security;
Violation of information links due to the formation of independent states on the territory of the former USSR;
Russia's desire for closer cooperation with foreign countries in the process of reforms based on the maximum openness of the parties;
Low general legal and informational culture in Russian society.
Among the economic factors, the most significant are:
Russia's transition to market relations in the economy, the emergence of many domestic and foreign commercial structures - producers and consumers of information, means of informatization and information protection, the inclusion of information products in the system of commodity relations;
The critical state of domestic industries that produce means of informatization and information protection;
Expanding cooperation with foreign countries in the development of Russia's information infrastructure.
Of the organizational and technical factors, the determining ones are:
Insufficient regulatory and legal framework in the field of information relations, including in the field of information security;
Weak regulation by the state of the processes of functioning of the development of the market of informatization tools, information products and services in Russia;
Widespread use in the sphere of public administration and the credit and financial sphere of imported technical and software tools for storing, processing and transmitting information that are not protected from information leakage;
Growth in the volume of information transmitted through open communication channels, including data transmission networks and machine-to-machine exchange;
The aggravation of the criminal situation, the increase in the number of computer crimes, especially in the credit and financial sector.
Thus, the information security of the Russian Federation is understood as the state of security of information, information resources and information infrastructure that ensures the vital interests of the individual, society and the state, as well as the ability of the state to provide information necessary to counter the plans and intentions of foreign states, organizations and individuals to cause harm the security interests of the state.
From the above, it follows that information security is determined by the ability of the state, society, individual:
Provide, with a certain probability, sufficient and protected information resources and information flows to maintain their life and viability, sustainable functioning and development;
To resist information dangers and threats, negative information impacts on the individual and public consciousness and psyche of people, as well as on computer networks and other technical sources of information;
Develop personal and group skills and skills of safe behavior;
Maintain constant readiness for adequate measures in the information confrontation, no matter who it is imposed on.
The current stage of the development of society is characterized by the increasing role of the information sphere, which is a set of information, information infrastructure, entities that collect, form, disseminate and use information, as well as a system for regulating the resulting social relations. The information sphere, being a system-forming factor in the life of society, actively influences the state of the political, economic, defense and other components of the security of the Russian Federation. The national security of the Russian Federation essentially depends on ensuring information security, and in the course of technological progress, this dependence will increase.
At the legislative level, the concept of information security is not given, but definitions of security (the state of protection of the vital interests of the individual, society and the state from internal and external threats) and information (information - information (messages, data) regardless of the form of their presentation) in different legal acts are given.
The information security of the Russian Federation is understood as the state of protection of its national interests in the information sphere, determined by the totality of balanced interests of the individual, society and the state.
The information security of the Russian Federation is one of the components of the national security of the Russian Federation and has an impact on the protection of the national interests of the Russian Federation in various spheres of the life of society and the state. Threats to the information security of the Russian Federation and methods of ensuring it are common to these areas.
Each of them has its own information security features associated with the specifics of security facilities, the degree of their vulnerability to threats to the information security of the Russian Federation. In each sphere of the life of society and the state, along with the general methods of ensuring the information security of the Russian Federation, private methods and forms can be used, due to the specifics of the factors affecting the state of information security of the Russian Federation.
Literature
- Shiversky A.A. Information security: problems of theory and practice. - M.: Lawyer, 1996. - 112 p.
- Petrakov A.V., Lagutin V.S. Leakage and protection of information in telephone channels. - M.: Energoatomizdat, 1998. - 112 p.
- Zegzhda D.P., Ivashko A.M. Fundamentals of information systems security. - I .: Hot line - Telecom, 2000. S. 26.
- Law of the Russian Federation of March 5, 1992 No. 2446-1 “On Security” // Rossiyskaya Gazeta, No. 103, May 6, 1992.
- Art. 2 of the Law of the Russian Federation of July 21, 1993 No. 54851 “On State Secrets” // Collection of Legislation of the Russian Federation, 13.10.1997, No. 41, pp. 8220-8235.
- Semkin S.N., Fisun A.P. Legal basis information protection. - Eagle: VIPS, 2003. - 131 p.
- Rastorguev S.P. Infection as a way to protect life. - M.: Yachtsman, 1996. - 143 p.
- Shannon K.E. Mathematical theory of communication. Works on information theory and cybernetics. - M.: Norma 2001, p. 53.
- Viner N. "The Creator and the Robot". - M.: Progress, 1998. - 202 p.
- Federal Law of July 27, 2006 No. 149-FZ “On Information, Information Technologies and Information Protection” // Rossiyskaya Gazeta, No. 165, July 29, 2006.
- P. 1, Art. 2 of the Federal Law of July 27, 2006 No. 149-FZ “On Information, Information Technologies and Information Protection” // Rossiyskaya Gazeta, No. 165, July 29, 2006.
- "Information Security Doctrine of the Russian Federation" approved by the President of the Russian Federation on 09.09.2000 No. Pr-1895 // Rossiyskaya Gazeta, No. 187, 09.28.2000.
Bibliography
- Shiverskiy A.A. Information protection: problems of theory and practice. - M.: Yurist, 1996. - 112 p.
- Petrakov A.V., Lagutin V.S. Data leakage and protection in telephone channels. - M.: Energoatomizdat, 1998. - 112 p.
- Zegzhda D.P., Ivashko A.M. “Basics of information systems security”. - I.: Goryatchaya liniya - Telekom, 2000, p. 26.
- Law of the RF dated 03/05/1992 No. 2446-1 “About the security” // Rossiyskaya gazeta, No. 103, 05/06/1992.
- Article 2, Law of the RF dated 07/21/1993 No. 54851 “About the National Security Information” // Collected Legislation of the RF, 10/13/1997, No. 41, p. 8220-8235
- Semkin S.N., Fisun A.P. and others “Legal basics of information protection”. - Oryol: VIPS, 2003. - 131 p.
- Rastorguyev S.P. “Infection as a method of life protection”. - M.: Yahtsmen, 1996. - 143 p.
- Shennon K.E. “Mathematical theory of connection. Works on theory of information and cybernetics”: Norma 2001, p. 53.
- Viner N. "Creator and robot". - M.: Progress, 1998 - 202 p.
- Federal law dated July 27, 2006 No. 149-Federal Legislation “About the information, information technologies and information protection” // Rossiyskaya gazeta, No. 165, 07.29.2006
- Item 1, article 2 of the federal law dated 27.07.2006 No. 149- Federal Legislation “About the information, information technologies and information protection” // Rossiyskaya gazeta, No. 165, 29.07.2006
- Doctrine of information security of the Russian federation” affirmed by the President of the RF 09.09.2000 No. Orde-1895 // published by Rossiyskaya gazeta, No. 187, 09.28.2000.
Problem of information security in the Russian federation
Information security is a compound of general security and has rapid development both in the whole world and the Russian Federation. The idea about the protection of information as a warning of its illegal acquiring which has prevailed until recently is too narrow. Analysis of the present state of information security in Russia shows that the level of information security at the present time doesn’t correspond to the vital requirements of a person, society and state. A legislator of the Russian Federation doesn't introduce the notion of state security. The event is introduced on the level of “Doctrine of information security of the Russian Federation”.
key words:Considering the question of how important information security is for a company and determining the budget for its provision, it is necessary to clearly navigate this concept. This is the only way to identify priority areas and draw up a plan of appropriate actions.
Information Security in networks involves a wide range of problems. For the well-being of a business, information security is fundamental, so we will consider all the tasks that it solves in detail.
So the first direction is data integrity assurance. Today, all commercial information, accounting data, financial statements, client bases, contracts, innovative ideas of the company's employees, plans and strategy for its development are stored in a local information and computer network. Not always and not all documents are duplicated on paper, because the amount of information is very large. Under such conditions, information security provides a system of measures that are designed to ensure reliable protection of servers and workstations from failures and breakdowns leading to the destruction of information or its partial loss. A serious approach to this issue means that information security should be based on a professional audit of the entire IT infrastructure of the company. allows you to assess the state of the network and equipment, analyze potential threats, identify and eliminate in time the "weak" points of the cable system, server and workstations, disk systems and violations in the equipment configuration. Thus, the technical risks of possible loss of information are reduced.
Incorrect operation of archiving systems, network and application software also leads to data corruption. Ensuring the information security of your company, our employees test the software and check its compliance with modern requirements.
The next most important task is ensuring the confidentiality of information. The protection of trade secrets directly affects the competitiveness of the company and its stability in the market. Here it faces external and internal deliberate threats aimed at stealing data. Hackers, industrial espionage and information leaks through the fault of their own employees pose the greatest threat. The temptation to sell valuable commercial information is strong not only among employees who are laid off, but also among those whose ambitions in the workplace are unsatisfied. In this case, information security takes preventive measures aimed at controlling insiders and multi-stage protection of servers from hacker attacks.
Therefore, measures to counter unauthorized access should be aimed at achieving two goals:
- Create conditions when accidental or intentional actions leading to data loss become impossible. Information Security solves this problem by creating a system of user authentication and authorization, separation of access rights to information and access control.
- It is also important to create a system in which employees or intruders would not be able to hide the committed actions. Here, a security event control system, auditing access to files and folders comes to the aid of an information security specialist.
- Effective means of protection, both from external threats and from internal ones, are also: the introduction of a system of user passwords, the use of special important information cryptographic protection methods (encryption), restriction of access to premises, use of individual digital keys and smart cards, use of firewalls, installation of information leakage protection systems via e-mail, FTP - servers and Internet messengers, protection of information from copying. When considering potential threats, we recommend that our clients establish control over outgoing information flows.
Recently, such methods of hacking networks as spreading malware have become widespread. computer programs, performing the functions of collecting and transmitting information (Trojans), spyware. In order to eliminate such external risks, information security provides for the installation of powerful anti-virus software and server protection.
Network information security also involves protection against attacks from outside, aimed at stopping the performance of servers, computers or network components. We are talking about DDos attacks, password guessing attempts (bruteforce attacks). To protect against such threats, information security requires the use of special software - firewalls and proactive protection systems.
And most importantly, why information security is needed is availability of information for legitimate users. All information security measures are useless if they impede the work of legitimate users or block it. Here, reliably working authentication and well-implemented separation of user rights come to the fore.
Our company will make every effort to ensure that the information security of your company is organized at a level that makes it practically invulnerable.
Filenko Evgenia Sergeevna Senior Lecturer of the Department of Natural Sciences,
Yuzhno-Sakhalinsk Institute of Economics, Law and Informatics. YuzhnoSakhalinsk, Russia [email protected]
Information security threats and possible solutions
Annotation. This article discusses the state of information security
in general, statistics are given on the use of information security tools at Russian enterprises, some of the main problems leading to a violation of information security are given, some possible means of solving these problems are given.
Keywords: information security, threats, cybercrime, security protection
The issue of information security (IS) is currently the most burning issue. This is due to the global informatization of society, the transfer of all types of information into electronic versions. With unconditional positive moments, we face large quantity threats and vulnerabilities. Moreover, the specificity of the IT market is currently such that the market is flooded with all sorts of technologies, each of which is designed to improve one of the moments of either information transfer, or storage, or processing. However, the fact that the race for new developments leaves the created products unfinished is obvious. A fairly classic point is that the release of a new version of a product entails certain vulnerabilities that are provided with the original version. This contributes to more and more penetration into other people's computer networks, theft of information and other unpleasant moments. A computer network in any configuration and technology used is a kind of red rag for everyone who wants to test their hacking skills. A huge amount of literature and even auxiliary software distributed, including thanks to the beloved Internet, contributes to the flourishing of interest in other people's information and in the very hacking of a network, personal computer, server, system, etc., as a process. There are really a lot of threats! All over the world, the so-called ransomware (from the English ransom - ransom), ransomware programs that are quite popular in Russia, are gaining popularity. Despite the fact that such a "business model" has already been used before, it suffered from the same shortcomings as a real kidnapping : there was no convenient way to withdraw money. But thanks to the development of online payment systems, attackers have solved this problem. Blockers will go beyond simple extortion and will be aimed at intimidation, that is
cyberbullying
(cyber attack for the purpose of causing psychological harm). Next year, the criminals will go to the next level, influencing the emotions of the victims, using methods that will make it much more difficult to restore the system. Here is a specific "fresh" example of a hack: At the end of 2012, Adobe was forced to shut down its connectusers.com domain due to a hack by ViruS_HimA. Then he published in the public domain the personal data of only those users whose addresses Email located in the adobe.com, .mil, and .gov domains to protect individuals from harm. This fact only says that the security threat persists constantly and there is no perfect protection system.
Consider more facts related to the relevance of information protection. The number of infected Android devices increased by 41% in the second half of 2012, according to BGR, citing BitDefender analyst Catalin Cosoi, and the number of individual reports of the presence of malware in the second half of 2012 increased even more by 75%. Moreover, some standard browsers already contain support for Java applications that implement the most dynamic elements. The US Department of Homeland Security Cyber Threat Countermeasures recommends that users disable the Java add-on in web browsers to protect against attacks by attackers who exploit a previously unknown vulnerability in the Java software platform, according to the USCERT website. Exploiting a vulnerability that affects the latest and earlier Java versions, attackers can run arbitrary code on the target computer. Oracle, which develops the Java platform, has not yet released an update to address this vulnerability, so the only way to protect a computer from attacks is to disable the Java add-on in browsers. According to USCERT experts, an attack can be carried out when a user visits a page in which a malicious Java application is embedded. Attackers can place such an application on their site, then luring users to it, and also embed the application in a “law-abiding” site. Cybercriminals have found a new application for QR codes (quick response - a quick response-matrix code (two-dimensional barcode), developed and presented by a Japanese company " DensoWave”), in which cybercriminals inject the addresses of malicious sites that spread spam viruses. Such graphic elements are located in the banners of the most frequently visited sites (Figure 1).
Figure 1. Example of a QR code
The number of threats is huge and is increasing every day. Problems arise at absolutely different levels of functioning of a personal computer and a computer network as a whole. Most Russian IT specialists consider the level of investment in IT security to be insufficient (21 percent of organizations in Russia, according to studies, have an insufficient level of investment). According to the study "Cyber threats and information security in corporate sector: trends in the world and in Russia”, Kaspersky Lab, 2012, the following diagram was built (Figure 2) Most companies use a reactive approach to information security. This fully applies to investments: organizations begin to invest in the protection system after the incident has occurred.
However, the allocation of funds is often carried out without taking into account the importance of information security issues.
Figure 2. Assessment of the level of investment in information security
The most widely used information security measures in Russia, according to 2012 data (Source: Cyber Threats and Information Security in the Corporate Sector: Trends in the World and in Russia, Kaspersky Lab, 2012) are shown in Figure 3.
Figure 3. Measures to ensure information security
Control over launched programs, activity on the network and external devices used reduces the risk of unauthorized access to important data and prevents possible financial losses. This kind of research allows vendors to understand what information security problems are most painful for modern business and develop new strategic directions for the development of their products. In particular, today, when, according to IDC, the Russian market of public and private "clouds" is growing at a dizzying pace (from $ 35 million in 2010 to $ 1.2 billion - according to the forecast for 2015). a reasonable question: how to protect information? Of course, you can prohibit the ability of employees to access the Internet. However, the ability (and sometimes direct necessity) to access the necessary resources through personal portable portable devices for work purposes makes such measures irrelevant and inconsistent with the present requirements of the time. There is a whole range of various means to protect information. A “gentleman's” set should definitely include FireWall, antivirus (some of these products contain an application control module that can be used to prohibit or restrict the launch of certain applications), active maintenance group policies in order to restrict access (for example, prohibit the use of flash drives in the accounting department, with the exception of the flash drive of the chief accountant, or allow the use of external hard drives only in the IT department), intrusion prevention systems (IPS) to prevent attacks and identify their fact (given far not a complete list). If you use products from well-known manufacturers, then the actual information security requires quite a serious investment. Not all organizations, and especially small ones, can afford it. But there is always a solution. Currently, there are a sufficient number of relatively inexpensive products on the market that are in the hands of an experienced system administrator, can serve as a good tool for protecting against the main types of vulnerabilities in computer networks. Let's consider an example of network security, available to small organizations. This is a Mikrotik router. The main "protective" core is provided by its operating system: RouterOS Mikrotik. By the way, it can be installed on a personal computer (PC) as a software product. We list only some of the main features: functions for working with the TCP / IP protocol: Firewall and NAT (- powerful packet filtering settings (applicable to P2P connections), excellent implementation of SNAT and DNAT, the ability to classify packets by: source MAC address; IP addresses (the ability to specify networks ); port ranges; IP protocols; protocol options (ICMP types, TCP flags and MSS); interfaces; internal chains of tagged packets; ToS (DSCP); by packet content; by packet size, etc.), Routing, QoS management, HotSpot capabilities, PTP tunnel protocols, the use of IPsec, Proxy, Monitoring / Accounting, as well as an impressive set of functions for working with the second OSI level. From the description, it becomes clear why this operating system(OS) may apply. Its niche is a cheap multifunctional replacement for L3 hardware routers. It has the main features that monitor malicious activity on the network, setting the maximum number of requests per unit of time also allows you to protect against DDoS attacks. We only note that it is enough to configure one interface and assign an IP address to it in order to continue configuring in graphical mode using the Winbox utility (a graphical configuration utility server) (Figure 4). The new dialog style allows you to dynamically configure all the necessary aspects, set IP address ranges (Figure 5). Allows you to set the settings of the Firewall subsection (Figure 6 - a dialog box with an open tab for traffic filtering rules), for example, in paragraph 3, port 8080 is prohibited in incoming traffic so that there are no outside intrusions. Item 4 - limits the number of incoming tcp restrictions to 100 active connections. The goal is to prevent the possibility of DDoS attacks, which are one of the most common threats to network performance. The next item drops the rest of the packets into the void. When a DDoS attack starts, this will help the network administrator gain time to counter hackers. For the attacker at the moment cannot track that his packets are “thrown” into the void. Thus, the use of this product allows you to configure protection settings and will serve as a fairly serious barrier to all kinds of threats coming from the global Internet or other subnets.
Figure 4 - Winbox
Figure 5. Dialog box interface
Figure 6. Configuring the Firewall subsection
1. Anin B. Yu. Protection of computer information. – St. Petersburg: "BHV St. Petersburg" 2011, 384 p2. Gerasimenko V. A. Information security in automated systems book data processing. 1.M.: Energoatomizdat, 2009.400s.3. Koneev I. R., Belyaev A. V. Information security of the enterprise.
Kaspersky Lab: 9 out of 10 companies face external cyber threats http://www.fontanka.ru/2011/09/27/057/
Filenko ESYuzhnoSakhalinsk Institute of Economics, Law and InformaticsYuzhnoSakhalinsk, [email protected] security threats and possible solutions
This article examines the state of information security in general, is the use of statistics information security at Russia, are some of the major problems that lead to a breach of information security, are some of the possible means of solving those problems.Keywords: information security, threats, cybercrime, security protection
Send your good work in the knowledge base is simple. Use the form below
Students, graduate students, young scientists who use the knowledge base in their studies and work will be very grateful to you.
Hosted at http://www.allbest.ru/
Introduction
From a technological point of view, information is a product of information systems. As with any product, information quality is of great importance, that is, the ability to satisfy certain information needs.
The relevance of this control work. Ensuring information security in modern Russia seems to be a complex and specific process, influenced by many external and internal factors. The specific nature of this process is determined by the political conditions in which it takes place.
The tasks of this control work:
1. Consider information security and its components;
2. Consider the problems of information security;
3. To study the legal support of information security.
The quality of information is a complex concept, its basis is base system indicators, including indicators of three classes:
* issue class (timeliness, relevance, completeness, accessibility, etc.);
* processing class (reliability, adequacy, and others);
* security class (physical integrity, logical integrity, security).
The timeliness of information is assessed by the time of issuance (receipt), during which the information has not lost its relevance.
The relevance of information is the degree to which it corresponds to the current moment in time. Relevance is often associated with the commercial value of information. Information that is outdated and has lost its relevance can lead to erroneous decisions and thereby loses its practical value. The completeness of information determines the sufficiency of data for making decisions or for creating new data based on existing ones. The more complete the data, the easier it is to choose a method that introduces a minimum of errors in the course of the information process.
Reliability of information is the degree of correspondence between received and outgoing information.
The adequacy of information is the degree of compliance with the real objective state of affairs. Inadequate information can be generated when new information is created from incomplete or insufficient data. However, both complete and reliable data can lead to the creation of inadequate information if inadequate methods are applied to them.
Availability of information - a measure of the ability to obtain this or that information. Lack of access to data or lack of adequate methods of data processing lead to the same result: the information is not available. One of the most significant indicators of the quality of information is its security.
The structure of this test. The control work consists of: introduction, three chapters, conclusion, list of references.
I. Information security and its components
The problem of ensuring information security has been relevant since people began to exchange information, accumulate it and store it. At all times, there was a need to securely preserve the most important achievements of mankind in order to pass them on to their descendants. Similarly, there was a need for the exchange of confidential information and its reliable protection.
With the beginning of the mass use of computers, the problem of information security has become particularly acute. On the one hand, computers have become carriers of information and, as a result, one of the channels for obtaining it, both authorized and unauthorized. On the other hand, computers, like any technical device subject to failures and errors that can lead to loss of information. Information security is understood as the protection of information from accidental or deliberate interference that is detrimental to its owners or users. As the importance and value of information increases, so does the importance of protecting it. On the one hand, information has become a commodity, and its loss or untimely disclosure causes material damage. On the other hand, information is a signal for managing processes in society and technology, and unauthorized intervention in management processes can lead to catastrophic consequences.
information security legal protection
II. The problem of information security
The problem of information security arose a long time ago and has deep historical roots. Until relatively recently, methods of protecting information were the exclusive competence of the special services that ensure the security of the country. However, new technologies for measuring, transmitting, processing and storing information have significantly expanded the areas of activity of people who need to protect information, have led to the development and dissemination of new methods of unauthorized access to information and, as a result, to the intensive development of a new scientific direction - "information security". All this is connected, first of all, with the advent of computer-based data processing systems, as well as with the rapid development of data transmission systems. There are some reasons that led to the need for both the development of new methods of information protection and the further development of traditional ones. The first systems for the collective use of computers, and then their integration into global and local networks, open systems technologies already at the first stage revealed the need to protect information from accidental errors of operators, failures in equipment, power supply, etc. The rapid growth of the capacity of external storage devices and the high efficiency of their use in automated control systems have led to the creation of databases (databases) of enormous capacity and high cost, while creating problems of their protection, both from various accidents and from unauthorized access. Modern information systems form the technical basis of public authorities, industrial enterprises and research organizations, institutions of the credit and financial sector, banks, etc. Today, when the computer has firmly entered our everyday life, we are increasingly forced to trust it with our secrets (financial, industrial, medical, etc.), and in this regard, information security issues are becoming comprehensive.
In addition to the purely technical tasks of developing information security tools, there are regulatory, technical, organizational, legal, legal and other aspects. The main tasks considered by information security specialists (as well as publications on this topic) are related to ensuring the security of using global and local networks, problems of the global computer network Internet, "hackers", "viruses", etc. Summarizing what has been said, we can single out technical, organizational and legal measures to ensure information security and prevent computer crimes.
Technical measures include:
1. protection against unauthorized access;
2. redundancy of critical components of subsystems;
3. organization of computer networks with redistribution of resources in the event of a temporary disruption of the operability of any part of the network;
4. creation of devices for detecting and extinguishing fires;
5. creation of water leak detection devices;
6. technical protection against theft, sabotage, sabotage, explosions;
7. duplication of power supply;
8. reliable locking devices;
9. signaling devices for various dangers.
Organizational measures include:
1. reliable protection;
2. selection of reliable personnel;
3. proper organization of the work of the staff;
4. a planned plan for restoring the operation of the data center after a failure;
5. organization of service and control of work computer center persons not interested in concealing crimes;
6. Creation of means of protecting information from any persons, including management personnel;
7. prescribed measures of administrative and criminal liability for violation of the rules of work;
8. Choosing the right location for a data center with expensive hardware and software.
Legal measures include:
1. development of criminal norms of responsibility for computer crimes;
3. improvement of criminal and civil legislation;
4. improvement of legal proceedings on computer crimes;
5. public control over developers of computer systems;
6. adoption of a number of international agreements relating to information security.
This is a very large scientific and technical problem and, of course, we cannot cover it in full and will only touch on the basic concepts, definitions and means of protection, available to the user, and let's start with the closest problem of an ordinary user - with the preservation of information that is not associated with unauthorized access.
III. Legal support of information security
Legal measures to ensure information security include: development of rules establishing liability for computer crimes; copyright protection of programmers; improvement of criminal and civil legislation, as well as legal proceedings. Legal measures should also include public control over the developers of computer systems and the adoption of relevant international agreements. Until recently, the Russian Federation did not have the ability to effectively combat computer crimes, since these crimes could not be considered illegal, since they were not qualified by criminal law. Until January 1, 1997, at the level of the current legislation of Russia, only the protection of copyrights of software developers and, in part, the protection of information within the framework of state secrets, could be considered satisfactorily regulated, but the rights of citizens to access to information and the protection of information directly related with computer crimes.
Partially, these problems were resolved after the entry into force on January 1, 1997 of the new Criminal Code (CC), adopted by the State Duma on May 24, 1996. In the new Criminal Code, responsibility for computer crimes is established by Art. Art. 272, 273 and 274. Art. 272 of the new Criminal Code establishes liability for illegal access to computer information (on a machine medium in a computer or a network of computers), if this led either to the destruction, blocking, modification or copying of information, or to disruption of the computer system. (Blocking is understood as such an impact on a computer or computer system that resulted in a temporary or permanent inability to perform any operations on information.)
This article protects the owner's right to privacy of information in the system. The owner of an information system can be any person who legally uses information processing services as the owner of a computer system or as a person who has acquired the right to use it. A criminal act, the responsibility for which is provided for in Art. 272, consists in illegal access to computer information protected by law, which always has the character of performing certain actions and can be expressed in penetration into a computer system through the use of special hardware or software that allows to overcome installed by the system protection; illegal use of valid passwords or disguise as a legitimate user to penetrate a computer, theft of storage media (provided that measures were taken to protect them), if this led to the destruction or blocking of information. (Access is considered legitimate if it is authorized by the copyright holder, the owner of the information or system.
Access is illegal if the person does not have the right to access, or has the right to access, but does so in violation of the established procedure. 272 consequences, while the accidental temporal coincidence of illegal access and a failure in the computer system that caused these consequences does not entail criminal liability.
Illegal access to computer information must be carried out intentionally, i.e. committing this crime, the person is aware that he unlawfully invades the computer system, foresees the possibility or inevitability of the consequences specified in the law, wishes and consciously allows their occurrence or treats them indifferently. Therefore, from the subjective side, a crime under Art. 272 is characterized by the presence of direct or indirect intent. The motives and goals of this crime can be very different: mercenary, aimed at causing harm (from hooligan, competitive or other motives) or testing one's professional abilities, etc. Since the motive and purpose of the crime in Art. 272 are not taken into account, it can be applied to all sorts of computer attacks. Art. 272 of the Criminal Code consists of two parts. In the first part, the most serious punishment for the offender is imprisonment for up to two years. Part two indicates, as signs that increase criminal liability, the commission of a crime by a group of persons or with the use by the criminal of his official position, as well as having access to the information system, and allows for a sentence of up to five years. At the same time, the location of the object of the crime (for example, a bank whose information has been illegally accessed for criminal purposes), which may be foreign, does not matter.
According to the criminal law, only persons who have reached the age of 16 can be subjects of computer crimes. Art. 272 of the Criminal Code does not regulate situations where illegal access to information occurs through negligence, since it is often extremely difficult to prove criminal intent when investigating the circumstances of access. So, when following links from one computer to another on the Internet, which connects millions of computers, you can easily get into the protected information zone of a computer without even noticing it (although the goal may also be criminal encroachment). Art. 273 of the Criminal Code provides for criminal liability for the creation, use and distribution of malicious programs for computers or modification of software that knowingly leads to unauthorized destruction, blocking, modification, copying of information or disruption of information systems. The article protects the rights of the owner of a computer system to the inviolability of the information stored in it. Malware is any program that is specifically designed to interfere with the normal functioning of other computer programs.
Normal operation is understood as the performance of operations for which these programs are intended and which are defined in the documentation for the program. The most common malware - computer viruses, logic bombs, also known as Trojan horses. To be liable under Art. it is not necessary that any undesirable consequences for the owner of the information occur, the mere fact of creating malicious programs or making changes to existing programs that knowingly lead to the consequences indicated in the article is sufficient. The use of programs is their release, reproduction, distribution and other actions for putting into circulation. The use of programs can be carried out by recording in the computer memory or on a physical medium, distribution over networks or by other transfer to other users.
Criminal liability under Art. 273 arises already as a result of the creation of malicious programs, regardless of their actual use. Even the presence source code programs is grounds for prosecution. The exception is the activities of organizations that develop anti-malware tools and have the appropriate licenses. The article consists of two parts, differing in the sign of the attitude of the offender to the actions performed. Part 1 provides for crimes committed intentionally, with the knowledge that the creation, use or distribution of malicious programs must knowingly lead to a violation of the integrity of information. At the same time, responsibility arises regardless of the goals and motives of the encroachment, which can be quite positive (for example, protecting the personal rights of citizens, combating man-made hazards, protecting the environment, etc.). The maximum punishment under the first part is imprisonment for up to three years. According to Part 2, an additional qualifying feature is the onset of grave consequences due to negligence. In this case, the person is aware that he creates, uses or distributes a malicious program or its media and foresees the possibility of serious consequences, but without sufficient grounds expects to prevent them, or does not foresee these consequences, although as a highly qualified programmer he could and was obliged to foresee them. Since the consequences can be very serious (death or harm to human health, danger of a military or other catastrophe, traffic accidents), the maximum penalty under Part 2 is seven years in prison. It should be noted that the law does not mention the degree of harm caused, in contrast to theft, when a distinction is made between simple theft, theft on a large scale and theft on an especially large scale. Only the fact of a crime is established here, and the amount of damage affects only the assessment of its severity and the measure of responsibility. Finally, Art. 274 of the Criminal Code establishes liability for violation of the rules for the operation of computers, computer systems or networks by a person who has access to them, resulting in the destruction, blocking or modification of information protected by law, if this act caused significant harm. This article protects the interests of the owner of a computer system in relation to its proper operation and applies only to local area networks of organizations. For global computer networks, such as the Internet, this article does not apply.
Legally protected information means information for which special laws establish a regime for its legal protection. A causal relationship must be established between the fact of violation of the operating rules and the significant harm that has occurred, and it must be fully proved that the harmful consequences that have occurred are the result of the violation of the rules. The assessment of the harm caused is established by the court, based on the circumstances of the case, and it is considered that significant harm is less significant than grave consequences.
The subject of this article is a person who, by virtue of his official duties, has access to a computer system and is obliged to comply with the technical rules established for them. According to part 1 of the article, he must commit his acts intentionally; be aware that it violates the rules of operation; to foresee the possibility or inevitability of unlawful influence on information and causing significant harm, to wish or knowingly allow such harm to be caused or to be indifferent to its occurrence. The most severe punishment in this case is deprivation of the right to occupy certain positions or engage in certain activities for up to five years, or restriction of freedom for up to two years. Part 2 Art. 274 provides for liability for the same acts that were not intentional, but caused serious consequences through negligence, for example, for installing an infected program without anti-virus scanning, which led to serious consequences (large financial damage, traffic accidents, loss of important archives, disruption of the system life support in a hospital, etc.). The punishment for this crime is established by the court depending on the consequences that have occurred, the maximum punishment is imprisonment for up to four years. As you can see, the considered articles of the Criminal Code do not cover all types of computer crimes, the variety of which increases along with progress in the field of computer crimes. computer technology and its use.
In addition, some of the wording of the articles is open to ambiguous interpretation, for example, in the definition of malicious intent. Therefore, further replenishment and improvement of these articles is possible.
Conclusion
Information security in the context of globalization and the growing openness of countries plays a crucial role in the implementation of the vital interests of the individual, society and the state. This is due to the widespread creation of a developed information environment. It is through the information environment that, often, in modern conditions, threats to the national security of the Russian Federation are realized.
The information security of the individual of society and the state can be effectively ensured only by a system of measures that are purposeful and comprehensive. Special meaning for the formation and implementation of information security policy has the competent use of political tools. However, at present, there is insufficient scientific study of issues related to determining the role of the political factor in the information security system, which is largely due to the transient state of Russian society and the need to rethink a number of theoretical and methodological problems.
Information factors are becoming increasingly important in the political, economic, social, military, spiritual spheres of life of the Russian society, and the information environment is a system-forming factor in national security, actively influencing the state of political, economic, military, spiritual and other components. common system national security of the Russian Federation. At the same time, the information sphere is an independent sphere of national security, in which it is necessary to ensure the protection of information resources, systems for their formation, distribution and use, information infrastructure, the exercise of the rights to information of legal entities and citizens.
Information security as an independent field of scientific knowledge is based on security theory, cybernetics and informatics. The main methods of studying information security at present are most often observation (including included), peer review, opinion polls (including interviews), logical and mathematical modeling. To identify the state of protection of the interests of enterprises and organizations that have corporate information networks, the most appropriate method is the method of expert assessments.
The conceptual apparatus of information security consists of such categories as: "security", "national security", "interest", "vital interest", "sphere of life", "information", "information society", "information resources", "protection" , "information security policy", etc.
The task of ensuring the national security of Russia with the intangible transfer of technology remains topical. The sphere of intelligence increasingly involves issues of the latest technologies, finance, trade, resources and other economic aspects of the state, access to which is opened in connection with the development of international integration processes, the widespread introduction of computerization in these areas of activity.
A special place in the legislation should be occupied by legal relations arising in the process of using computer systems and networks. There is a need for a state mechanism for investigating computer crimes and a system for training personnel for investigation and legal proceedings in cases related to computer crime, illegal use of the Internet.
The resources of civil society should be more fully involved in ensuring information security. Obviously, the state alone is not able to fully cope with the task of ensuring the information security of all subjects of information relations. If today, in accordance with the law, it is fully responsible only for the protection of state secrets, then in most other cases, with the uncertainty of the share of state participation, the burden of ensuring information security falls on the shoulders of citizens and society. This corresponds to the constitutional principle of self-defense of one's interests by all means not prohibited by law. Public authorities should clearly define their powers, based on real opportunities and declared priorities in ensuring information security.
List of used literature
1. Yu.I. Kudinov, F. F. Pashchenko. Fundamentals of modern informatics: Tutorial. 2nd ed., rev. - St. Petersburg: Publishing house "Lan", 2011. - 256 p.: ill. -- (Textbooks for universities. Special literature).
2. Averyanov G.P., Dmitrieva V.V. MODERN COMPUTER SCIENCE: Textbook. M.: NRNU MEPhI, 2011. - 436 p.
3. Taganov, L. S. Informatics: textbook. allowance / L. S. Taganov, A. G. Pimonov; Kuzbass. state tech. un-t. - Kemerovo, 2010. - 330 p.
4. Verbenko, Boris Vladimirovich. Thesis for the degree of candidate of political sciences
Introduction
§1.2 Information protection is a priority task of ensuring the national security of Russia
Chapter 2. Legislative framework governing relations in the field of information security
§2.1 Regulatory framework for information protection in the Russian Federation
§3. Information legislation - the main source information law
§four. Legal issues of information security
Conclusion
List of regulations and literature
Introduction
Relevance. The end of the XX and the beginning of the XXI century. are characterized by a new stage of the scientific and technological revolution - the introduction of infocommunication technologies into all spheres of life - the necessary basis for the transition to the information society, which have a huge impact on all aspects of our life. As noted in the Declaration of Principles for Building the Information Society (Millennium Declaration), such technologies open up completely new prospects for achieving higher levels of development.
At present, the necessary conditions have been formed in the Russian Federation for the transition to the information society. This is also noted in the Strategy for the Development of the Information Society in Russia, approved at a meeting of the Security Council of the Russian Federation on July 25, 2007 (hereinafter referred to as the Strategy).
The Strategy is a political document and is aimed at implementing the provisions of the Okinawa Charter of the Global Information Society and the outcome documents of the World Summit on the Information Society (Geneva, 2003, Tunis, 2005). It defines the goals and principles of the development of the information society in Russia, the role of the state in this process, and provides for the main measures to achieve the goals of the development of the information society in Russia.
The legal problems of regulating information relations in building the information society in Russia currently need to be carefully studied, since the rapidly accelerating information and communication processes of globalization are evolving into a qualitatively new state - real time. The resulting new social relations need adequate legal regulation.
One of the necessary conditions for the development of the information society is the development of a system of legal regulation of relations in the field of creation and use of information and telecommunication technologies. At the same time, it would be fair to admit that it is public relations in the information sphere, which today permeates almost all areas of human life, society and the state, that are the impulse that influences the development of information legislation. This was the impetus for choosing the topic of the course work, which sounds like: the legal basis for ensuring information security.
The object of the course work is the social relations that arise around the legal regulation of the sphere of information security.
The subject of the study will be the legal framework governing relations, object defined research.
The purpose of the work is to consider the sources of law governing relations in the field of information security, to understand the completeness of their reflection of the existing realities of public life, perhaps to see the gaps in the legislation and suggest ways to solve them.
Based on the goals, I set myself the following tasks:
Understand the concept of information security
Consider the rules of law governing public relations in the field of information security
Reflect the degree of compliance of existing norms with actual existing relations.
Formulate your proposals for improving the legislation.
The structure of the course work. Coursework traditionally consists of the following main elements: introduction; two chapters containing a number of paragraphs; conclusion; list of normative acts and literature.
Provisions for defense:
information security is manifested through the maximum security of socially significant institutions: the economy, living conditions, ecology, proper provision of state defense.
information security is determined by the ability to neutralize the impact in relation to dangerous, destabilizing, destructive information impacts that infringe on the interests of the country at the level of both introducing and extracting information.
Chapter 1. Information security in the Russian Federation
§1.1 The concept and role of information at the present stage of development of Russian society
The main object of legal relations in the information sphere is information. "Information is information, not energy or matter," said Nobert Wiener, the father of cybernetics. In his definition, information acts as a philosophical category along with matter and energy.
It is clear that such a philosophical definition of information is unacceptable for law, just as it is unacceptable, for example, to regulate attitudes about energy in general or matter in general. Information as an object of legal relations must be concretized, properly organized, "attached" to the situation and a specific type of relationship, classified by type, and similarly "prepared" for the implementation of actions on it, regulated by the rule of law.
In a practical sense, understandable to everyone, the definition of information was given by S.I. Ozhegov:
information is:
1) information about the surrounding world and the processes taking place in it;
2) messages informing about the state of affairs, about the state of something.
Until the mid 20s. 20th century information (translated from Latin - familiarization, explanation, exposition) really meant "messages and information" transmitted by people orally, in writing or in another way. Since the middle of the XX century. information is defined as a general scientific concept, including the exchange of information between people, a person and an automaton, an automaton and an automaton; signal exchange in the animal and plant world; transfer of traits from cell to cell, from organism to organism (genetic information), one of the basic concepts of cybernetics.
In connection with the development of means of communication and telecommunications, computer technology and their use for processing and transmitting information, it became necessary to measure the quantitative characteristics of information. Different theories appeared, and the concept of "information" began to be filled with different content.
In 1949, K. Shannon and W. Weaver published the article "Mathematical Theory of Communication", which proposed probabilistic methods for determining the amount of information transmitted. However, such methods describe only the sign structure of information and do not affect the meaning inherent in it (in the message, information).
In 1948, N. Wiener proposed an "informational vision" of cybernetics as a science of control in living organisms and technical systems. Under the information began to understand not just information, but only information new and useful for making a decision that ensures the achievement of the goal of management. The rest of the information was not considered information.
For many years, the semantic theory of information has been developing, which studies the meaning contained in the information, the usefulness and value of this information for the consumer. In this regard, the subjective approach becomes essential, based on the a priori readiness of the subject to perceive such information or messages and their novelty for the subject and their usefulness (or value) for making decisions aimed at achieving the set goals.
The term "information" and related terms are widely used today by the legislator.
The federal law "On Information, Informatization and Protection of Information" defines information as "information about persons, objects, facts, events, phenomena and processes, regardless of the form of their presentation" (Article 2). Considering the social aspect of the subject under consideration, we add: in a form understandable for human perception. Such a definition makes it possible to "deduce" from the concept of "information" programs for electronic computers (computers), referred by the said Law to the means of providing computers.
According to the role in the legal system, information is divided into legal and non-legal.
Regulatory legal information is created in the course of law-making activities and is contained in regulatory legal acts. The classification of such information by the level of adoption of acts or by types of acts is shown in Fig. 2.
Non-normative legal information is created, as a rule, in the course of law enforcement and law enforcement activities.
With the help of this information, legal regulations are implemented. This information is created in the control object and moves in the loop feedback legal management systems. Non-normative legal information includes:
1) general information about the state of law and order:
applications submitted to the prosecutor's office. the Constitutional Court of the Russian Federation, the Supreme Court of the Russian Federation, the Supreme Arbitration Court of the Russian Federation on compliance with the law;
judicial, criminal and prosecutorial statistics;
information on the observance of human rights and freedoms (including on the proposal of the Commissioner for Human Rights);
sociological research on the effectiveness of legislative and other regulatory legal acts;
2) information on civil law relations, contractual and other obligations (contracts, agreements, etc. documents);
3) information representing the administrative activities of executive authorities and local self-government in the implementation of regulatory requirements;
