The main threats to information security of internal affairs bodies. Information sphere and information security of internal affairs bodies. The main directions of government activity to ensure information security

Information security in the activities of internal affairs bodies: theoretical and legal aspect

As a manuscript

Velichko Mikhail Yurievich

INFORMATION SECURITY IN ACTIVITY

OF INTERNAL AFFAIRS: THEORETICAL AND LEGAL ASPECT

Specialty 12.00.01 – theory and history of law and

states; history of doctrines about law and state

PhD in Law

Kazan - 2007 2

The work was carried out at the Department of Theory and History of State and Law of the State Educational Institution of Higher Professional Education “Kazan State University named after. IN AND. Ulyanov-Lenin"

Scientific director Doctor of Law, Professor Gorbachev Ivan Georgievich

Official opponents:

Honored Lawyer of the Russian Federation, Doctor of Law, Professor Alexey Ivanovich Aleksandrov Doctor of Law, Professor Valentin Grigorievich Medvedev

Leading organization State educational institution of higher professional education "Moscow University of the Ministry of Internal Affairs of Russia"

The defense of the dissertation will take place on September 20, 2007 at 14:00 at a meeting of the Dissertation Council K 212.081.01 for the defense of dissertations for the degree of candidate of legal sciences at the State educational institution of higher professional education “Kazan State University named after. IN AND. Ulyanov-Lenin" (420008, Kazan, Kremlevskaya str., 18, room 324).

The dissertation can be found in the scientific library named after. N.I.

Lobachevsky State Educational Institution of Higher Professional Education “Kazan State University named after.

Scientific secretary of the dissertation council, candidate of legal sciences, associate professor G.R. Khabibullina

I.

GENERAL DESCRIPTION OF WORK

Relevance dissertation research topics. As a result of the implementation of socio-economic transformations over the past years, society and public relations in Russia have moved to a qualitatively new state, characterized, in particular, by a strong merging of government bodies, business organizations and criminals, which dictates an urgent need to revise the functions and tasks of law enforcement agencies and security agencies national security, economic security and law enforcement forces.

The transition to a new state of Russian society is inextricably linked with the emergence of new challenges and threats to both national security as a whole and its most important components - economic and public security. The emergence of these threats against the backdrop of a strong lag and insufficient development of the Russian legislative framework is associated, first of all, with the accelerated capitalization of economic relations of society, the rapid development of market relations, the close integration of Russia into global economic relations, the globalization of the world economy, the globalization and transnationalization of crime in the main vital important areas of public relations, the emergence and development of international terrorism, etc.

All this requires serious reflection and the development of new mechanisms for organizing the fight against national and transnational crime.

A necessary condition for the socio-economic development of the Russian Federation is to reduce the crime rate. The current state, the applied law enforcement mechanisms and means of combating modern crime do not fully correspond to the state and dynamics of the spread of organized crime, the shadow economy and economic crime, drug and human trafficking, terrorism and extremism, and corruption.

The information revolution contributes to the creation and inclusion in the socio-economic system of such flows of information that may be quite sufficient to effectively resolve most modern global and regional socio-economic problems, to ensure rational management of natural resources, harmonious economic, political, social and cultural-spiritual development of society and his safety. Crime, which is basically large-scale and organized, covers entire regions and even the entire territory of the country, going beyond its borders, takes full advantage of these same achievements in the field of information, and has great opportunities for access to information, technical and financial resources, their increase and use in their illegal activities.

These circumstances necessitate a radical rethinking of existing views and the development of new conceptual approaches to the problem of information security, combating such new phenomena as cybercrime and cyberterrorism in order to ensure national security.

The relevance of the study of legal and organizational and managerial mechanisms for ensuring information security of internal affairs bodies in the context of the integration of information systems of law enforcement agencies and special services is also due to the fact that issues of information security theory have traditionally been considered, as a rule, from a technical point of view or in relation to pre-existing and established organizational systems.

A number of studies note that the problem of ensuring the protection of information is often narrowed to the problem of ensuring the protection of only computer information. So, O.V. Genne rightly believes that to implement an effective approach, an interconnected consideration of a number of aspects of information security is necessary 1.

The formation of an information security regime is a complex problem, in which four levels can be distinguished: legislative (laws, regulations, standards, etc.); administrative (general actions taken by management); procedural (security measures aimed at monitoring employee compliance with measures aimed at ensuring information security); software and hardware (technical measures).

Based on this, there is a need to develop theoretical provisions and methodological principles for ensuring information security by internal affairs bodies. Of particular importance is the scientific and practical problem of comprehensive consideration of issues of state legal regulation and organizational management in the field of ensuring information security of law enforcement agencies. All this determined the relevance of the research topic and the range of issues under consideration.

Vengerov, M.I. Dzliev, G.V. Emelyanov, I.F. Ismagilov, V.A. Kopylov, V.A.

Lebedev, V.N. Lopatin, G.G. Pocheptsov, M.M. Rassolov, I.M. Rassolov, A.A.

Streltsov, A.D. Ursul, A.A. Fatyanov, A.P. Fisun and others. Among foreign ones See: Genne O.V. Basic provisions steganography // Information protection Confidential. P.20-25.

Scientists in this direction include the works of R. Goldscheider, I. Gerard, J. Mayer, B. Marcus, J. Romary, S. Philips and others.

Purpose and tasks dissertation research. Purpose The research is to clarify the theoretical and legal provisions, methodological principles for ensuring information security of internal affairs bodies, information warfare and effective information counteraction to criminal structures using legal and law enforcement mechanisms.

In accordance with the formulated goal, the following tasks were set in the work:

Research and clarify the theoretical and methodological foundations of state legal regulation in the field of information protection and organization of information security of internal affairs bodies;

Determine ways to improve legal mechanisms for information protection, organizational measures and management decisions to combat computer crimes;

Identify the role of legal and organizational mechanisms for protecting information in information support systems for the activities of internal affairs bodies;

Develop proposals for the formation of organizational and legal mechanisms for ensuring information security of internal affairs bodies.

The object of the dissertation research is information security of internal affairs bodies.

Subject of research are legal and organizational and managerial mechanisms for ensuring information security of internal affairs bodies.

The theoretical and methodological developments of economic and information security and information protection served as the theoretical and methodological basis of the dissertation research.

The study is based on a systematic methodology developed by V.N. Anishchenko, B.V. Akhlibininsky, L.B. Bazhenov, R.N. Bayguzin, B.V. Biryukov, V.V. Bordyuzhe, V.V. Verzhbitsky, G.G. Vdovichenko, V.A.

Galatenko, A.P. Gerasimov, I.I. Grishkin, D.I. Dubrovsky, L.A. Petrushenko, M.I. Setrov, A.D. Ursul, G.I. Tsaregorodtsev and others.

Kudryavtseva, Yu.I. Lyapunova, A.V. Naumova, S.A. Pashina, A.A. Piontkovsky, N.A. Selivanova, A.N. Trainina, O.F. Shishova.

When conducting the research, dialectical, formal legal, comparative legal, abstract logical, and analytical methods were used, applied and special disciplines (criminal law, statistics, computer science, information security theory) were used.

The regulatory and legal basis for the study was the provisions of international legislation, the legal framework of the Russian Federation on information protection, the Criminal Code of the Russian Federation and regulatory legal documents based on them.

a comprehensive analysis of legal and organizational mechanisms for ensuring information security of internal affairs bodies.

Scientific novelty research lies in the formulation of the problem itself and the choice of the range of issues to be considered. This dissertation is the first work in domestic legal science devoted to the information security of law enforcement agencies of the Russian Federation, the basis of which is formed by the internal affairs bodies of the Ministry of Internal Affairs of Russia. For the first time, it analyzes modern threats to national security in the information sphere emanating from organized national and transnational crime, corruption, terrorism, extremism and the criminal economy, and substantiates the role and place of information security in the overall system of ensuring national security. For the first time, a comprehensive analysis of the goals, objectives, functions and powers of internal affairs bodies in the field of combating computer crimes and cyber terrorism, ensuring information security in operational activities was carried out. Based on an interconnected assessment of the state of the operational situation and the nature of crimes in the information sphere, the scale, forms, methods and means of information counteraction to law enforcement agencies from crime, the position is substantiated that the internal affairs bodies are in a state of information war against various types of crime, primarily organized and economic. Proposals have been formulated on areas for improving state legal regulation of relations in the field of ensuring information security of internal affairs bodies and developing current legislation.

research lies in its focus on solving the problems facing the internal affairs bodies to ensure law and order, the security of the state, society and the individual.

promote the implementation of a coordinated state policy in the field of ensuring national and information security, the gradual improvement of state-legal regulation of relations between internal affairs bodies in the field of information protection, combating computer crime and cyber terrorism.

The applicant's conclusions and recommendations were used to substantiate state legal measures and mechanisms for ensuring information security of internal affairs bodies, and to prepare reports to the leadership of the Ministry of Internal Affairs of Russia and to the highest executive authorities of the Russian Federation on security issues.

The theoretical developments of the applicant can serve as the basis for further scientific research in the field of ensuring the national security of the Russian state and society, and can also be used in the educational process of higher educational institutions and research institutions of the Ministry of Internal Affairs of Russia.

Provisions for defense. In the process of research, a number of new theoretical provisions were obtained that are put forward for defense:

In modern conditions, information security of society, state and individual is, along with other types of security, including economic, the most important component of national security.

Threats to the country's information security, the sources of which are modern national and transnational criminal communities, in their totality and scale of impact, covering the entire territory of the country and affecting all spheres of society, undermine the foundations of the national security of the Russian Federation, causing significant damage to it.

The internal affairs bodies of the Ministry of Internal Affairs of Russia are an important component of the forces and means of countering information attacks by criminal communities on the rights and freedoms of citizens, the security of the state, society and individuals.

In the current state of crime, which is basically large-scale and organized, covers entire regions and even the entire territory of the country, going beyond its borders, has great opportunities for access to information means and weapons, their expansion and use in their illegal activities, it is impossible ensure information security of internal affairs bodies only through the use of protective equipment and mechanisms. In these conditions, it is necessary to conduct active offensive (combat) operations using offensive weapons in order to ensure superiority over crime in the information sphere.

information war against both national and transnational criminal communities, the specific content and main form of which is information warfare using information, computing and radio means, electronic intelligence equipment, information and telecommunication systems, including space communication channels, geographic information systems and other information systems , complexes and means.

The evolution of the legal regime, organizational foundations and the actual activities of the internal affairs bodies in providing information to cyber terrorism were greatly affected by changes in the political and socio-economic situation of the country. The developed and implemented approaches to the “forceful” provision of law and order and security in conditions of high activity of organized criminal communities require a radical rethinking of existing views and the development of new conceptual approaches to the problem of state legal regulation of relations in the field of information security, the fight against cyber terrorism in order to ensure national security .

provisions of this work were discussed at the scientific and practical conference “Institutional, economic and legal foundations of financial investigations in the fight against terrorism” (Academy of Economic Security of the Ministry of Internal Affairs of Russia, 2006), the interdepartmental round table “Current problems of legislative regulation of operational investigative activities of law enforcement agencies” and the interdepartmental scientific conference “Topical issues of the theory and practice of operational-search activities of internal affairs bodies to combat economic crimes”, All-Russian scientific and practical conference “Combating the legalization of criminal proceeds: problems and ways of their All-Russian Research Institute of the Ministry of Internal Affairs of Russia, 2007).

The dissertation research material was used in the preparation of specialized lectures on the problems of liability for committing crimes in the field of computer information at advanced training courses for authorities to combat economic crimes.

The main provisions and conclusions of the dissertation are presented in six scientific publications.

Scope and structure of the dissertation research. Structure and scope of the dissertation determined by the purpose and objectives of the study. It consists of an introduction, three chapters combining eight paragraphs, a conclusion and a list of references.

II. BASIC THE CONTENT OF THE WORK

the degree of its scientific development is revealed, the object, subject, purpose and objectives of the research are determined, the main provisions submitted for defense are formulated, the theoretical and methodological foundations are substantiated, the scientific novelty and practical significance of the research are revealed, and information about the testing of its results is provided.

Chapter I. Theoretical and legal foundations of information security Chapter one is devoted to the research and theoretical understanding of the category “information security”, as well as the legal nature of this phenomenon, the principles that form the content of information security, which is an independent area of research.

national security: nature, essence, place in the categorical apparatus of the general theory of law" - represents a general theoretical legal justification for the concept of information security.

information security of the Russian Federation, approved by Decree of the President of the Russian Federation of September 9, 2000 No. Pr-1895. Information security refers to the state of protection of national interests in the information sphere, which are determined by the totality of balanced interests of the individual, society and the state.

develops the Concept of National Security of the Russian Federation, approved by the Decree of the President of the Russian Federation of December 17, 1997.

No. 1300 (as amended by Decree of the President of the Russian Federation of January 10, 2000 No. 24), in relation to the information sphere. The National Security Concept notes that the most important tasks of ensuring information security of the Russian Federation are:

implementation of constitutional rights and freedoms of citizens of the Russian Federation in the field of information activities;

infrastructure, integration of Russia into the global information space;

information sphere.

The importance of ensuring the information security of the state can be demonstrated by any examples of a negative nature observed in the process of deformation of the Russian economy; it is enough to just point to the default of 1998. Solving the problems of ensuring the security of the fight in the information sphere is not limited to protecting channels and government communications, information and other issues, which are usually considered when analyzing the totality of threats and the system of measures to ensure information security. Issues of information security in the economic sphere also include the security of information systems for managing industry, sectors (including the defense complex), enterprises, and banks.

represent information technology, a new direction in science has emerged - information security. The influence of threats in the information sphere is increasingly directed at the interests of the individual, society and the state. At the same time, there is an impact on the individual in order to reduce the activity of communications. There is an increasing information impact on the economic system, including the financial sector (for example, information attacks against national currencies and stock markets that swept across the world in the late 1990s), stock markets with the game of reducing the capitalization of enterprises, and then buying them up at a lower price combined with the dissemination of information to create a negative image of a competitor, etc.

Of particular danger are information threats to the state through the spread and introduction of the ideology of international terrorism and separatism.

The second paragraph - “Organizational and legal framework for ensuring information security” - provides an analysis of organizational decisions regulating the sphere of ensuring information security of the individual, society and state.

Organizational and legal support for information security, information security, and the creation and operation of organizational and legal support systems are: development of basic principles for classifying information of a confidential nature as protected information; determination of the system of bodies and officials responsible for ensuring information security in the country, and the procedure for regulating the activities of enterprises and organizations in this area; creation of a full range of legal guidelines and methodological materials (documents) regulating the issues of ensuring information security both in the country as a whole and at a specific facility; determination of measures of responsibility for violations of security rules and the procedure for resolving controversial and conflict situations on information security issues.

The legal aspects of organizational and legal support for information protection are understood as a set of laws and other regulatory legal acts with the help of which the following goals would be achieved: all information protection rules are mandatory for compliance by all persons related to confidential information; all measures of liability for violation of information protection rules are legitimized;

technical and mathematical solutions to issues of organizational and legal support for information protection are legitimized (acquiring legal force), as well as procedural procedures for resolving situations that arise during the functioning of the protection system are legitimized.

The development of a legislative framework for information security of any state is a necessary measure that satisfies the primary need for information protection when determining the socio-economic, political, and military directions of development of this state. Particular attention on the part of Western countries to the formation of such a database is caused by all crimes, which forces them to seriously address issues of information protection legislation. Thus, the first law in this area in the USA was adopted in 1906, and by now there are already more legislative acts on the protection of information, liability for its disclosure and computer crimes.

Legal support for information protection in the Russian Federation is being developed in three areas: protection of individual rights to privacy, protection of state interests and protection of business and financial activities.

The structure of the regulatory framework on information security issues of the Russian Federation includes: the Constitution of the Russian Federation, constitutional federal laws, federal laws, decrees of the Government of the Russian Federation; departmental regulations, GOSTs, guidance documents. Among the federal laws are:

informatization and information protection”, “On the legal protection of programs for electronic computers and databases”, “On participation in international information exchange”, “On communications”, “On trade secrets”, etc.

Chapter II. Threats to information security in activities In the second chapter factors, conditions and phenomena that are or may be sources of threats to information security in the activities of internal affairs bodies are analyzed.

crime" - is devoted to the study of the mechanisms of criminal influence, forecasting and assessment of criminal situations.

has led to the fact that modern society is highly dependent on the management of various processes through computer technology, electronic processing, storage, access and transmission of information. According to information from the Bureau of Special Technical Events of the Russian Ministry of Internal Affairs, more than 14 thousand crimes related to high technology were recorded last year, which is slightly higher than the year before. Analysis of the current situation shows that about 16% of criminals operating in the “computer” sphere of crime are young people under the age of 18, 58% are from 18 to 25 years old, and about 70% of them have higher or incomplete higher education .

Studies have shown that 52% of identified offenders had special training in the field of information technology, 97% were employees of government agencies and organizations using computers and information technology in their daily activities, 30% of them were directly related to the operation of computer equipment.

According to unofficial expert estimates, out of 100% of criminal cases initiated, about 30% go to trial and only 10-15% of defendants serve their sentences in prison. Most cases are reclassified or dropped due to insufficient evidence. The real state of affairs in the CIS countries is a matter of fantasy. Computer crimes are crimes with high latency, reflecting the existence in the country of a real situation in which a certain part of crime remains unaccounted for.

In the second paragraph - “Information terrorism: concept, legal qualification, means of counteraction” - a theoretical and legal analysis of the category “information terrorism” is carried out, the threats and methods of cyber terrorism are determined.

A serious danger to the entire world community is posed by the increasingly spreading technological terrorism, an integral part of which is information or cyber terrorism.

The targets of terrorists are computers and specialized systems created on their basis - banking, stock exchange, archiving, research, management, as well as means of communication - from satellites of direct television broadcasting and communications to radiotelephones and pagers.

The methods of information terrorism are completely different from traditional ones: not the physical destruction of people (or the threat thereof) and the liquidation of material assets, not the destruction of important strategic and economic objects, but large-scale disruption of financial and communication networks and systems, partial destruction of economic infrastructure and imposition on power structures of your own will.

The danger of information terrorism increases immeasurably in the context of globalization, when telecommunications acquire an exceptional role.

In the context of cyber terrorism, a possible model of terrorist influence will have a “three-stage” form: the first stage is the putting forward of political demands with the threat, if they are not met, to paralyze the entire economic system of the country (in any case, that part of it that uses computer technology in its work), the second is to carry out a demonstration attack on the information resources of a fairly large economic structure and paralyze its action, and the third is to repeat the demands in a more stringent form, relying on the effect of a demonstration of force.

A distinctive feature of information terrorism is its low cost and difficulty of detection. The Internet, which connected computer networks across the planet, changed the rules regarding modern weapons. The anonymity provided by the Internet allows a terrorist to become invisible and, as a result, virtually invulnerable and not risk anything (primarily his life) when carrying out a criminal act.

The situation is aggravated by the fact that crimes in the information sphere, which include cyber terrorism, entail significantly less punishment than for “traditional” crimes.

terrorist acts. In accordance with the Criminal Code of the Russian Federation (Article 273), creating computer programs or making changes to existing ones, destroying, blocking, modifying or copying information, disrupting the operation of a computer, computer system or their network, as well as the use or distribution of such programs or computer media with such programs is punishable by imprisonment for a maximum term of seven years.

For comparison, in the United States, laws punish unauthorized entry into computer networks with up to 20 years in prison.

terrorism is the creation of an effective system of interrelated measures to identify, prevent and suppress this type of activity. Various anti-terrorist bodies work to combat terrorism in all its manifestations. Developed countries of the world pay special attention to the fight against terrorism, considering it perhaps the main danger to society.

The third paragraph - “Information warfare: organizational and legal support for state counteraction to cyber crime” - discusses the concept, nature, means of conducting information warfare and ways to ensure effective information counteraction to crime.

Threats to the information security of the country, the sources of which are transnational communities, which in their totality and scale of impact cover the entire territory of the country and affect all spheres of society, necessitate the need to consider the struggle between organized crime and law enforcement agencies called upon to resist it, primarily internal affairs agencies, as an information one. a war, the main form of waging of which and its specific content is information warfare using information, computing and radio equipment, radio intelligence equipment, information and telecommunication systems, including space communication channels, geographic information systems and other information systems, complexes and means.

In the current state of crime, it is impossible to ensure information security in the activities of internal affairs bodies only through the use of protective equipment and mechanisms. In these conditions, it is necessary to conduct active offensive (combat) operations using offensive weapons in order to ensure superiority over crime in the information sphere.

The emergence and development of new large-scale phenomena in the life of the country and society, new threats to national security from the criminal world, which has modern information weapons at its disposal, and new conditions for the implementation of operational and official activities of internal affairs bodies, determined by the needs of waging information warfare against national and transnational basically organized crime, determine the need for appropriate legislative, state-legal regulation of relations in the field of information security of the state in general and internal affairs bodies in particular.

the implementation of law enforcement activities in the context of an information war against the criminal world is proposed, in particular:

Expand the range of powers of employees of internal affairs bodies in the Law of the Russian Federation “On the Police” in terms of special conditions for the use of information weapons in order to effectively combat organized crime in the event of direct threats to the information security of society and the state, as well as supplement the Concept of National Security of the Russian Federation and the Doctrine of Information Security Russian Federation regulations regarding the concept and conditions for the use of information weapons in the fight against cyber crime and cyber terrorism.

Chapter III. The main directions for improving the legal and organizational support for information security in the activities of internal affairs bodies; improving the legal regulation and organizational and managerial support for information security in the activities of internal affairs bodies.

The first paragraph - “State legal regulation in the field of combating computer crimes” - defines measures of passive and active counteraction to cyber crime.

The main measures of a state-legal nature to ensure information security, carried out, among other things, by internal affairs bodies, are proposed to include: the formation of a regime and security in order to exclude the possibility of secret penetration into the territory where information resources are located; determining methods of working with employees during the selection and placement of personnel; carrying out work with documents and documented information, including the development and use of documents and media of confidential information, their recording, execution, return, storage and destruction;

determining the procedure for using technical means of collecting, processing, accumulating and storing confidential information; creation of technology for analyzing internal and external threats to confidential information and developing measures to ensure its protection; implementation of systematic control over the work of personnel with confidential information, the procedure for recording, storing and destroying documents and technical media.

information security and the state information protection system allows us to highlight the most important powers of internal authorities; comprehensive protection of information resources, as well as the information and telecommunications structure of the state; prevention and resolution of offenses in the information sphere; protection of other important interests of the individual, society and state from external and internal threats.

The second paragraph - “Improving the regulatory framework for the protection of information of internal affairs bodies” - identifies directions and ways to improve legislation on the protection of information of internal affairs bodies.

The legal protection of information as a resource is recognized at the international and state levels. At the international level, it is determined by interstate treaties, conventions, declarations and is implemented by patents, copyright and licenses for their protection. At the state level, legal protection is regulated by state and departmental acts.

It is advisable to include the following as the main directions of development of Russian legislation in order to protect information of internal affairs bodies:

information infrastructure of internal affairs bodies to critically important ones and ensuring their information security, including the development of those objects used in the information infrastructure;

Improving the legislation on operational investigative activities in terms of creating the necessary conditions for conducting operational investigative activities in order to identify, prevent, suppress and solve computer crimes and crimes in the area of the use by internal affairs bodies of information about the private life of citizens, information constituting personal, family, official and commercial secrets; clarifying the composition of operational investigative measures;

Strengthening liability for crimes in the field of computer information and clarifying the elements of crimes taking into account the European Convention on Cyber Crime;

Improving criminal procedural legislation in order to create conditions for law enforcement agencies to ensure the organization and implementation of prompt and effective counteraction to crime, carried out using information and telecommunication technologies to obtain the necessary evidence.

The third paragraph - “Organizational, managerial and legal mechanism for protecting information in the activities of internal affairs bodies: ways of further development” - discusses the main directions for improving the organizational and legal aspects of information protection in the activities of internal affairs bodies.

Organizational and managerial measures are a decisive link in the formation and implementation of comprehensive information protection in the activities of internal affairs bodies.

When processing or storing information, internal affairs bodies, as part of protection against unauthorized access, are recommended to carry out the following organizational measures: identifying confidential information and documenting it in the form of a list of information to be protected; determining the procedure for establishing the level of authority of the access subject, as well as the circle of persons to whom this right is granted;

establishment and execution of access control rules, i.e. a set of rules regulating the access rights of subjects to objects of protection;

familiarization of the subject of access with the list of protected information and his level of authority, as well as with organizational, administrative and working confidential information; obtaining from the access object a receipt of non-disclosure of confidential information entrusted to him.

In accordance with the Law of the Russian Federation “On the Police”, to national reference and information funds for operational and forensic accounting. These functions are carried out by the information and technical units of the services of the Ministry of Internal Affairs of Russia in cooperation with units of the criminal police, public security police, penitentiary institutions, other law enforcement agencies, government agencies and organizations in charge of public security issues, as well as law enforcement agencies (police) of other states.

Information interaction in the fight against crime is carried out within the framework of the laws of the Russian Federation “On operational investigative activities”, “On security”, “On accounting and accounting activities in law enforcement agencies”, current criminal and criminal procedural legislation, international agreements of the Ministry of Internal Affairs of Russia in the field of exchange information, Regulations on the Ministry of Internal Affairs of Russia, orders of the Minister of Internal Affairs of Russia.

Research has shown that the conceptual provisions for ensuring information security for law enforcement agencies should include requirements for the transition to a unified regulatory framework governing the use of information in the fight against crime. At the same time, in the system of the Ministry of Internal Affairs, instead of a large group of departmental acts, it is proposed to introduce three groups of regulatory documents on information support: sectoral, general use; sectoral, along service lines; regulatory and legal documentation of the local government level on local applied problems of information support of the territorial internal affairs body.

ways to further improve the mechanism for ensuring information security in the activities of internal affairs bodies are outlined.

1. Velichko M.Yu. Current issues in the fight against cybercrime:

legal aspects / M.Yu. Velichko // Legal world. - 2007. - No. 8. – P.87- (0.4 p.p.).

2. Velichko M.Yu. Information security in the activities of internal affairs bodies: Scientific. ed. / M.Yu. Velichko. - M.: Publishing house INION RAS, 2007. – 130 p. (8.125 p.l.).

security in the activities of internal affairs bodies (theoretical and legal aspect) / M.Yu. Velichko // Anti-money laundering:

Sat. scientific works - M.: RIO AEB Ministry of Internal Affairs of Russia, 2007. – P.132-136 (0.275 p.p.).

4. Velichko M.Yu. Computer crimes on the Internet / M.Yu.

Velichko // Current issues in the theory and practice of operational investigative activities of internal affairs bodies in the fight against economic crimes: Coll. scientific works - M.: RIO AEB Ministry of Internal Affairs of Russia, 2007. – P.220p.p.).

Institutional, economic and legal foundations of financial investigations in the fight against terrorism: Coll. scientific works - M.: RIO AEB Ministry of Internal Affairs of Russia, 2006. – P.205-218 (0.8 p.p.).

6. Velichko M.Yu. Possible threats to economic security during the informatization of society / M.Yu. Velichko // Problems of ensuring economic security, countering the shadow economy and undermining the economic foundations of terrorism: Coll. scientific report – M.: RIO AEB Ministry of Internal Affairs of Russia, 2005. – P.192-199 (0.45 p.p.).

Similar works:

“Obukhova Natalya Igorevna STATE POLICY AND REALITIES OF DEVELOPMENT OF HIGHER AND SECONDARY SPECIALTY EDUCATION IN UDMURTIA IN THE POST-WAR DECADE (1946-1956) Specialty 07.00.02 - domestic history ABSTRACT of the dissertation for the academic degree of a candidate historical sciences Izhevsk - 2003 Work carried out at the Institute for Advanced Training of Teachers Udmurt Republic Scientific supervisor: Doctor of Historical Sciences, Professor - K. A. Ponomarev Official..."

“FARRAHOVA Aigul Yurisovna PEDAGOGICAL CONDITIONS FOR ORGANIZING JOINT EDUCATIONAL ACTIVITIES FOR CHILDREN WITH DIFFERENT STATES OF PHYSICAL HEALTH 13.00.01 – general pedagogy, history of pedagogy and education ABSTRACT of the dissertation for the scientific degree of candidate of pedagogical sciences Izhevsk – 2004 The work was carried out at the state educational institution of higher professional education Bashkir State Medical University Scientific director...”

“Pozdeev Igor Leonidovich Problems of ethnic socialization (using the example of the Udmurt ethnos) Specialty - 07.00.07 - ethnography, ethnology, anthropology Abstract of the dissertation for the degree of candidate of historical sciences Izhevsk - 2005 The work was completed at the Udmurt Institute of History, Language and Literature of the Ural Branch of the Russian Academy Sciences Scientific supervisor: Doctor of Historical Sciences, Professor Galina Arkadyevna Nikitina Official opponents: Doctor...”

“Ibneeva Guzel Vazykhovna The formation of the imperial policy of Russia in the second half of the 18th century: the experience of political interaction between Catherine II and the imperial space Specialty 07.00.02 – Domestic history Abstract of the dissertation for the degree of Doctor of Historical Sciences Kazan - 2007 The work was completed at the Department of Russian History before the 20th century century of the State educational institution of higher professional education Kazan State..."

“TUMAKOV Denis Vasilievich CRIMINAL CRIME AND THE FIGHT AGAINST IT DURING THE GREAT PATRIOTIC WAR 1941-1945. (BASED ON MATERIALS OF THE YAROSLAV REGION) Specialty 07.00.02 – Domestic history ABSTRACT of the dissertation for the academic degree of Candidate of Historical Sciences Yaroslavl-2010 2 The dissertation was completed at the Department of Contemporary Domestic History of Yaroslavl State University. P.G. Demidova Doctor of Historical Sciences, Professor Scientific supervisor: Fedyuk...”

“historical research ABSTRACT of the dissertation for the degree of candidate of historical sciences Kazan 2006 The work was carried out at the Center for the History of Russian Feudalism of the Institute of Russian History of the Russian Academy of Sciences. Scientific supervisor: Doctor of Historical Sciences, V. n. With. Institute of Russian History RAS Bychkov..."

“Klimutina Anna Sergeevna POETICS OF ANATOLY KOROLEV’S PROSE: TEXT AND REALITY Specialty 10.01.01 – Russian literature Abstract of the dissertation for the degree of candidate of philological sciences Tomsk - 2009 The work was completed at the Department of History of Russian Literature of the 20th Century, Tomsk State University. Scientific supervisor: Candidate of Philological Sciences, Associate Professor Tatyana Leonidovna Rybalchenko Official opponents: Doctor of Philological Sciences, Professor...”

“VODKIN MIKHAIL YURIEVICH Problems of reception of Roman property law in European codifications of the 19th-20th centuries. Specialty: 12.00.01 - Theory and history of law and state; history of doctrines about law and state Abstract of a dissertation for the degree of candidate of legal sciences Kazan, 2007 The work was carried out at the Department of Theory and History of State and Law of the Municipal Educational Institution Nayanova University, Samara. Scientific supervisor: doctor...”

“Gumirova Nadezhda Mikhailovna Organizational and pedagogical conditions for the formation of readiness of college students for correctional work in preschool educational institutions Specialty 13.00.01 General pedagogy, history of pedagogy and education Abstract of the dissertation for the degree of candidate of pedagogical sciences Tomsk - 2008 4 The work was completed at the Institution of the RAO Institute of Development educational systems Scientific supervisor: Doctor of Pedagogical Sciences,...”

“TUKTAROVA Roza Ibragimovna PEDAGOGICAL CONDITIONS FOR HUMANIZATION OF THE LIFE-PEDAGOGICAL EDUCATIONAL SPACE OF FUTURE FIRST-GRADE STUDENTS 13.00.01 – general pedagogy, history of pedagogy and education ABSTRACT of the dissertation for the scientific degree of candidate of pedagogical sciences Izhevsk 200 4 The work was carried out at the state educational institution of higher professional education Bashkir State Pedagogical University candidate pedagogical sciences,...”

“MAXIMOVA SVETLANA NIKOLAEVNA DEVELOPMENT TRENDS OF TEACHING ANCIENT LANGUAGES IN THE RUSSIAN CLASSICAL GYMNASIUM XIX - EARLY XX CENTURIES 13.00.01 - general pedagogy, history of pedagogy and education ABSTRACT of the dissertation for the degree of candidate of pedagogical sciences Izhevsk 2002 The work was carried out at the Department of Pedagogy and Educational Psychology of the Udmurt State university. Scientific supervisor: Candidate of Pedagogical Sciences, Associate Professor Kondratyeva Marina...”

“Abstract of the dissertation for the degree of candidate of legal sciences Kazan - 2007 2 The work was completed at the Department of Theory and History of State and Law of the State Educational Institution of Higher Professional Education Kazan State University. IN AND. Ulyanova-Lenina Scientific supervisor:...”

“Bayazitova Rozalia Rafkatovna Traditional etiquette in a Bashkir family Specialty 07.00.07 - ethnography, ethnology, anthropology Abstract of the dissertation for the degree of candidate of historical sciences Izhevsk - 2006 The work was carried out in the Department of Ethnography and Anthropology of the Order of the Badge of Honor of the Institute of History, Language and Literature of the Ufa Scientific Center Russian Academy of Sciences Scientific supervisor – Candidate of Historical Sciences, Honored Worker of Culture of the Republic...”

“Markunin Roman Sergeevich LEGAL RESPONSIBILITY OF DEPUTY AND REPRESENTATIVE AUTHORITY: GENERAL THEORETICAL ASPECT 12.00.01 - theory and history of law and state; history of doctrines about law and state ABSTRACT of the dissertation for the degree of candidate of legal sciences Saratov - 2013 2 The work was carried out at the Federal State Budgetary Educational Institution of Higher Professional Education Saratov State Law Academy...”

“Kalachikova Olga Nikolaevna MANAGERIAL SUPPORT OF EDUCATIONAL INNOVATIONS IN THE ACTIVITIES OF TEACHERS OF GENERAL EDUCATION SCHOOL 13.00.01 – general pedagogy, history of pedagogy and education Abstract of the dissertation for the academic degree of candidate of pedagogical sciences Tomsk 2009 The work was completed at the Department of Educational Management of the State Educational Institution of Higher Professional Education Tomsk State University Doctor of Pedagogical Sciences, Professor Scientific supervisor Prozumentova Galina Nikolaevna Doctor...”

“SALIMOVA SULPAN MIDKHATOVNA Implementation of the principle of natural conformity in the preparation of a future teacher 13.00.01 - general pedagogy, history of pedagogy and education ABSTRACT of the dissertation for the degree of candidate of pedagogical sciences Izhevsk - 2005 The work was carried out at the state educational institution of higher professional education of the Sterlitamak State Pedagogical Academy Scientific supervisor: Doctor of Pedagogical Sciences, Professor Kozlova..."

“Zolotareva Natalya Vladimirovna THE PHENOMENON OF ANTHROPOMORPHISATION IN THE TRADITIONAL CULTURE OF THE OB UGRICS (XVIII – XX centuries) Specialty 07.00.07 – Ethnography, ethnology and anthropology ABSTRACT of the dissertation for the degree of candidate of historical sciences Tomsk 2012 The work was completed at the department of museology, cultural and natural heritage of the Federal State budgetary educational institution of higher professional education National Research..."

“Strelkova Irina Vitalievna Formation of philological culture of students in educational activities 13.00.01 - general pedagogy, history of pedagogy and education ABSTRACT of the dissertation for the academic degree of candidate of pedagogical sciences Izhevsk 2004 The work was completed at the State Educational Institution of Higher Professional Education Udmurt State University Scientific supervisor: Doctor of Pedagogical Sciences, Professor A .N. Utekhina Official opponents: Doctor of Pedagogical Sciences, Professor M.A. Kondratieva;..."

"historical research ABSTRACT of the dissertation for the degree of candidate of historical sciences KAZAN - 2006 2 The work was carried out at the Department of Russian History up to the 20th Century, Faculty of History, State Educational Institution of Higher Professional Education, Kazan State..."

“Strelnikova Anna Borisovna F. SOLOGUB – TRANSLATOR OF P. VERLENA’S POETRY Specialty: 01/10/01 – Russian literature Abstract of the dissertation for the academic degree of candidate of philological sciences Tomsk - 2007 The work was completed at the Department of the History of Russian Literature of the 20th Century, Faculty of Philology, State Educational Institution of Higher Professional Education, Tomsk State University, Candidate Philological Sciences, Associate Professor Scientific supervisor: Zinaida Anatolyevna Chubrakova Official opponents: Doctor of Philology...”

480 rub. | 150 UAH | $7.5 ", MOUSEOFF, FGCOLOR, "#FFFFCC",BGCOLOR, "#393939");" onMouseOut="return nd();"> Dissertation - 480 RUR, delivery 10 minutes, around the clock, seven days a week and holidays

Velichko Mikhail Yurievich. Information security in the activities of internal affairs bodies: theoretical and legal aspect: theoretical and legal aspect: dissertation... Candidate of Legal Sciences: 12.00.01 Kazan, 2007 185 pp., Bibliography: p. 160-185 RSL OD, 61:07-12/1711

Introduction

CHAPTER I Theoretical and legal foundations of information security

1. Information security in the national security system: nature, essence, place in the categorical apparatus of the general theory of law

2.0regulatory and legal support for information security

CHAPTER 2. Threats to information security in the activities of internal affairs bodies

1. Computer and telecommunication crime 57

2. Information terrorism: concept, legal qualification, means of counteraction

3. Information war: organizational and legal support for state counteraction to cyber crime

CHAPTER 3. Main directions for improving the legal and organizational support of information security in the activities of internal affairs bodies

1. State legal regulation in the field of combating computer crimes 96

2. Improving the regulatory framework for the protection of information of internal affairs bodies 115

3. Organizational, managerial and legal mechanism for protecting information in the activities of internal affairs bodies: ways for further development 127

Conclusion 153

List of used literature 1()0

Introduction to the work

Relevance of the dissertation research topic. As a result of the implementation of socio-economic transformations over the past years, society and public relations in Russia have moved to a qualitatively new state, characterized, in particular, by a strong merging of government bodies, business organizations and criminals, which dictates an urgent need to revise the functions and tasks of law enforcement agencies and security agencies national security, economic security and law enforcement forces.

All this requires serious reflection and the development of new mechanisms for organizing the fight against national and transnational crime.

A number of studies note that the problem of ensuring the protection of information is often narrowed to the problem of ensuring the protection of only computer information. So, O.V. The State Tax Service rightly believes that in order to implement an effective approach, an interconnected consideration of a number of aspects of information security is necessary1.

State of knowledge of the problem. Issues of state regulation in the information sphere began to be addressed to a significant extent in scientific publications only in the second half of the 20th century, when the international exchange of scientific and technical achievements began to develop at an accelerated pace. The following domestic scientists made a great contribution to the area under consideration: V.D. Anosov, A.B. Antopolsky, G7G. Artamonov, P.I. Asyaev, Yu.M Baturin, IL. Bachilo, M. Boer, A.B. Vengerov, M.I., Dzliev, G.L. Emelyanov, I.F. Ismagilov, V.A. Kopylov, V.A. Lebedev, V.N., Lopatin, G.G. Pocheptsov, M.M. Rassolov, I.M. Rassolov, A.A. Streltsov, A.D. Ursul, A.A. Fatyanov, AL. Fisun and others. Among foreign scientists in this direction, one can note the works of R. Goldscheider, I, Gerard, J. Mayer, B. Marcus, J. Romary, S. Philips and others.

The purpose and objectives of dissertation research. The purpose of the study is to clarify the theoretical and legal provisions, methodological principles for ensuring information security of internal affairs bodies, information warfare and effective information counteraction to criminal structures using legal and law enforcement mechanisms.

In accordance with the formulated goal, the following tasks were set in the work:

Determine ways to improve legal mechanisms for information protection, organizational measures and management decisions to combat computer crimes; - to identify the role of legal and organizational mechanisms for protecting information in information support systems for the activities of internal affairs bodies;

Develop proposals for the formation of organizational and legal mechanisms to ensure information security of internal affairs bodies.

The object of the dissertation research is information security of internal affairs bodies.

The subject of the study is the legal, organizational and managerial mechanisms for ensuring information security of internal affairs bodies.

The theoretical and methodological basis of the dissertation research was the theoretical and methodological developments of domestic and foreign scientists on the problems of national, economic and information security, and information protection.

The study is based on a systematic methodology developed by V.N. Anischepko, B.V., Akhlibininsky, L.B. Bazhenov, R.N. Bayguzin, B.V. Biryukov, V.V. Bor dyuzhe, V.V. Verzhbitsky, P.G. Vdovichenko, V.A. Galatenko, A.P. Gerasimov, I.I. Grishkin, D.I. Dubrovsky, N.I., Zhukov, A.M. Korshunov, K.E., Morozov, I.B. Novik, L.A. Petrusheiko, M.I. Setrov, A.D. Ursul, G.I. Tsarsgorodtsev and others.

The theoretical and legal basis of the dissertation research was the works of scientists in the field of criminal law, criminology, computer science theory of law, including the works of: S.S. Alekseeva, I.O.M. Baturina, N.I. Vetrova, V.E. Vekhova, B.V. Zdravomyslova, V.V. Krylova, V.N. Kudryavtseva, Yu.I. Lyapunova, A, V. Naumova, S.A. Pashina7 A.A. Piontkovsky, N.A. Selivanova, A.R Trainipa, O.F. Shishova.

When conducting the research, dialectical, formal legal, comparative legal, abstract logical, analytical and systemic methods, as well as the method of expert assessments were used; methods of applied, special disciplines (criminal law, statistics, computer science, information security theory) were widely used.

The scientific novelty of the dissertation research is determined by a comprehensive analysis of the legal and organizational mechanisms for ensuring information security of internal affairs bodies.

The scientific novelty of the study lies in the formulation of the problem and the choice of the range of issues to be considered. This dissertation is the first work in domestic legal science devoted to a comprehensive study of the legal and organizational foundations of information security of law enforcement agencies of the Russian Federation, the basis of which is formed by the internal affairs bodies of the Ministry of Internal Affairs of Russia. For the first time, it analyzes modern threats to national security in the information sphere emanating from organized national and transnational crime, corruption, terrorism, extremism and the criminal economy, and substantiates the role and place of information security in the overall system of ensuring national security. For the first time, a comprehensive analysis of the goals, objectives, functions and powers of internal affairs bodies in the field of combating computer crimes and cyber terrorism, ensuring information security in operational activities was carried out. Based on an interconnected assessment of the state of the operational situation and the nature of crimes in the information sphere, the scale, forms, methods and means of information counteraction to law enforcement agencies from crime, the position is substantiated that the internal affairs bodies are in a state of information war against various types of crime, primarily organized and economic. Proposals have been formulated on areas for improving state legal regulation of relations in the field of ensuring information security of internal affairs bodies and developing current legislation.

The practical significance of the results of the dissertation research lies in their focus on solving the problems facing the internal affairs bodies to ensure law and order, the security of the state, society and the individual.

The theoretical principles obtained during the study, the conclusions formulated and practical recommendations can contribute to the implementation of a coordinated state policy in the field of ensuring national and information security, the gradual improvement of state-legal regulation of relations between internal affairs bodies in the field of information protection, combating computer crime and cyber terrorism.

Provisions submitted for defense. In the process of research, a number of new theoretical provisions were obtained that are put forward for defense:

In modern conditions, information security of society, state and individual is, along with other types of security, including economic, the most important component of national security.

In the current state of crime, which is basically large-scale and organized, covers entire regions and even the entire territory of the country, going beyond its borders, has great opportunities for access to information means and weapons, their expansion and use in their illegal activities, it is impossible ensure information security of internal affairs bodies only through the use of protective mechanisms. In these conditions, it is necessary to conduct active offensive (combat) operations using all types of information weapons and other offensive means in order to ensure superiority over crime in the information sphere.

The internal affairs bodies of the Ministry of Internal Affairs of Russia are in a state of information war with both national and transnational criminal communities, the specific content and main form of which is information warfare using information, computing and radio means, electronic intelligence equipment, information and telecommunication systems, including space channels communications, geographic information systems and other information systems, complexes and tools.

The evolution of the legal regime, organizational foundations and the actual activities of internal affairs bodies to ensure information security, combat computer crimes and cyber terrorism were greatly affected by changes in the political and socio-economic situation of the country. The developed and implemented approaches to the “forceful” provision of law and order and security in conditions of high activity of organized criminal communities require a radical rethinking of existing views and the development of new conceptual approaches to the problem of state-legal regulation of relations in the field of information security and combating such new phenomena as cyber crime and cyber terrorism for the purpose of ensuring national security.

The general social nature of the activities of internal affairs bodies, the need for clear legal regulation of their activities in the special conditions of waging an information war against large-scale organized crime, require the creation of an appropriate state legal regime and its reflection in fundamental political and regulatory legal documents. Therefore, it seems logical to supplement the Concept of National Security and the Doctrine of Information Security of the Russian Federation, the Law of the RSFSR “On Security” with provisions regarding the concept of “information warfare” and the conditions for the use of information weapons in the fight against cyber crime and cyber terrorism, as well as expanding the range of powers of internal affairs officers cases in the law of the RSFSR “On the Police” regarding the special conditions for the use of information weapons in order to effectively combat organized crime in the event of direct threats to the information security of society and the state - Approbation of the results of the dissertation research. A number of provisions of this work were discussed at the scientific and practical conference “Institutional, economic and legal foundations of financial investigations in the fight against terrorism” (Academy of Economic Security of the Ministry of Internal Affairs of Russia, 2006), the interdepartmental round table “Current problems of legislative regulation of operational investigative activities of law enforcement agencies” and the interdepartmental scientific conference “Topical issues of the theory and practice of operational investigative activities of internal affairs bodies to combat economic crimes”, the All-Russian scientific and practical conference “Combating the legalization of criminal proceeds: problems and ways to solve them” (Academy of Economic Security of the Ministry of Internal Affairs of Russia and the All-Russian Scientific -Research Institute of the Ministry of Internal Affairs of Russia, 2007). The dissertation research material was used in the preparation of specialized lectures on the problems of liability for committing crimes in the field of computer information at advanced training courses for authorities to combat economic crimes.

The main provisions and conclusions of the dissertation are presented in six scientific publications.

Scope and structure of dissertation research. The structure and scope of the dissertation are determined by the purpose and objectives of the research. It consists of an introduction, three chapters combining eight paragraphs, a conclusion and a list of references.

Information security in the national security system: nature, essence, place in the categorical apparatus of the general theory of law

Modern realities require a new approach to ensuring national security, in which information security is beginning to play an increasingly important role. Such trends have been developing since the 80s of the last century and are caused by scientific and technological progress in the field of information technology, global telecommunications systems, and communications.

The basic concepts in the field of information security include: “information”, “information sphere” and “information security”1.

Let us present only two approaches to the definition of the concept “information”. The first approach boils down to the following. In philosophical literature, “information” is revealed as “one of the most general concepts of science, denoting some information, a collection of any data, knowledge, etc.”2. It is noted that the very concept of “information” usually presupposes the presence of at least three objects: a source of information, a consumer of information and a transmitting medium.

Information cannot be transmitted, received or stored in pure form. The carrier of information is the message. It follows that the concept of “information” includes two main elements: information and messages. The entire set of information accumulated by a person can be presented in the form of a certain “knowledge base”, which contains images that arise as a result of awareness of received messages, sensations caused by these images, emotional and pragmatic assessments of these images. Certain associative relationships can be established between “base” objects. The totality of images, sensations, and assessments retained by a person with established associative relationships between them forms knowledge4.

The amount of information a person has in the form of information can be measured by the number of accumulated sensations, images, assessments and associative relationships between them. The more of these sensations, images and assessments, the more information a person has. Accordingly, the amount of information coming to a person through a message can be measured by the number of new objects of the “base” (sensations, images, assessments, relationships between elements of the “base”) that appear as a result of awareness of the message.

The value of information, manifested in the form of information, is determined by the subjective importance of the task for which the information can be used, as well as the influence that the information had on solving the problem. This influence can be expressed in a change in the conceptual model of the problem, priorities between possible options for solving it, and in assessing the feasibility of solving the problem in general.

Information that comes to a person in the form of information has a number of properties: ideality - existence only in the human mind and, as a result, the impossibility of perception by the senses; subjectivity - the dependence of the quantity and value of information on the information model of the subject receiving the information; information ieuiichtozhayelyustyo - the impossibility of destroying information by other information received by a person; dynamism - the possibility of changing the value of existing information and knowledge under the influence of time and other incoming information; and accumulation - the possibility of practically unlimited accumulation of information in the human information model5.

The ability to receive, accumulate and use information in the form of information to support life activities is a property of all living objects, however, the volume and content of the functions performed with their use differ significantly among different classes of these objects. Thus, it can be assumed that only humans perform the goal-setting function.

The concept of “message” is often defined as “a coded equivalent of an event, recorded by a source of information and expressed using a sequence of conventional physical symbols (alphabet) forming some ordered set.”

From the point of view that interests us, messages are used primarily to convey information to other people and constitute the essence of the representative side of information or its representative form. Information in the form of a message appears as a realization of a person’s ability to describe information in a certain language, which is a set of vocabulary and grammar.

A person, when forming a message, identifies a part of his information model that he wants to convey, establishes relationships between its elements and concepts known to him. With the help of language in a certain alphabet, he encodes concepts, resulting in a systematized set of signs that can be transmitted to other people, i.e., the content side of the information is objectified and the corresponding information becomes accessible to perception by the senses.”

Perceiving a message, a person establishes relationships between the set of letters and signs that make it up and the concepts known to him, and then - images, sensations, assessments, associative relationships, i.e., transforms the representative form of information into its meaningful form7"

Based on this, a message can be represented as a set of transmitted information and the order (algorithms) of encoding it into a set of message characters and decoding it into information. Without an encoding algorithm, a message simply turns into a set of characters.

A person as a source of information can exchange messages with a technical system only if it contains a certain algorithm for decoding the transmitted set of characters, their subsequent processing, as well as an encoding algorithm for transmitting a response message to the human consumer.

The transformation of information from information into messages and from messages into information is the essence of the general law of circulation of information.

Information in the form of a message has a number of properties, which include: materiality - the ability to influence the senses; measurability - the possibility of quantitative assessment of communication parameters (the number of characters that make up the message); complexity - the presence of a set of characters and algorithms for their encoding and decoding; problem orientation - the content of information related to one of the tasks of human activity8. Information in the form of messages is most often studied from technical, semantic and pragmatic points of view. From a technical point of view, messages are of interest as an object of transmission over communication channels. At the same time, issues of reliability, stability, efficiency, range, noise immunity of message transmission, and in some cases, transmission secrecy are studied, as well as principles and methods for designing message transmission systems and means of protecting them from unauthorized access.

Computer and telecommunications crime

The development of information and telecommunication technologies has led to the fact that modern society is highly dependent on the management of various processes through computer technology, electronic processing, storage, access and transmission of information. According to information from the Bureau of Special Technical Events (BSTM) of the Russian Ministry of Internal Affairs, last year more than 14 thousand crimes related to high technology were recorded in Russia, which is slightly higher than the year before. The structure of cyber crime also did not undergo major changes: it was mainly associated with unauthorized access to computer information. An analysis of the current situation shows that about 16% of criminals operating in the “computer” sphere of crime are young people under the age of 18, 58% are from 18 to 25 years old, and about 70% of them have higher or incomplete higher education . Research conducted by the Computer Crime Research Center showed that 33% of attackers were under 20 years old at the time of the crime; 54% - from 20 to 40 years; 13% were over 40 years old. Crimes related to illegal access to computers are committed 5 times more often by males. Most of the subjects of such crimes have higher or incomplete higher technical education (53.7%), as well as other higher or incomplete higher education (19.2%). But recently, the proportion of women among them has been constantly increasing. This is due to the professional orientation of some specialties and jobs aimed at women (secretary, accountant, economist, manager, cashier, controller, etc.), equipped with computers and having access to the Internet1.

Studies have shown that 52% of identified offenders had specialized training in information technology; 97% were employees of government agencies and organizations using computers and information technologies in their daily activities; 30% of them were directly related to the operation of computer equipment.

According to Russian legislation, acts provided for in Article 272 of the Criminal Code are punishable by a fine in the amount of two hundred to five hundred times the minimum wage; or in the amount of wages; or other income of the convicted person for a period of two to five months; or correctional labor for a period of six months to one year; or imprisonment for a term of up to two years. The same act, with aggravating consequences, is punishable by restriction of freedom for a term of up to five years. According to unofficial expert estimates, out of 100% of criminal cases initiated, about 30% go to trial and only 10-15% of defendants serve their sentences in prison. Most cases are reclassified or dropped due to insufficient evidence. The real state of affairs in the CIS countries is a question from the realm of science fiction. Computer crimes are classified as high latency crimes. Latency is a sign that reflects the existence in the country of a real situation where a certain part of crime remains unaccounted for. In all states, actual crime exceeds the number of crimes recorded by 59 law enforcement agencies. In this regard, practice shows that information based on statistical display is distorted and does not always correspond to reality. Latent (hidden) crime remains outside the boundaries of accounting, the so-called “dark figure” of crime. The presence of latent crime can cause serious, far-reaching negative consequences. The main reasons for the artificial latency of computer crime, first of all, include the reluctance of the injured party (enterprise, institution, organization or individual citizens) to report criminal attacks on their computer systems to law enforcement agencies3.

Considering the still weak judicial practice in cases of computer crimes, one can only guess about the level of special training of the majority of judges who, being good lawyers, have little understanding of the intricacies of information technology and for whom, for example, a computer system or computer information is something incomprehensible and distant. Evidence related to computer crimes that is seized from a crime scene can be easily altered, both as a result of errors during its seizure and during the research process itself. Presentation of such evidence in court proceedings requires special knowledge and appropriate preparation. Of course, both the prosecution and the defense must have special knowledge.

The most punishable element of computer crimes is Article 272 of the Criminal Code of the Russian Federation. As an example, let us cite the case of the St. Petersburg international criminal group, which hacked the websites of Western bookmakers and demanded significant sums from their owners to stop the attacks. The suspects managed to obtain hundreds of thousands of dollars in this way. In parallel with the St. Petersburg operatives, a number of arrests of hackers were carried out by the internal affairs bodies of Saratov and Stavropol. The alleged criminals, who had “colleagues” abroad, acted according to the same scheme. Shortly before the start of important sporting events, when bookmakers were taking bets on wins and losses most actively, “black” computer scientists hacked into the servers. British companies suffered the greatest losses; their websites were idle offline from several hours to several days. Then system administrators received letters demanding to transfer certain amounts to the hackers - up to $40 thousand in exchange for stopping the attacks. English bookmakers contacted Interpol. The first 10 attackers were detained in Riga. Further, through their testimony and with the help of financial structures involved in the transfer of money, it was possible to detain the Russian members of the group. Law enforcement agencies from Russia, Great Britain, Australia, the USA, Canada and the Baltic republics took part in the joint operation to develop an organized criminal group.

Not so long ago in Moscow, employees of the Directorate “K” of the Ministry of Internal Affairs of Russia completely suppressed the activities of a large organized criminal group, which for several years had been engaged in the manufacture and sale of special technical devices intended for secretly obtaining information from technical telecommunication channels, including computer information circulating in computer system.

The main problem is not that the Criminal Code of the Russian Federation is incomplete, but that more often the defense turns out to be more prepared than the prosecution, that law enforcement agencies at the initial stage of the investigation, when conducting an inspection of the crime scene, still make many investigative errors, and forensically significant information is lost. Information and, ultimately, the criminal case simply “scatters” before reaching the court.

There are very few trials in criminal cases related to computer crimes; as a result, there is no judicial practice yet, so judges do not have the necessary training. But this is yesterday and while today, tomorrow the situation will change.

State legal regulation in the field of combating computer crimes

An important area of ensuring information security is determining the system of bodies and officials responsible for ensuring information security in the country. The basis for the creation of a state system of organizational and legal support for information protection is the currently created state system of information protection, which is understood as a set of federal and other governing bodies and interrelated legal, organizational and technical measures carried out at various levels of management and implementation of information relations and aimed at ensuring the security of information resources.

The interests of the state in the information sphere are to create conditions for the harmonious development of the Russian information infrastructure, for the implementation of the constitutional rights and freedoms of man and citizen in the field of obtaining information and using it in order to ensure the inviolability of the constitutional system, sovereignty and territorial integrity of Russia, political, economic and social stability, in the unconditional provision of law and order, in the development of equal and mutually beneficial international cooperation.

The main body coordinating the actions of government agencies on information security issues is the Interdepartmental

97 commission for the protection of state secrets, created by Decree of the President of the Russian Federation of November 8, 1995 No. 11082. It operates within the framework of the State system for protecting information from leakage through technical channels, the Regulations of which were put into effect by Decree of the Government of the Russian Federation of September 15, 1993 No. 912-513. This Resolution defines the structure, tasks and functions, as well as the organization of work on information protection in relation to information constituting state secrets. The main task of the State Information Protection System is to implement a unified technical policy, organize and coordinate work on the protection of information in the defense, economic, political , scientific, technical and other spheres of activity of the country.

The general organization and coordination of work in the country to protect information processed by technical means is carried out by the Federal Service for Technical and Export Control (FSTEC of Russia), which is a federal executive body that implements state policy, organizes interdepartmental coordination and interaction, special and control functions in the field of state security on the following issues in the field of information security: . ensuring the security of information in information and telecommunications infrastructure systems that have a significant impact on the security of the state in the information sphere; # countering foreign technical intelligence on the territory of the Russian Federation; ensuring protection (by non-cryptographic methods) of information containing information constituting state secrets, other information with limited access, preventing its leakage through 98 technical channels, unauthorized access to it, special influences on information (information media) for the purpose of its extraction, destruction, distortion and blocking access to it on the territory of the Russian Federation; protection of information during the development, production, operation and disposal of non-information emitting complexes, systems and devices. The main tasks in the field of ensuring information security for the FSTEC of Russia are: implementation, within its competence, of state policy in the field of ensuring information security in key information infrastructure systems, countering technical intelligence and technical protection of information; implementation of state scientific and technical policy in the field of information protection in the development, production, operation and disposal of non-information emitting complexes, systems and devices; - organization of the activities of the state system for countering technical intelligence and technical protection of information at the federal, interregional, regional, sectoral and facility levels, as well as management of the said state system; implementation of independent legal regulation of issues: ensuring information security in key information infrastructure systems; countering technical intelligence; technical information protection; placement and use of foreign technical means of observation and control during the implementation of international treaties of the Russian Federation, other programs and projects on the territory of the Russian Federation, on the continental shelf and in the exclusive economic zone of the Russian Federation; coordination of the activities of 99 government bodies in preparing detailed lists of information subject to classification, as well as methodological guidance of these activities; ensuring, within its competence, the security of information in key information infrastructure systems, countering technical intelligence and technical protection of information in the apparatus of federal government bodies and government bodies of constituent entities of the Russian Federation, in federal executive authorities, executive authorities of constituent entities of the Russian Federation, local governments and organizations ; prosthetic development of forces, means and capabilities of technical intelligence, identification of information security; counteraction to the acquisition of information by technical intelligence means, technical protection of information;

Improving the regulatory framework for the protection of information of internal affairs bodies

The legal protection of information as a resource is recognized at the international, state level and is determined by interstate treaties, conventions, declarations and is implemented by patents, copyright and licenses for their protection. At the state level, legal protection is regulated by state and departmental acts.

In our country, such rules (acts, norms) are the Constitution and laws of the Russian Federation, civil, administrative, criminal law, set out in the relevant codes.

For failure to provide information to citizens, the chambers of the Federal Assembly of the Russian Federation and the Accounts Chamber of the Russian Federation (Articles 140 and 287), as well as for concealing information about circumstances that create a danger to the life or health of people (Article 237), the Criminal Code of the Russian Federation provides for liability24.

Responsibility in the current legislation is stipulated in the case of unlawful classification, violation of requirements for the composition of the information provided, non-publication of information, violation of the right of citizens to receive information free of charge, concealment (failure to provide) information about circumstances that pose a danger to the life or health of people, untimely provision of information, concealment of information , communication of false (inaccurate) information, restriction of the right to provide information, distortion of information, violation of free international information exchange25.

Protection of the right to access information can be carried out: in a form outside the jurisdiction (self-defense of one’s rights and legitimate interests); in a jurisdictional form (in an administrative or judicial manner), In an administrative manner - through the filing of a complaint by a person whose rights have been violated against an official (body) to a higher authority, a special body - the Judicial Chamber for Information Disputes under the President of the Russian Federation. In court - a person can choose any method of protecting violated rights by filing a claim (complaint) for consideration in civil, administrative or criminal proceedings.

When considering a claim in civil proceedings, the victim has the right to use the main methods of protecting civil rights provided for in Art. 12 of the Civil Code of the Russian Federation, including demanding: recognition of rights; termination of actions that violate the right or create a threat of its violation; invalidation of an act of a state body or local government body; restoration of rights; compensation for losses; compensation for moral damage.

Cases of possible administrative liability for violation of the right to access objective information are quite numerous. Thus, the Code of the Russian Federation on Administrative Offenses27 provides for administrative liability for: violation of the right of citizens to familiarize themselves with the voter list (Article 5L); production or distribution of anonymous propaganda materials (Article 5.12); deliberate destruction or damage to printed propaganda materials (Article 5L4); provision or non-publication of reports on the expenditure of funds for the preparation and conduct of elections (referendum) (Article 5.17); failure to provide or non-publication of information about voting results or election results (Article 5.25); failure to fulfill obligations to register transactions with harmful substances and mixtures in ship documents (Article 8.16); production or operation of technical equipment that does not comply with state standards or norms for permissible levels of radio interference (Article 13.8); failure to provide information to the federal antimonopoly authority (Article 19.8); failure to provide information for compiling lists of jurors (Article 17.6); failure to comply with the legal demands of the prosecutor (including the provision of information) (Article 17.7); failure to report information about citizens who are or are required to be registered with the military (Article 21.4): - violation of the procedure and deadlines for providing information about minors in need of foster care (Article 536); violation of the procedure for providing a legal copy of documents (Article 13.23); refusal to provide information to a citizen (Article 5.39); abuse of freedom of the media (Article 13.15); obstructing the distribution of mass media products (Article 13.16); obstructing the reception of radio and television broadcasts (Article 13.18); violation of the rules for distributing mandatory messages (Article 13.17).

Criminal liability in this area is provided for in the Criminal Code of the Russian Federation28 in the following articles: 140 (refusal to provide information to a citizen), 237 (concealment of information about circumstances that pose a danger to the life or health of people), 287 (refusal to provide information to the Federal Assembly of the Russian Federation or the Accounts Chamber of the Russian Federation).

Taking into account the established practice of ensuring information security, the following areas of information security are distinguished: legal - these are special laws, other regulations, rules, procedures and measures that ensure the protection of information on a legal basis; organizational - this is the regulation of production activities and relationships between performers on a legal basis, excluding or weakening the infliction of any damage to performers; engineering is the use of various technical means that prevent damage to commercial activities-9.

THE CONCEPT OF INFORMATION SECURITY OF ATS

We have already dwelled on the concept of information security, which in its most general form can be defined as a state of protection of the information needs of the individual, society and the state, which ensures their existence and progressive development regardless of the presence of internal and external information threats. Let us specify this concept in relation to the goals and objectives that law enforcement agencies face at the present stage. To do this, first of all, let’s turn to the generic concept – the concept of “security”.

Currently, security is an integral characteristic of progress, and the concept of security is one of the key ones when studying issues of optimizing human activity, including activities to combat crime.

Over the centuries, the concept of security has been repeatedly filled with different content and, accordingly, an understanding of its meaning. Thus, in ancient times, the understanding of security did not go beyond the ordinary concept and was interpreted as the absence of danger or evil for a person. In this everyday meaning, the term “security” was used, for example, by the ancient Greek philosopher Plato.

In the Middle Ages, security was understood as the calm state of mind of a person who considered himself protected from any danger. However, in this meaning, this term did not firmly enter the vocabulary of the peoples of Europe until the 17th century. rarely used.

The concept of “security” is becoming widespread in scientific and political circles of Western European countries thanks to the philosophical concepts of T. Hobbes, D. Locke, J.J. Rousseau, B. Spinoza and other thinkers of the 17th-18th centuries, meaning a state, a situation of calm that appears as a result of the absence of real danger (both physical and moral).

It was during this period that the first attempts to theoretically develop this concept were made. The most interesting version is that proposed by Sonnenfels, who believed that security is a state in which no one has anything to fear. For a specific person, this situation meant private, personal security, and the state of the state, in which there was nothing to fear, constituted public security.

Currently, security is traditionally understood as a state in which the vital interests of an individual, society, state and the international system are protected from any internal or external threat. From this point of view safety can be defined as the impossibility of causing harm to someone or something due to the manifestation of threats, i.e. their protection from threats.

It should be noted that this approach has found the greatest recognition both in the scientific community and in the field of legislative activity.

In general methodological terms, the structure of the concept of “security” includes:

q security object;

q threats to the security object;

q ensuring the security of the facility from threats.

The key element in determining the content of the concept of “security” is the security object, i.e. something that protects itself from threats. By choosing as an object of security information circulating in the internal affairs bodies, as well as the activities of police units related to the production and consumption of information, we can talk about their information security – the security of their “information dimension”.

In current Russian legislation, information security is understood as “the state of protection of national interests in the information sphere, determined by the totality of balanced interests of the individual, society and state”(Doctrine of Information Security of the Russian Federation). At the same time, under The information sphere of society is understood as the totality of information, information infrastructure, entities collecting, generating, distributing and using information, as well as systems for regulating the social relations that arise in this case.

Based on what has been noted, Information security of internal affairs bodies is understood as the state of security of information, information resources and information systems of internal affairs bodies, which ensures the protection of information (data) from leakage, theft, unauthorized access, destruction, distortion, modification, forgery, copying, blocking (Concept for ensuring information security of the internal affairs bodies of the Russian Federation until 2020, approved by order of the Ministry of Internal Affairs of Russia dated March 14, 2012 No. 169). The structure of this concept is shown in Fig. 4. Let's look at it in more detail.

Rice. 4. Structure of the concept “information security of internal affairs bodies”

ATS Information Security Object. As we have already noted, the objects of information security are:

q informational resources internal affairs bodies used in solving official tasks, including those containing restricted access information, as well as special information and operational data of an official nature.

Information used by internal affairs bodies contains information about the state of crime and public order in the territory served, about the bodies and units themselves, their forces and means. In duty stations, detectives, local police inspectors, investigators, employees of forensic units, the migration service, and other units, primary accounting documents, log books, and other media accumulate arrays of data for operational-search and operational-reference purposes, in which contains information about:

– offenders and criminals;

– owners of motor vehicles;

– owners of firearms;

– events and facts of a criminal nature, offenses;

– stolen and confiscated items, antiques, as well as other information subject to storage.

Services and divisions of internal affairs bodies are characterized by the following data:

– about the forces and means at the disposal of the body;

– about the results of their activities.

The information listed above is used when organizing the work of departments and when taking practical measures to combat crime and delinquency.

In addition to the above information, scientific and technical information necessary to improve the activities of internal affairs bodies is widely used.

Particular attention should be paid to the information used by internal affairs bodies in solving and investigating crimes. This type of information may include, but is not limited to:

All types of evidence in a criminal case;

Materials of the criminal case;

Information about the progress of the criminal investigation (i.e., a set of operational and procedural information about the event under investigation, plans for conducting operational investigative and procedural actions);

Information about law enforcement officers taking part in the investigation of the crime;

Information about suspects and accused persons in the case;

Information about victims, witnesses and other persons assisting in the investigation of the crime, etc.

In addition to the above, information of limited access to individuals and legal entities, to which officials of police departments gain access in the performance of official duties, in particular, when solving and investigating crimes, is also subject to protection;

q information infrastructure internal affairs bodies, which means a set of methods, means and technologies for the implementation of information processes (i.e. processes of creation, collection, processing, accumulation, storage, search, distribution and consumption of information), necessary to be carried out in the internal affairs department when performing the tasks assigned to them by law.

The information infrastructure of internal affairs bodies primarily includes those used in the practical activities of law enforcement agencies. Information Systems, networks And communication networks(including public use).

The information infrastructure of internal affairs bodies should certainly include those used in the practical activities of internal affairs bodies. information Technology– processes that use a set of means and methods for collecting, processing and transmitting data (primary information) to obtain new quality information about the state of an object, process or phenomenon (information product).

Information infrastructure objects include: premises, in which information processes take place during official activities, information processing on a computer, etc.

Threats to an information security object. The organization of ensuring information security of internal affairs bodies should be comprehensive and based on an in-depth analysis of possible negative consequences. It is important not to miss any important aspects. Analysis of negative consequences requires the mandatory identification of possible sources of threats, factors contributing to their manifestation and, as a result, identification of current threats to information security.

Based on this principle, it is advisable to model and classify sources of threats to information resources and information infrastructure of internal affairs bodies based on an analysis of the interaction of the logical chain:

Sources of threats . In the theory of information security under sources of threat confidential information is understood potential carriers of information security threats , which, depending on their nature, are divided into anthropogenic(caused by human activities), man-made or spontaneous. In relation to the security object itself, sources of threats are divided into external And internal.

An analysis of the provisions of the Information Security Doctrine of the Russian Federation, as well as other regulatory documents in the field of information security, allows us to identify the following main sources of threats to the information security of internal affairs bodies.

The main external sources of threats to the information security of internal affairs bodies include:

Intelligence activities of special services of foreign states, international criminal communities, organizations and groups related to the collection of information revealing the tasks, plans of activity, technical equipment, methods of work and locations of special units and internal affairs bodies of the Russian Federation;

Activities of foreign public and private commercial structures, as well as domestic criminal groups and commercial organizations seeking to gain unauthorized access to information resources of law enforcement agencies;

Natural disasters and natural phenomena (fires, earthquakes, floods and other unforeseen circumstances);

Various types of man-made accidents;

Failures and malfunctions, malfunctions in the operation of information infrastructure elements caused by errors in their design and/or manufacturing.

The main internal sources of threats to the information security of internal affairs bodies include:

Violation of the established regulations for the collection, processing, storage and transmission of information used in the practical activities of the internal affairs department, including those contained in file cabinets and automated data banks and used for the investigation of crimes;

Failure of hardware and software failures in information and telecommunication systems;

Use of uncertified software that disrupts the normal functioning of information and information and telecommunication systems, including information security systems;

Intentional actions, as well as errors of personnel directly involved in maintaining information systems used in internal affairs bodies, including those involved in the formation and maintenance of file cabinets and automated data banks;

The inability or unwillingness of service personnel and/or users of ATS information systems to fulfill their duties (civil unrest, transport accidents, a terrorist attack or its threat, a strike, etc.).

Vulnerabilities . Under vulnerability in the context of the issue under consideration, we believe it is necessary to understand reasons leading to violation of the established information protection regime in internal affairs bodies . Such reasons include, for example:

An unfavorable crime situation, accompanied by trends in the merging of state and criminal structures in the information sphere, criminal structures gaining access to confidential information, increasing the influence of organized crime on the life of society, reducing the degree of protection of the legitimate interests of citizens, society and the state in the information sphere;

Insufficient legislative and regulatory regulation of information exchange in law enforcement;

Insufficient coordination of the activities of internal affairs bodies and their divisions to implement a unified policy in the field of information security;

Insufficient activity in informing the public about the activities of internal affairs bodies, explaining the decisions made, creating open government resources and developing a system for citizens to access them;

Insufficient funding for measures to ensure information security of internal affairs bodies;

Reduced efficiency of the education and training system, insufficient number of qualified personnel in the field of information security;

Lack of a unified methodology for collecting, processing and storing information of an operational-search, reference, forensic and statistical nature, etc.;

The presence of such design features and technical characteristics of information infrastructure elements that can lead to a violation of the integrity, availability and confidentiality of security objects. For example, the TCP/IP protocol used in the global electronic network Internet was initially developed without taking into account information security requirements, and most of the software used in practical ATS activities contains a lot of errors and undocumented capabilities.

Threats . The listed vulnerabilities give rise to corresponding threats to the security of information and the information infrastructure of internal affairs bodies. Wherein By threats to an information security object we mean a set of conditions and factors that create a potential or real danger of leakage, theft, loss, destruction, distortion, modification, forgery, copying, blocking of information and unauthorized access to it .

However, and this must be emphasized, a threat to a security object is not something that exists independently. It is either a manifestation of the interaction of a security object with other objects, which can harm its functioning and properties, or a similar manifestation of the interaction of subsystems and elements of the security object itself.

The security of information resources and information infrastructure of internal affairs bodies is manifested through the security of their most important properties, which include:

q integrity – a property of information and information infrastructure, characterized by the ability to withstand unauthorized or unintentional destruction and distortion of information;

q availability – a property of information and information infrastructure, characterized by the ability to provide unimpeded access to information to subjects who have the appropriate authority to do so;

q confidentiality – a property of information and information infrastructure, characterized by the ability of information to be kept secret from subjects who do not have the authority to become familiar with it.

Violation of the specified properties of information security objects of internal affairs bodies constitutes a threat to the information security of internal affairs bodies. These threats are manifested by:

q violation of the integrity of information as a result of:

- loss (theft). It consists of “removing” information and/or its carriers from the information sphere of internal affairs bodies, leading to the impossibility of further use of this information in the activities of the internal affairs bodies;

- destruction. Destruction is an impact on information and/or its media circulating in internal affairs bodies, as a result of which they cease to exist or are brought into a state that makes it impossible for them to be further used in the practical activities of the internal affairs bodies;

- distortions (modifications, fakes), i.e. as a result of such an impact on information, which leads to a change in its (information) semantic content, the creation and/or imposition of false media of information;

q disruption of information availability as a result of:

- blocking, those. termination or obstruction of access to information by authorized persons;

- loss;

q violation of confidentiality of information as a result of:

- unauthorized disclosure of information. Represents intentional or unintentional actions of persons with access to non-disclosure information, facilitating unauthorized access to this information by third parties.;

- unauthorized access to information. It represents intentional or unintentional actions of persons who do not have the right to access information to become familiar with it.

Ensuring information security. We have already noted that information security of internal affairs bodies is the protection of information resources and the supporting information infrastructure of internal affairs bodies from threats, i.e. impossibility of any damage or harm to them. Since both information resources and the information infrastructure of the internal affairs bodies do not exist on their own, outside the practical activities of internal affairs bodies, but in fact are one of the means of this activity, it is quite obvious that their security can be ensured only by creating such conditions for the activities of internal affairs bodies cases in which potentially hazardous impacts on safety objects were either prevented or reduced to a level at which they were not capable of causing damage to them.

Thus, Ensuring information security of internal affairs bodies is the process of creating such conditions for the activities of internal affairs bodies in which potentially dangerous impacts on information resources and information infrastructure of internal affairs bodies were either prevented or reduced to a level that does not interfere with the solution of tasks facing internal affairs bodies..

From this definition it is clearly seen that ensuring information security is of an auxiliary nature in the system of activities of internal affairs bodies, since it is aimed at creating conditions for achieving the main goals of internal affairs bodies - first of all, the effective fight against crime.

Ensuring information security of internal affairs bodies has its own external And internal focus. External focus This type of activity is determined by the need to ensure the legal rights and interests of copyright holders of legally protected information involved in the activities of internal affairs bodies.

Internal focus activities to ensure information security of internal affairs bodies are determined by the need to implement the tasks and achieve the goals facing the internal affairs bodies - first of all, identifying, solving, investigating and preventing crimes. In other words, it creates the prerequisites for the successful implementation of the tasks facing the internal affairs bodies.

Activities to ensure information security are carried out on the basis of a certain set of the most important, key ideas and provisions, called principles. These fundamental principles include the following:

Humanism;

Objectivity;

Specificity;

Efficiency;

A combination of publicity and official secrets;

Legality and constitutionality;

Compliance of the selected means and methods with the purpose of counteraction;

Complexity.

Principle humanism is to ensure the rights and freedoms of man and citizen in countering threats to information security, preventing unlawful attacks on his person, humiliating the honor and dignity of a person, arbitrary interference in his private life, personal and family secrets, restricting the freedom of his information activities, as well as in minimizing damage to these rights and freedoms when their restriction is carried out on legal grounds.

Principle objectivity is to take into account, when implementing countermeasures, the objective laws of social development, the interaction of society with the environment, and the real capabilities of information security entities to eliminate the threat or minimize the consequences of its implementation. This principle requires an integrated, systematic approach to determining ways to achieve activity goals with the least expenditure of effort and resources.

Principle specificity is to ensure security in relation to specific life circumstances, taking into account the various forms of manifestation of objective laws on the basis of reliable information about both internal and external threats, and the capabilities to counter them. Reliable information makes it possible to establish specific forms of manifestation of threats, determine, in accordance with this, goals and actions to ensure security, specify methods of countering threats, and the forces and means necessary for their implementation.

Principle efficiency is to achieve counteraction goals with the least expenditure of effort and resources. Ensuring information security in any social community requires certain material, financial and human resources. Based on this, ensuring security, like any socially useful activity of people, must be carried out rationally and effectively. Typically, efficiency criteria that are used in practice include the ratio of the amount of damage prevented from the implementation of threats to the costs of countering these threats.

Principle combination of publicity and secrecy is to find and maintain the necessary balance between the openness of information security activities, which makes it possible to achieve public trust and support, and, on the other hand, to protect proprietary information of the internal affairs department, the disclosure of which may reduce the effectiveness of countering security threats.

Principle legality and constitutionality means the implementation of all functions inherent in state organizations and officials in strict accordance with the current constitution, laws and regulations, in accordance with the competence established by law. Strict and strict adherence to the rule of law and constitutionality must be an indispensable requirement and principle of activity not only of state, but also of non-state bodies, institutions and organizations.

Principle compliance of the selected means and methods with the goal of counteraction means that these means and methods must, on the one hand, be sufficient to achieve the goal, and on the other hand, not lead to undesirable consequences for society.

Principle complexity the use of available forces and means lies in the coordinated activities of the subjects of countering threats to information security and the coordinated use of resources available for this.

As a type of security, information security has a complex structure, including goals, means and subjects of this activity.

The following can be identified as the goals of activities to ensure information security of internal affairs bodies:

q elimination (prevention) of security threats;

q minimizing damage from threats.

Elimination (prevention) of threats as the goal of ensuring information security is such a nature of interaction between a security object and a source of threats in which these sources cease to have the property of generating a threat.

Minimizing Consequences the implementation of a threat as a goal of information security activities occurs when the elimination (prevention) of threats is not possible. This goal represents such a nature of interaction between a security object and a source of threats in which emerging threats are promptly identified, the causes contributing to this process are identified and eliminated, as well as the consequences of the manifestation of threats are eliminated.

Information Security Tools – This is a set of legal, organizational and technical means designed to ensure information security.

All information security tools can be divided into two groups:

q formal;

q informal.

TO formal These include such means that perform their functions of protecting information formally, that is, mainly without human participation. TO informal refers to means that are based on the purposeful activities of people.

Formal means are divided into physical, hardware And software.

Physical means – mechanical, electrical, electromechanical, electronic, electronic-mechanical and similar devices and systems that operate autonomously, creating various kinds of obstacles in the way of destabilizing factors.

Hardware – various electronic, electronic-mechanical and similar devices that are circuit-built into the equipment of a data processing system or interfaced with it specifically to solve information security problems. For example, noise generators are used to protect against leakage through technical channels.

Physical and hardware are combined into a class technical means of information security.

Software– special software packages or individual programs included in the software of automated systems in order to solve information security problems. These can be various programs for cryptographic data conversion, access control, virus protection, etc.

Informal means are divided into organizational, legal and moral-ethical.

Organizational means – organizational and technical measures specifically provided for in the technology of operation of an object to solve problems of information protection, carried out in the form of purposeful human activity.

Legal means – existing in the country or specially issued regulations, which regulate the rights and obligations related to ensuring the protection of information of all persons and departments related to the operation of the system, and also establish liability for violation of the rules for processing information, which may result in violation of information security.

Moral and ethical standards – moral norms or ethical rules established in a society or a given group, compliance with which contributes to the protection of information, and violation of them is equated to non-compliance with the rules of conduct in a society or group.

Moral and ethical methods of protecting information can be classified as a group of methods that, based on the common expression that “it’s not locks that keep secrets, but people,” play a very important role in protecting information. It is a person, an employee of an enterprise or institution, who has access to secrets and accumulates colossal amounts of information in his memory, including secret information, who often becomes a source of leakage of this information, or through his fault, an opponent gets the opportunity to gain unauthorized access to the media of protected information.

Moral and ethical methods of protecting information involve, first of all, the education of an employee who has access to secrets, that is, carrying out special work aimed at developing in him a system of certain qualities, views and beliefs (patriotism, understanding of the importance and usefulness of protecting information for him personally), and training an employee aware of information constituting a protected secret, the rules and methods of protecting information, instilling in him the skills to work with carriers of secret and confidential information.

Subjects of information security are bodies, organizations and persons authorized by law to carry out relevant activities. These include, first of all, heads of internal affairs bodies, employees of relevant departments of internal affairs bodies dealing with information security issues (for example, employees of technical departments carrying out technical protection of internal affairs bodies), federal executive authorities exercising supervisory functions within their competence (for example , FSB in terms of ensuring the safety of information constituting state secrets), etc.

Conclusion

The internal affairs bodies pay serious attention to the issues of maintaining secret information and instilling high vigilance among employees. One of them often underestimates the danger of leakage of such information. They show carelessness bordering on criminal negligence when handling secret documents, which often leads to the disclosure of information constituting state secrets, and even to the loss of secret items and documents. At the same time, some employees of the internal affairs bodies establish and maintain dubious unwanted connections, and disclose information about the methods and forms of work of the internal affairs bodies to outsiders. Low professional qualities of individual employees often lead to a violation of the secrecy of ongoing events. The purpose of this course is to understand what information security is, how and by what means it can be ensured and avoid the negative consequences that may occur for you if confidential information leaks.

240 rub. | 75 UAH | $3.75 ", MOUSEOFF, FGCOLOR, "#FFFFCC",BGCOLOR, "#393939");" onMouseOut="return nd();"> Abstract - 240 rubles, delivery 1-3 hours, from 10-19 (Moscow time), except Sunday

Fisun Yulia Alexandrovna. State legal foundations of information security in internal affairs bodies: Dis. ...cand. legal Sciences: 12.00.02: Moscow, 2001 213 p. RSL OD, 61:01-12/635-2

Introduction

Chapter I. Concept and legal basis of information security . 14

1. The concept and essence of information security 14

2. Main directions of the state’s activities to ensure information security 35

3. Main directions of formation of legislation in the field of information security 55

Chapter II. Organizational foundations of information security in internal affairs bodies 89

1. Organization of activities of internal affairs bodies to ensure information security 89

2. Forms and methods of ensuring information security in internal affairs bodies

Conclusion 161

References 166

Applications 192

Introduction to the work

Relevance of the research topic. Informatization of the law enforcement sphere, based on the rapid development of information systems, is accompanied by a significant increase in attacks on information both from foreign states and from criminal structures and citizens. One of the features of the informatization process is the formation and use of information resources that have the appropriate properties of reliability, timeliness, relevance, among which their security is important. This, in turn, involves the development of secure information technologies, which should be based on the priority nature of solving problems of ensuring information security. It should be noted that the lag in solving these problems can significantly reduce the pace of informatization of the law enforcement sphere.

Thus, one of the primary tasks facing internal affairs bodies is to resolve the contradictions between the actually existing and necessary quality of protecting their information interests (needs), i.e., ensuring their information security.

The problem of ensuring information security in internal affairs bodies is inextricably linked with the activities of the state in the information sphere, which also includes the field of information security. Over the last period, a large number of regulatory legal acts on information legislation have been adopted. Only a few of them relate to the field of information security and at the same time relate only to general security provisions (for example, the Law of the Russian Federation “On Security”). The very definition of “information security” first appeared in the Federal Law “On Participation in International Information Exchange”. The Federal Law “On Information, Informatization and Information Protection” also speaks about the protection of information, but without defining the concept of information protection. Due to the lack of concepts of types of information, it is not entirely clear what information should be protected.

The National Security Concept adopted in the new edition, the priority task of which is not only the solution of issues of state security, but also its components, is focused primarily on the fight against terrorism. Unfortunately, issues related to information security only affect threats in the information sphere. Nothing is said at all about the role of the Ministry of Internal Affairs as a security entity.

The relevance of the chosen topic is emphasized by the act of adoption of the Information Security Doctrine of the Russian Federation (RF), which for the first time introduced the definition of information security of the Russian Federation, threats to information security, methods of ensuring information security of the Russian Federation, etc.

As for the issues of information security in internal affairs bodies, in the legal literature they are mainly reduced to general provisions: threats to security are listed and some methods of ensuring it are named that are characteristic of the entire law enforcement sphere. The organizational and legal aspects of ensuring information security of internal affairs bodies within the framework of the proposed concept of information security are not fully considered.

Taking into account the above, it is proposed to introduce the concept of information security of internal affairs bodies. Information security of internal affairs bodies is a state of security of the information environment that corresponds to the interests of internal affairs bodies, which ensures their formation, use and development opportunities, regardless of the impact of internal and external information threats. At the same time, taking into account the well-known definitions of a threat, an information threat will be understood as a set of conditions and factors that create a danger to the information environment and the interests of internal affairs bodies.

Thus, the relevance of legal regulation of information security in the activities of internal affairs bodies is beyond doubt. To achieve the proper level of regulatory support for information security, it is necessary to determine its subject areas, regulate the relations of the subjects of support, taking into account the characteristics of the main objects of information security. Therefore, according to the dissertation author, a comprehensive study is needed not only of the legal regulation of information security at the level of ministries and departments, but also a study of the state and development of the regulatory framework in the field of information security.

The degree of development of the research topic. The author's analysis of the research results of scientists allows us to state that the problems of legal regulation of information relations, ensuring information security and its components are relevant for legal science and practice and require further development." A significant number of publications are devoted to particular problems and issues of legal regulation of relations in the information sphere, in the field of information security, ensuring the security of information, which involves its protection from theft, loss, unauthorized access, copying, modification, blocking, etc., considered within the framework of the emerging legal institution of secrecy, domestic scientists and specialists have made a great contribution to the development of this area: A. B. Agapov, V. I. Bulavin, Yu. M. Baturin, S. A. Volkov, V. A. Gerasimenko, V. Yu. Gaikovich, I. N. Glebov, G. V. Grachev, S. N. Grinyaev, G. V. Emelyanov, V. A. Kopylov, A. P. Kurilo, V. N. Lopatin, A. A. Malyuk, A. S. Prudnikov, S. V. Rybak, A. A. Streltsov, A. A. Fatyanov, A. P. Fisun, V. D. Tsigankov, D. S. Chereshkin, A. A. Shiversky and others1.

During the dissertation research, the latest achievements of natural, socio-economic and technical sciences, historical and modern experience in ensuring information security of the individual, society and state were widely used; materials of various scientific periodicals, scientific, scientific and practical conferences and seminars, works of scientists in the field of theory of law and state, monographic studies in the field of law, information legislation, comprehensive information protection and information security.

Object and subject of research. The object of the study is the current and emerging systems of social relations that have developed in the information sphere and the field of information security.

The subject of the study is international legal acts, the content of the Constitution of the Russian Federation, the norms of domestic legislation regulating relations in the field of ensuring information security of the individual, society and the state, as well as the content of legal norms regulating the activities of internal affairs bodies to ensure information security.

Goals and objectives of the study. Based on the analysis and systematization of current legislation in the information sphere and information security, the dissertation candidate developed the fundamentals and introduced scientific and methodological recommendations for the use of legal and organizational tools for ensuring information security both in the activities of internal affairs bodies and in the educational process.

As part of achieving this goal, the following theoretical and scientific-practical tasks were set and solved: basic concepts, types, content of information as an object of ensuring information security and legal relations were analyzed and clarified;

2) existing directions and proposals for the formation of the legal and organizational foundations of information security were systematized, directions for improving the legislative framework in the field of ensuring information security, including in internal affairs bodies, were identified and clarified;

3) regulatory legal acts have been systematized and the structure of the current legislation in the information sphere has been formed;

4) the content of the organizational basis for the activities of internal affairs bodies to ensure information security has been determined;

5) organizational and legal aspects of the information security system and its structure in the activities of internal affairs bodies have been identified;

6) analyzed and selected forms and methods of ensuring information security in internal affairs bodies within the framework of legal regulation of their application and development.

The methodological basis of the dissertation research is made up of universal philosophical methods and principles of materialist dialectics; general scientific methods of comparison, generalization, induction; private scientific methods: system-structural, system-activity, formal-legal, comparative-legal and other research methods.

The regulatory framework for the study is the Constitution of the Russian Federation, regulatory legal acts of the Russian Federation, including international legislation, norms of various branches of law, departmental regulations.

The scientific novelty of dissertation research is:

In the study of the problem of development of the legal and organizational foundations for ensuring information security in internal affairs bodies from the standpoint of the advanced development of the needs of practice and the formation of the information sphere in the context of the widespread introduction of new information technologies and increasing information threats;

Understanding the place and role of constitutional law in the life of Russian society, as well as the further prospects for its development, within the framework of state policy to ensure information security;

Clarifying the system of state legislation in the field of information security;

Implementation of systematization of regulatory legal acts in the field of information security and formation of the structure of legislation in the field of information security of the individual, society, state, including internal affairs bodies;

Development of proposals to improve legislation in the field of information security;

Development of organizational and legal components of the information security system in internal affairs bodies;

Development of scientific and methodological recommendations for the use of legal and organizational training tools for ensuring information security in internal affairs bodies and in the educational process when training specialists in the legal foundations of information security.

Main provisions submitted for defense:

1. Definition of the conceptual apparatus on the legal basis of the current legislation in the field of information security, including the concept of information security, which allows us to form an idea of information as an object of ensuring information security and legal relations, as well as to formulate security threats.

Information security of internal affairs bodies is a state of security of the information environment that corresponds to the interests of internal affairs bodies, which ensures their formation, use and development opportunities, regardless of the impact of internal and external threats.

2. The problem of ensuring information security at the state level requires a deeper theoretical and practical understanding of the place and role of constitutional law in the life of Russian society, as well as the further prospects for its development within the following areas:

Improving the constitutional legislation "On state states and regimes", in particular in the field of information security, and improving on this basis the legislation of the constituent entities of the Russian Federation in this area;

Priority implementation of the constitutional rights of citizens in the information sphere;

Implementation of a unified state policy in the field of information security, ensuring an optimal balance of interests of subjects in the information sphere and eliminating gaps in constitutional legislation.

3. Proposals to clarify the main directions of the state’s activities in the formation of legislation in the information sphere, including the field of information security, which represent ways to improve the regulatory framework of information legislation and make it possible to determine the legal basis for the activities of internal affairs bodies in the field of information security. They come from a set of balanced interests of the individual, society and the state in the economic, social, domestic political, international, information and other spheres. The following areas are prioritized:

To respect the interests of the individual in the information sphere;

Improving legal mechanisms for regulating public relations in the information sphere;

Protection of national spiritual values, moral standards and public morality.

4. It is proposed to improve the structure of legislation in the field of information security, which is a system of interconnected elements, including a set of regulatory and departmental acts, which makes it possible to visualize the many relations in the information sphere and the field of information security, and the complexity of their regulation.

5. Organizational and legal components of the system for ensuring information security in internal affairs bodies, including the content of the organization of their activities (from the perspective of its legal regulation), represented by the structure of necessary and interrelated elements and including:

Subjects of ensuring the security of the Russian Federation;

Objects of information security of internal affairs bodies;

Organization of activities of internal affairs bodies;

Forms, methods and means of ensuring information security.

6. The content of organizing the activities of internal affairs bodies to ensure information security (from the point of view of its legal regulation), which is a purposeful continuous process in terms of analysis, development, implementation of legal, organizational, technical and other activities related to the field of information security, and also ensuring the rights and legitimate interests of citizens.

The practical significance of the dissertation research is:

In the use of proposals in the development of new regulations and improvement of current legislation in the information sphere of activity of public authorities of the constituent entities of the Russian Federation, departments, ministries;

Increasing the efficiency of the activities of internal affairs bodies to ensure information security;

Improving the training of specialists in the system of higher professional education, improving the qualifications of specialists in the field of integrated information security and legal regulation of information security in the interests of various ministries and departments based on the development of a version of educational and methodological support;

Development of scientific and methodological recommendations for the use of legal and organizational training tools for information security in the educational process, allowing to ensure the necessary level of training of specialists in the legal foundations of information security.

Approbation, implementation of research results and publications.

Theoretical provisions, conclusions, proposals and practical recommendations set out in this study were reported and discussed at the 8th and 9th International Conferences at the Academy of Management of the Ministry of Internal Affairs

Russia "Informatization of law enforcement systems" (Moscow, 1999-2000), Interuniversity regional conference "University Declaration of Human Rights: problems of improving Russian legislation and the practice of its application" at the Academy of Management of the Ministry of Internal Affairs of Russia (Moscow, 1999) , scientific seminar "Problems of federalism in the development of Russian statehood" and the International scientific and practical conference "Law enforcement in transport: results and prospects", held on the basis of the Orel Law Institute of the Ministry of Internal Affairs of Russia (Orel, 1999). Based on the results of the study, eight scientific papers with a total volume of 8 printed pages were published.

The structure and volume of the dissertation are determined by the logic of the research and consist of an introduction, two chapters, a conclusion, a list of references and an appendix.

The concept and essence of information security

An integral part of the subject of science and scientific research, including the developing scientific direction of information protection and legal regulation of information security, is its conceptual apparatus. Naturally, one of the central concepts in this subject area is the concept of “information”1, which can be classified as abstract categories and primary concepts. Analysis of the above concept gives an idea of its understanding in a system-wide, philosophical sense (information is a reflection of the material world) and to the narrowest, technocratic and pragmatic sense (information is all information that is the object of storage, transmission and transformation).

In a number of works, information is understood as certain properties of matter perceived by the control system both from the surrounding external material world and from processes occurring in the system itself. There is a view that identifies the concepts of “information” and “message”, in which information is defined as an essential part of the message for the recipient, and the message is defined as a material carrier of information, one of the specific elements of a finite or infinite set transmitted over a communication channel and perceived at the receiving end of the system communication with some recipient.

We can to some extent turn to the well-known content of the concept of “information”, defined by R. Shannon, where information is the amount of the unpredictable contained in a message. Quantity is a measure of the newness that a given message introduces into the sphere surrounding the recipient.

The Federal Law “On Information, Informatization and Information Protection” provides a fairly generalized definition of this concept and its derivatives. Thus, information is presented as information about objects, objects, phenomena, processes, regardless of the form of their presentation. This generic concept of information is also used to form its derivative definitions used in other regulatory legal acts1. Let's look at some of them in more detail.

Documented information (documents) is information recorded on a tangible medium with details that allow it to be identified.

Confidential information is documented information, access to which is limited in accordance with the law.

Mass information - printed, audio messages, audiovisual and other messages and materials intended for an unlimited number of people.

Information resources - individual documents and individual arrays of documents, documents and arrays of documents in information systems (libraries, archives, funds, data banks, other types of information systems).

Information products (products) - documented information prepared in accordance with user needs and intended or used to meet user needs.

State secret is information protected by the state in the field of its military, foreign policy, economic, intelligence, counterintelligence and operational investigative activities, the dissemination of which could harm the security of the Russian Federation.

Computer information is information on a machine medium, in a computer, a computer system or their network."

Article 128 of the Civil Code defines information as an object of civil legal relations. When analyzing information from these positions, it is necessary to pay attention to the aspect related to the legal protection of information as an object of property rights5. This approach to information is explained by the fact that, on the one hand, the historical and traditional object of property rights is a material object, on the other hand, information, not being a material object of the surrounding world, is inextricably linked with a material carrier: this is the human brain or material carriers alienated from humans (book, floppy disk, etc.)

Considering information as a reflection of reality by an object in the surrounding world, we can talk about information as an abstract substance that exists on its own, but for us neither storage nor transmission of information without a material carrier is possible. It is known that information, on the one hand, as an object of property rights, can be copied (replicated) using a material medium1, on the other hand, as an object of property rights, it is easily moved from one to the next subject of property rights without an obvious (noticeable) violation of the property rights to information. But the movement of a material object of property rights is inevitable and, as a rule, entails the loss of this object by the original subject of property rights. In this case, there is an obvious violation of his property rights. It should be noted that a violation of this right occurs only in the case of unlawful movement of a particular material object1. The danger of copying and moving information is aggravated by the fact that it is usually alienated from the owner, i.e., it is stored and processed within the reach of a large number of entities that are not subjects of ownership of this information. This includes, for example, automated systems, including networks. A complex system of relationships between subjects of property rights arises, which determines the methods of their implementation, and, consequently, the directions for the formation of a system of legal protection that ensure the prevention of violations of property rights to information.

Having analyzed the features of information as an object of property rights, we can conclude that otherwise information is no different from traditional objects of property rights. The analysis of the content of information, including as an object of law, made it possible to identify its main types that are subject to legal protection (Appendix 1): - information classified as state secret by authorized bodies on the basis of the Law of the Russian Federation “On State Secrets”; - confidential documented information - of the owner of information resources or an authorized person on the basis of the Federal Law "On Information, Informatization and Information Protection"; - Personal Information.

The main directions of government activity to ensure information security

The trends in constitutional development are such that they focus attention on the problem of the nature of constitutional legislation. Along with the currently pressing issues of the priority of human rights and freedoms of civil society, government and its organization, the problem of “state regimes and states” comes to the forefront - ensuring security (information security as an integral part), defense, state of emergency, etc. 1

The need for constitutional regulation of information security is obvious. After all, information security of an individual is nothing more than the protection of constitutional rights and freedoms of a person. And one of the directions of state policy in the field of information security is the observance and implementation of the constitutional rights of man and citizen in the area under consideration. Firstly, according to the Law of the Russian Federation “On Security”, security is achieved by implementing a unified state policy in the field of security. It is obvious that information security is achieved by implementing state policy in the field of ensuring information security of the Russian Federation. This policy, in turn, determines the main directions of state activity in the area under discussion and deserves some attention.

Secondly, the relevance of the study of the main directions of state activity in the area under consideration is determined by the following: - the need to develop and improve constitutional legislation, ensuring an optimal combination of the priorities of the interests of the individual, departments and the state as a whole within the framework of one of the areas of ensuring information security; - improving the state’s activities in implementing its functions of ensuring the security of all subjects of information relations; - the need of citizens to protect their interests in the information sphere; - the need to form a unified legal field in the field of information relations. The development of state policy in the field of information security is reflected in the consistent development and development of the National Security Concept of the Russian Federation. Its features are the following provisions: - not a single sphere of life in modern society can function without a developed information structure; - the national information resource is currently one of the main sources of economic and military power of the state; - penetrating into all spheres of state activity, information acquires specific political, material and cost expressions; - issues of ensuring information security of the Russian Federation as an integral element of its national security are becoming increasingly relevant, and information protection is becoming one of the priority government tasks; - the system of national interests of Russia in the field of economics, social, domestic political, international, information spheres, in the field of military, border and environmental security is determined by the totality of balanced interests of the individual, society and the state; - the state policy of ensuring information security of the Russian Federation determines the main directions of activity of federal government bodies and government bodies of constituent entities of the Russian Federation in this area. The concept also defines Russia's national interests in the information sphere,1 which are aimed at concentrating the efforts of society and the state in solving the following tasks: - respect for the constitutional rights and freedoms of citizens in the field of obtaining information and exchanging it; - protection of national spiritual values, promotion of national cultural heritage, moral standards and public morality; - ensuring the right of citizens to receive reliable information; - development of modern telecommunication technologies.

The systematic activities of the state to implement these tasks will allow the Russian Federation to become one of the centers of global development and the formation of an information society that provides for the needs of the individual, society, and the state in the information sphere, including their protection from the destructive effects of information to manipulate mass consciousness, as well as the necessary protection state information resource from leakage of important political, economic, scientific, technical and military information.

Taking into account the above provisions, the following principles can be identified on which the state policy of ensuring information security of the Russian Federation should be based:

Compliance with the Constitution of the Russian Federation, the legislation of the Russian Federation, generally recognized norms of international law when carrying out activities to ensure the information security of the country;

Legal equality of all participants in the process of information interaction, regardless of their political, social and economic status, based on the constitutional right of citizens to freely search, receive, transmit, produce and disseminate information in any legal way;

Openness, which provides for the implementation of the functions of federal government bodies and government bodies of constituent entities of the Russian Federation, public associations, including informing the public about their activities, taking into account the restrictions established by the legislation of the Russian Federation;

Priority for the development of domestic modern information and telecommunication technologies, the production of hardware and software capable of ensuring the improvement of national telecommunication networks, their connection to global information networks in order to comply with the vital interests of the Russian Federation.

Organization of activities of internal affairs bodies to ensure information security

To ensure information security, it is necessary to have relevant bodies, organizations, departments and ensure their effective functioning. The combination of these organs constitutes a security system. To identify the features of the organization and activities of internal affairs bodies to ensure information security, we will consider the security system as a whole.

According to the Law of the Russian Federation “On Security”, the security system, and therefore information security, is formed by: - bodies of the legislative, executive and judicial authorities; state, public and other organizations and associations; citizens taking part in ensuring security; - legislation regulating relations in the field of security. This law establishes only the organizational structure of the security system. The security system itself is much broader. Its consideration is not possible, since it is beyond the scope of the dissertation research. Therefore, we will consider only the organizational structure of the security system. Analysis of current regulatory legal acts made it possible to identify the following components as security subjects representing the organizational structure of the information security system1: - federal government bodies; state authorities of the constituent entities of the Russian Federation; local government bodies that solve problems in the field of information security within their competence; - state and interdepartmental commissions and councils specializing in solving information security problems; - structural and cross-industry divisions for the protection of confidential information of government bodies of the Russian Federation, as well as structural divisions of enterprises carrying out work using information classified as state secrets, or specializing in work in the field of information protection; - research, design and engineering organizations performing work to ensure information security; - educational institutions that provide training and retraining of personnel to work in the information security system; - citizens, public and other organizations with rights and responsibilities to ensure information security in the manner prescribed by law;

The main functions of the considered information security system of the Russian Federation are1: - development and implementation of an information security strategy; - creating conditions for the implementation of the rights of citizens and organizations to activities permitted by law in the information sphere; - assessment of the state of information security in the country; identifying sources of internal and external threats to information security; identifying priority areas for preventing, countering and neutralizing these threats; - coordination and control of the information security system; - organizing the development of federal and departmental information security programs and coordinating work on their implementation; - implementation of a unified technical policy in the field of information security; - organization of fundamental, exploratory and applied scientific research in the field of information security; - ensuring control over the creation and use of information security tools through mandatory licensing of activities in the field of information security and certification of information security tools; - implementation of international cooperation in the field of information security, representation of the interests of the Russian Federation in relevant international organizations.

Analysis of the structure and functions of the information security system, taking into account the existing system of separation of powers, revealed the following: 1) the main goal of the information security system is to protect the constitutional rights and freedoms of citizens; 2) the state is the main and main subject of ensuring information security; 3) general management of the subjects of information security, within the framework of certain powers, is exercised by the President of the Russian Federation. His powers in the field of ensuring information security include: - management and interaction of public authorities; - control and coordination of the activities of information security authorities; - determination of the vital interests of the Russian Federation in the information sphere; - identification of internal and external threats to these interests; - determination of the main directions of the information security strategy. 4) The Federal Assembly of the Russian Federation forms the legislative framework in the field of information security on the basis of the Constitution of the Russian Federation; 5) The Government of the Russian Federation, within the limits of its powers, provides leadership to state bodies ensuring information security, organizes and controls the development and implementation of measures to ensure information security by ministries and other bodies subordinate to it; 6) judicial authorities are also subjects of information security. They provide judicial protection to citizens whose rights have been violated in connection with activities to ensure information security, administer justice in cases of crimes in the information sphere; 7) a special role in ensuring state security, including information security, belongs to the Security Council of the Russian Federation. This is a constitutional body that does not have the status of a federal executive body, but is endowed with sufficient powers in the field of security. The Security Council is the only advisory body under the President of the Russian Federation, the creation of which is provided for by the current Constitution.

Forms and methods of ensuring information security in internal affairs bodies

The issues of organizing a security system, including the areas of ensuring information security, discussed in the previous paragraph, require clarification of the content of the tasks of ensuring information security, methods, means and forms of their solution.

Forms, methods and means are considered through the prism of legal regulation of activities to ensure information security, which is inextricably linked with them, and therefore requires clarification and determination of the legal boundaries of their use. In addition, solving any theoretical or practical problem is impossible without certain methods - methods and means.

The choice of appropriate methods and means of ensuring information security is proposed to be undertaken as part of the creation of an information protection system that would guarantee recognition and protection of the fundamental rights and freedoms of citizens; formation and development of the rule of law, political, economic, social stability of society; preservation of national values and traditions.

At the same time, such a system must ensure the protection of information, including information constituting state, commercial, official and other secrets protected by law, taking into account the peculiarities of the protected information in the field of regulation, organization and implementation of protection. Within the framework of this variety of types of protected information, in the author’s opinion, the following most general features of the protection of any type of protected information can be identified: - information protection is organized and carried out by the owner or owner of the information or persons authorized by him (legal or natural); - organizing effective information protection allows the owner to protect his rights to own and dispose of information, to strive to protect it from illegal possession and use to the detriment of his interests; - information protection is carried out through a set of measures to limit access to protected information and create conditions that exclude or significantly complicate unauthorized, illegal access to protected information and its media.

To exclude access to protected information by unauthorized persons, the owner of the information, who protects it, including its classification, establishes a certain regime, rules for its protection, determines forms and methods of protection. Thus, information protection is the proper provision of circulation of protected information in a special area limited by security measures. This is confirmed by a number of approaches of famous scientists2, who consider information protection as “the regular use of means and methods, the adoption of measures and the implementation of activities in order to systematically ensure the required reliability of information

Taking into account the content of this definition, as well as other definitions of the concept of information protection and the main purposes of information protection highlighted in them, including preventing the destruction or distortion of information; prevention of unauthorized receipt and reproduction of information, we can highlight the main task of protecting information in internal affairs bodies. This is maintaining the secrecy of protected information.

In a comprehensive information security system, this problem is solved in relation to protection levels and destabilizing factors. And the formation of a relatively complete set of tasks for these groups is carried out on the basis of an analysis of the objective possibilities of achieving the set protection goals, ensuring the required degree of information security. Taking into account the provisions considered, the tasks can be divided into two main groups:

1) timely and complete satisfaction of information needs arising in the process of management and other activities, that is, providing specialists of internal affairs bodies with confidential information;

2) protecting classified information from unauthorized access to it by other entities.

When solving the first group of problems - providing specialists with information - it is necessary to take into account that specialists can use both open and confidential information. The provision of open information is not limited by anything other than its actual availability. When providing classified information, restrictions apply that require access to information of the appropriate degree of secrecy and permission to access specific information. An analysis of current practice and regulatory legal acts that determine the procedure for a specialist’s access to relevant information has made it possible to identify a number of contradictions. On the one hand, maximum restriction of access to classified information reduces the likelihood of leakage of this information; on the other hand, in order to meaningfully and effectively solve official problems, it is necessary to most fully satisfy the specialist’s information needs. Under normal, non-routine conditions, a specialist has the opportunity to use a variety of information to solve the problem facing him. When providing him with classified information, his ability to access it is limited by two factors: his official position and the problem the specialist is currently solving.

The second group of tasks involves protecting confidential information from unauthorized access to it by unauthorized persons. It is common both for internal affairs bodies and for all government bodies and includes:

1) protecting the country’s information sovereignty and expanding the state’s ability to strengthen its power through the formation and management of the development of its information potential;

2) creating conditions for the effective use of information resources of society and the state;

3) ensuring the security of protected information: preventing theft, loss, unauthorized destruction, modification, blocking of information;

4) maintaining the confidentiality of information in accordance with the established rules for its protection, including preventing leaks and unauthorized access to its media, preventing its copying, modification, etc.;

5) maintaining the completeness, reliability, integrity of information and its arrays and processing programs established by the owner of the information or his authorized persons.

Department of Informatics and Mathematics

Test

“Fundamentals of information security in internal affairs bodies”

Performed:

Bychkova Elena Nikolaevna

2nd year student, 2nd group

Moscow – 2009

Plan

1. The concept and goals of conducting special inspections of informatization objects; main stages of the audit

2. Vulnerability of computer systems. The concept of unauthorized access (UNA). Classes and types of NSD

2.1 Vulnerability of the main structural and functional elements of distributed AS

2.2 Threats to the security of information, AS and subjects of information relations

2.3 Main types of threats to the security of subjects of information relations

List of used literature

1. The concept and goals of conducting special inspections of informatization objects; main stages of the audit

Informatization object - a set of informatization tools together with the premises in which they are installed, intended for processing and transmission of protected information, as well as dedicated premises.

Information technology means computer technology and communications, office equipment designed for collecting, accumulating, storing, searching, processing data and distributing information to the consumer.

Computer equipment - electronic computers and complexes, personal electronic computers, including software, peripheral equipment, teleprocessing devices.

A computer object (CT) is a stationary or mobile object, which is a complex of computer equipment designed to perform certain information processing functions. Computer facilities include automated systems (AS), automated workstations (AWS), information and computing centers (ICC) and other complexes of computer equipment.

Computer facilities can also include individual computer facilities that perform independent information processing functions.

Dedicated premises (VP)- a special room intended for holding meetings, conferences, conversations and other events of a speech nature on secret or confidential issues.

Activities of a speech nature can be carried out in dedicated premises with or without the use of technical means of speech information processing (TSIP).

Technical Information Processing Tool (ITI)- a technical device designed to receive, store, search, transform, display and/or transmit information via communication channels.

ICT includes computer equipment, communication tools and systems, means of recording, amplifying and reproducing sound, intercom and television devices, means of producing and reproducing documents, film projection equipment and other technical means associated with reception, accumulation, storage, search, transformation, display and/or transmission of information via communication channels.

Automated system (AC)- a set of software and hardware designed to automate various processes related to human activity. At the same time, a person is a link in the system.

Special check This is a check of a technical means of information processing carried out with the aim of searching and seizing special electronic embedded devices (hardware embedded).

Certificate of the object of protection- a document issued by a certification body or other specially authorized body confirming the presence at the protection facility of necessary and sufficient conditions to fulfill the established requirements and standards for the effectiveness of information protection.

Certificate of allocated premises- a document issued by the certification (certification) body or other specially authorized body, confirming the presence of the necessary conditions that ensure reliable acoustic protection of the allocated premises in accordance with established norms and rules.

Instructions for use- a document containing requirements for ensuring the security of a technical means of information processing during its operation.

Certification test program- a mandatory organizational and methodological document establishing the object and purpose of the test, the types, sequence and volume of experiments performed, the procedure, conditions, place and timing of testing, provision and reporting on them, as well as responsibility for provision and conduct of tests.

Methodology of certification tests- mandatory organizational and methodological document, including test method, means and test conditions, sampling, algorithm for performing operations. By determining one or more interrelated characteristics of the security of an object, a form for presenting data and assessing the accuracy and reliability of the results.

Certification test report- a document containing the necessary information about the test object, the methods, means and test conditions used, as well as a conclusion on the test results, drawn up in the prescribed manner.

Main technical means and systems (OTSS)- technical means and systems, as well as their communications, used for processing, storing and transmitting confidential (secret) information.

OTSS may include information technology tools and systems (computer tools, automated systems of various levels and purposes based on computer technology, including information and computing complexes, networks and systems, communication and data transmission tools and systems), technical means of reception, transmission and processing of information (telephony, sound recording, sound amplification, sound reproduction, intercom and television devices, means of production, replication of documents and other technical means of processing speech, graphic video, semantic and alphanumeric information) used for processing confidential (secret) information.

Auxiliary technical means and systems (ATSS)- technical means and systems not intended for the transmission, processing and storage of confidential information, installed together with the OTSS or in dedicated premises.

These include:

Various types of telephone facilities and systems;

Means and systems for data transmission in the radio communication system;

Security and fire alarm systems and equipment;

Means and systems of warning and alarm;

Control and measuring equipment;

Air conditioning products and systems;

Tools and systems for wired radio broadcasting networks and reception of radio and television programs (subscriber loudspeakers, radio broadcasting systems, televisions and radios, etc.);

Electronic office equipment.

Preparation of documents based on the results of certification tests:

Based on the results of certification tests in various areas and components, test reports are drawn up. Based on the protocols, a Conclusion is adopted based on the certification results with a brief assessment of the compliance of the informatization object with information security requirements, a conclusion about the possibility of issuing a “Certificate of Conformity” and the necessary recommendations. If the information object meets the established requirements for information security, a Certificate of Compliance is issued for it.

Re-certification of an informatization object is carried out in the case when changes have been made to a recently certified object. Such changes may include:

Changing the location of the OTSS or VTSS;

Replacing OTSS or VTSS with others;

Replacement of technical means of information security;

Changes in the installation and laying of low-current and solo cable lines;

Unauthorized opening of sealed OTSS or VTSS cases;

Carrying out repair and construction work in designated premises, etc.

If it is necessary to re-certify an informatization object, re-certification is carried out according to a simplified program. Simplifications consist in the fact that only elements that have undergone changes are tested.

2. Vulnerability of computer systems. The concept of unauthorized access (UNA). Classes and types of NSD

As analysis shows, most modern automated information processing systems (AS) in the general case are geographically distributed systems of local computer networks (LANs) and individual computers intensively interacting (synchronizing) with each other using data (resources) and managing (events).

In distributed systems, all the “traditional” methods for locally located (centralized) computing systems of unauthorized interference in their operation and access to information are possible. In addition, they are characterized by new specific channels for penetration into the system and unauthorized access to information.

Let us list the main features of distributed speakers:

· territorial separation of system components and the presence of intensive information exchange between them;

· a wide range of used methods for presenting, storing and transmitting information;

· integration of data for various purposes belonging to various subjects within unified databases and, conversely, placement of data required by some subjects in various remote network nodes;