When we talk about a threat information security As a rule, we imagine an experienced hacker, day and night, scrupulously studying the slightest gaps in database protection. However, as practice shows, often trouble comes from within the company - due to oversight or malicious intent, confidential information leaks through the organization's employees.

A number of serious specialists in organization information security calls the internal threat the most important, giving it up to 80% of the total number of potential risks. Indeed, if we consider the average damage from hacker attacks, it will be close to zero, due to the large number of hacking attempts and their very low effectiveness. A single case of personnel error or successful insider crime can cost the company multimillion-dollar losses (direct and indirect), litigation and notoriety in the eyes of clients. In fact, the very existence of the company may be under threat and this, alas, is a reality. How to provide ? How to protect yourself from information leaks? How to recognize and prevent an internal threat in time? What methods of combating it are most effective today?

The enemy is within

Almost any employee with access to confidential company information can become an internal attacker, or insider. The motivation for an insider’s actions is not always obvious, which entails significant difficulties in identifying him. A recently fired employee who harbors a grudge against his employer; a dishonest worker who wants to make extra money by selling data; modern Herostratus; a specially embedded agent of a competitor or criminal group - these are just a few archetypes of an insider.

The root of all the troubles that malicious insider actions can bring lies in underestimating the importance of this threat. According to a study conducted by Perimetrix, the leak of more than 20% of a company's confidential information in most cases leads to its collapse and bankruptcy. Particularly frequent, but still the most vulnerable victims of insiders are financial institutions of any size - with a staff of hundreds to several thousand employees. Despite the fact that in most cases companies try to hide or significantly underestimate the real figures of damage from the actions of insiders, even the officially announced amounts of losses are truly impressive. Much more painful than the financial losses for the company is the damage to the company’s reputation and a sharp decline in customer confidence. Often, indirect losses can be many times greater than actual direct damage. Thus, the case of the Liechtenstein bank LGT is widely known, when in 2008 a bank employee handed over a database of depositors to the intelligence services of Germany, the USA, Great Britain and other countries. As it turned out, a huge number of foreign clients of the bank used the special LGT status to conduct transactions bypassing the tax laws in force in their countries. A wave of financial investigations and related litigation swept across the world, and LGT Bank lost all its significant clients, suffered critical losses and plunged the whole of Liechtenstein into a severe economic and diplomatic crisis. You also don’t need to look far for very recent examples - at the beginning of 2011, the fact of leakage of personal data of clients was recognized by such a financial giant as Bank of America. As a result of fraudulent activities, information containing names, addresses, social security and telephone numbers, bank account and driver's license numbers, email addresses, PIN codes and other personal information of depositors was leaked from the bank. It is unlikely that it will be possible to accurately determine the real scale of the bank’s losses, unless the amount was officially announced as “more than $10 million.” The cause of the data leak was the actions of an insider who transferred information to an organized criminal group. However, not only banks and funds are under the threat of insider attacks; it is enough to recall a number of high-profile scandals related to the publication of confidential data on the WikiLeaks resource - according to experts, a fair share of information was obtained through insiders.

Prose of life

Unintentional harm to confidential company data, its leakage or loss is a much more common and prosaic thing than harm caused by insiders. Carelessness of personnel and lack of proper technical support for information security can cause a direct leak of corporate secrets. Such negligence not only causes serious damage to the company’s budget and reputation, but can also cause widespread public dissonance. Once released, secret information becomes the property not of a narrow circle of attackers, but of the entire information space - the leak is discussed on the Internet, on television, and in the press. Let's remember the loud scandal with the publication of SMS messages from the largest Russian operator cellular communications"Megaphone". Due to the inattention of technical staff, SMS messages were indexed by Internet search engines, and subscriber correspondence containing information of both a personal and business nature was leaked into the network. A very recent case: the publication of personal data of clients of the Russian Pension Fund. An error by representatives of one of the fund's regional offices led to the indexing of personal information of 600 people - names, registration numbers, detailed amounts of savings of Pension Fund clients could be read by any Internet user.

A very common cause of confidential data leaks due to negligence is related to the daily rotation of documents within the company. For example, an employee can copy a file containing sensitive data to a laptop, USB drive or PDA to work with data outside the office. Also, the information may end up on a file hosting service or personal mail employee. In such situations, the data is completely defenseless for attackers who can take advantage of an unintentional leak.

Golden armor or body armor?

To protect against data leakage, the information security industry creates a variety of information leakage protection systems, traditionally referred to by the abbreviation DLP from English. Data Leakage Prevention. As a rule, these are complex software systems that have wide functionality to prevent malicious or accidental leakage of classified information. The peculiarity of such systems is that for their correct operation, a strictly adjusted structure of the internal circulation of information and documents is required, since the security analysis of all actions with information is based on working with databases. This explains the high cost of installing professional DLP solutions: even before direct implementation, the client company has to purchase a database management system (usually Oracle or SQL), order an expensive analysis and audit of the information circulation structure, and develop a new security policy. A common situation is when more than 80% of the information in a company is unstructured, which gives a visual idea of ​​the scale of preparatory activities. Of course, the DLP system itself also costs a lot of money. It is not surprising that only large companies that are ready to spend millions on information security of the organization.

But what should small and medium businesses do if they need to provide business information security, but there are no funds and opportunities to implement a professional DLP system? The most important thing for a company manager or security officer is to determine what information to protect and what aspects of employees’ information activities to control. IN Russian business The prevailing opinion is still that absolutely everything needs to be protected, without classifying information or calculating the effectiveness of protective measures. With this approach, it is quite obvious that having learned the amount of expenses for enterprise information security, the head of a small and medium-sized business waves his hand and hopes for “maybe.”

There are alternative methods of protection that do not affect databases and the existing life cycle of information, but provide reliable protection against the actions of attackers and the negligence of employees. These are flexible modular systems that work seamlessly with other security tools, both hardware and software (for example, antiviruses). A well-designed security system provides very reliable protection from both external and internal threats, providing an ideal balance of price and functionality. According to experts from the Russian information security system developer SafenSoft, the optimal combination is a combination of protection elements against external threats (for example, HIPS to prevent intrusions, plus an anti-virus scanner) with monitoring and control tools for users and applications to certain sectors of information. With this approach, the entire network structure of the organization is completely protected from possible hacking or infection by viruses, and the means of monitoring and monitoring the actions of personnel when working with information can effectively prevent data leaks. If you have all the necessary arsenal of protective equipment, the cost of modular systems is tens of times less than complex DLP solutions and does not require any costs for preliminary analysis and adaptation information structure companies.

So, let's summarize. Threats enterprise information security are absolutely real and should not be underestimated. In addition to countering external threats, special attention should be paid to internal threats. It is important to remember that leaks of corporate secrets occur not only due to malicious intent - as a rule, they are caused by the elementary negligence and inattention of an employee. When choosing means of protection, there is no need to try to cover all conceivable and inconceivable threats; there is simply not enough money and effort for this. Build a reliable modular security system that is protected from the risks of external intrusion and allows you to control and monitor the flow of information within the company.

Enterprise information security is a state of security of corporate data that ensures their confidentiality, integrity, authenticity and availability.

Information security of an enterprise is achieved by a whole range of organizational and technical measures aimed at protecting corporate data. Organizational measures include documented procedures and rules for working with different types of information, IT services, security tools, etc. Technical measures include the use of hardware and software access control, leak monitoring, anti-virus protection, firewalling, electromagnetic radiation protection, etc.

The tasks of enterprise information security systems are varied. This is to ensure secure storage of information on different media; protection of data transmitted via communication channels; differentiation of access to various types of documents; creating backup copies, disaster recovery of information systems, etc.

Ensuring the information security of an enterprise is possible only with a systematic and comprehensive approach to protection. The information security system must take into account all current computer threats and vulnerabilities.

Complete information security of enterprises and organizations implies continuous monitoring in real time of all important events and conditions affecting data security. Protection must be carried out around the clock and year-round and cover the entire life cycle of information - from its receipt or creation to destruction or loss of relevance.

At the enterprise level, the departments of information technology, economic security, personnel and other services are responsible for information security.

Rapidly developing computer information technologies are making significant changes in our lives. Information has become a commodity that can be purchased, sold, and exchanged. Moreover, the cost of information is often hundreds of times greater than the cost of the computer system in which it is stored.

The well-being and sometimes the lives of many people currently depend on the degree of security of information technologies. This is the price to pay for the increasing complexity and widespread distribution of automated information processing systems.

Under information security refers to the security of an information system from accidental or intentional interference causing damage to owners or users of information.

In practice, three aspects of information security are most important:

• availability(the ability to obtain the required information service within a reasonable time);
• integrity(relevance and consistency of information, its protection from destruction and unauthorized changes);
• confidentiality(protection from unauthorized reading).

Violations of the availability, integrity and confidentiality of information can be caused by various dangerous impacts on computer information systems.

Main threats to information security

A modern information system is a complex system consisting of a large number of components of varying degrees of autonomy that are interconnected and exchange data. Almost every component can be exposed to external influences or fail. The components of an automated information system can be divided into the following groups:

• hardware- computers and their components (processors, monitors, terminals, peripheral devices - disk drives, printers, controllers, cables, communication lines, etc.);
• software- purchased programs, source, object, load modules; operating systems and system programs (compilers, linkers, etc.), utilities, diagnostic programs, etc.;
• data- stored temporarily and permanently, on magnetic media, printed, archives, system logs, etc.;
• staff- operating personnel and users.

Dangerous impacts on a computer information system can be divided into accidental and intentional. An analysis of experience in the design, manufacture and operation of information systems shows that information is subject to various random influences at all stages of the system’s life cycle. Reasons random influences during operation there may be:

• emergencies due to natural disasters and power outages;
• equipment failures and malfunctions;
• software errors;
• errors in personnel work;
• interference in communication lines due to environmental influences.

Intentional influences- these are targeted actions of the offender. The offender may be an employee, a visitor, a competitor, or a mercenary. The actions of the offender may be due to different motives:

• employee dissatisfaction with his career;
• bribe;
• curiosity;
• competition;
• the desire to assert oneself at any cost.

You can create a hypothetical model of a potential violator:

• qualification of the offender at the level of the developer of this system;
• the violator can be either an outsider or a legitimate user of the system;
• the offender knows information about the operating principles of the system;
• the offender chooses the weakest link in the defense.

The most common and diverse type of computer violations is unauthorized access(NSD). NSD exploits any error in the security system and is possible due to an irrational choice of security means, their incorrect installation and configuration.

Let's classify non-discriminatory information channels through which information can be stolen, changed or destroyed:

• Through a person:
  • theft of storage media;
  • reading information from the screen or keyboard;
  • reading information from a printout.
• Through the program:
  • password interception;
  • decryption of encrypted information;
  • copying information from storage media.
• Via equipment:
  • connection of specially designed hardware that provides access to information;
  • interception of side electromagnetic radiation from equipment, communication lines, power supply networks, etc.

Particular attention should be paid to the threats to which computer networks may be exposed. The main feature of any computer network is that its components are distributed in space. Communication between network nodes is carried out physically using network lines and programmatically using a message mechanism. In this case, control messages and data sent between network nodes are transmitted in the form of exchange packets. Computer networks are characterized by the fact that so-called remote attacks. The intruder may be located thousands of kilometers from the object being attacked, and not only a specific computer may be attacked, but also information transmitted over network communication channels.

Ensuring information security

Formation of an information security regime is a complex problem. Measures to solve it can be divided into five levels:

1. legislative (laws, regulations, standards, etc.);
2. moral and ethical (all kinds of standards of behavior, non-compliance with which leads to a decline in the prestige of a particular person or an entire organization);
3. administrative (general actions taken by the organization’s management);
4. physical (mechanical, electro- and electronic-mechanical obstacles on possible entry routes for potential intruders);
5. hardware and software (electronic devices and special information security programs).

A single set of all these measures aimed at countering security threats in order to minimize the possibility of damage form protection system.

A reliable protection system must comply with the following principles:

• The cost of protective equipment should be less than the amount of possible damage.
• Each user must have the minimum set of privileges required to operate.
• The protection is more effective the easier for the user work with her.
• Possibility of shutdown in case of emergency.
• Specialists involved in the protection system must fully understand the principles of its operation and, in the event of difficult situations, respond adequately to them.
• The entire information processing system must be protected.
• The developers of the security system should not be among those whom this system will control.
• The security system must provide evidence of the correctness of its operation.
• Persons involved in ensuring information security must bear personal responsibility.
• It is advisable to divide protected objects into groups so that a violation of protection in one of the groups does not affect the security of others.
• A reliable security system must be fully tested and consistent.
• Protection becomes more effective and flexible if it allows the administrator to change its parameters.
• Security systems must be designed with the assumption that users will make serious mistakes and generally have the worst intentions.
• The most important and critical decisions must be made by humans.
• The existence of security mechanisms should be hidden, if possible, from the users whose work is being monitored.

Hardware and software for information security

Despite the fact that modern operating systems for personal computers, such as Windows 2000, Windows XP and Windows NT, have their own security subsystems, the relevance of creating additional security tools remains. The fact is that most systems are not able to protect data located outside of them, for example during network information exchange.

Hardware and software information security tools can be divided into five groups:

1. User identification (recognition) and authentication (authentication) systems.
2. Disk data encryption systems.
3. Encryption systems for data transmitted over networks.
4. Electronic data authentication systems.
5. Cryptographic key management tools.

1. User identification and authentication systems

They are used to restrict access of random and illegal users to computer system resources. The general algorithm for the operation of such systems is to obtain identification information from the user, verify its authenticity, and then provide (or not provide) this user with the ability to work with the system.

When building these systems, the problem of choosing information on the basis of which user identification and authentication procedures are carried out arises. The following types can be distinguished:

• secret information that the user has (password, secret key, personal identifier, etc.); the user must remember this information or special storage means can be used for it;
• physiological parameters of a person (fingerprints, iris patterns, etc.) or behavioral characteristics (features of working on a keyboard, etc.).

Systems based on the first type of information are considered traditional. Systems that use the second type of information are called biometric. It should be noted that there is an emerging trend of accelerated development biometric systems identification.

2. Disk data encryption systems

To make information useless to an adversary, a set of data transformation methods called cryptography[from Greek kryptos- hidden and grapho- writing].

Encryption systems can perform cryptographic transformations of data at the file level or at the disk level. Programs of the first type include archivers such as ARJ and RAR, which allow the use of cryptographic methods to protect archive files. An example of the second type of system is the Diskreet encryption program, part of the popular Norton Utilities software package, Best Crypt.

Another classification feature of disk data encryption systems is the way they operate. According to the method of functioning, disk data encryption systems are divided into two classes:

• "transparent" encryption systems;
• systems specifically called to perform encryption.

In transparent encryption systems (on-the-fly encryption), cryptographic transformations are carried out in real time, unnoticed by the user. For example, a user writes a document prepared in a text editor to a protected disk, and the security system encrypts it during the writing process.

Second-class systems are usually utilities that must be specifically called to perform encryption. These include, for example, archivers with built-in password protection.

Most systems that offer to set a password for a document do not encrypt the information, but only require a password when accessing the document. Such systems include MS Office, 1C and many others.

3. Encryption systems for data transmitted over networks

There are two main encryption methods: channel encryption and terminal (subscriber) encryption.

When channel encryption All information transmitted over the communication channel, including service information, is protected. This encryption method has the following advantage - embedding encryption procedures into the data link layer allows the use of hardware, which helps improve system performance. However, this approach also has significant disadvantages:

• encryption of service data complicates the mechanism for routing network packets and requires data decryption in intermediate communication devices (gateways, repeaters, etc.);
• encryption of service information can lead to the appearance of statistical patterns in encrypted data, which affects the reliability of protection and imposes restrictions on the use of cryptographic algorithms.

Terminal (subscriber) encryption allows you to ensure the confidentiality of data transmitted between two subscribers. In this case, only the content of messages is protected, all service information remains open. The disadvantage is the ability to analyze information about the structure of the message exchange, such as the sender and recipient, the time and conditions of data transfer, and the amount of data transferred.

4. Electronic data authentication systems

When exchanging data over networks, the problem of authenticating the author of the document and the document itself arises, i.e. establishing the authenticity of the author and checking that there are no changes in the received document. To authenticate data, a message authentication code (imit insertion) or an electronic signature is used.

Imitovstak generated from the plain data through a special encryption transformation using a secret key and transmitted over the communication channel at the end of the encrypted data. The impersonation insertion is verified by the recipient, who holds the secret key, by repeating the procedure previously performed by the sender on the received public data.

Electronic digital signature represents a relatively small amount of additional authentication information transmitted along with the signed text. The sender generates a digital signature using the sender's private key. The recipient verifies the signature using the sender's public key.

Thus, to implement imitations, the principles of symmetric encryption are used, and to implement an electronic signature, asymmetric encryption is used. We will study these two encryption systems in more detail later.

5. Cryptographic key management tools

The security of any cryptosystem is determined by the cryptographic keys used. If key management is insecure, an attacker could obtain key information and gain full access to all information on a system or network.

The following types of key management functions are distinguished: generation, storage, and distribution of keys.

Methods key generation for symmetric and asymmetric cryptosystems are different. To generate keys for symmetric cryptosystems, hardware and software tools for generating random numbers are used. Key generation for asymmetric cryptosystems is more complex, since the keys must have certain mathematical properties. We will dwell on this issue in more detail when studying symmetric and asymmetric cryptosystems.

Function storage involves organizing the safe storage, recording and deletion of key information. To ensure secure storage of keys, they are encrypted using other keys. This approach leads to the concept of a key hierarchy. The key hierarchy typically includes a master key (i.e., a master key), a key encryption key, and a data encryption key. It should be noted that the generation and storage of the master key is a critical issue in cryptographic security.

Distribution- the most critical process in key management. This process must ensure the confidentiality of the keys being distributed, as well as be fast and accurate. Keys are distributed among network users in two ways:

• using direct exchange of session keys;
• using one or more key distribution centers.

List of documents

1. ABOUT STATE SECRETS. Law of the Russian Federation of July 21, 1993 No. 5485-1 (as amended by Federal Law of October 6, 1997 No. 131-FZ).
2. ABOUT INFORMATION, INFORMATION AND INFORMATION PROTECTION. Federal Law of the Russian Federation of February 20, 1995 No. 24-FZ. Adopted by the State Duma on January 25, 1995.
3. ON LEGAL PROTECTION OF PROGRAMS FOR ELECTRONIC COMPUTING MACHINES AND DATABASES. Law of the Russian Federation of February 23, 1992 No. 3524-1.
4. ABOUT ELECTRONIC DIGITAL SIGNATURE. Federal Law of the Russian Federation of January 10, 2002 No. 1-FZ.
5. ABOUT COPYRIGHT AND RELATED RIGHTS. Law of the Russian Federation of July 9, 1993 No. 5351-1.
6. ABOUT FEDERAL GOVERNMENT COMMUNICATIONS AND INFORMATION BODIES. Law of the Russian Federation (as amended by Decree of the President of the Russian Federation dated December 24, 1993 No. 2288; Federal Law dated November 7, 2000 No. 135-FZ.
7. Regulations on the accreditation of testing laboratories and certification bodies for information security equipment according to information security requirements / State Technical Commission under the President of the Russian Federation.
8. Instructions on the procedure for marking certificates of conformity, their copies and certification means of information security / State Technical Commission under the President of the Russian Federation.
9. Regulations on certification of informatization objects according to information security requirements / State Technical Commission under the President of the Russian Federation.
10. Regulations on certification of information security means according to information security requirements: with additions in accordance with Decree of the Government of the Russian Federation of June 26, 1995 No. 608 “On certification of information security means” / State Technical Commission under the President of the Russian Federation.
11. Regulations on state licensing of activities in the field of information security / State Technical Commission under the President of the Russian Federation.
12. Automated systems. Protection against unauthorized access to information. Classification of automated systems and requirements for information protection: Guiding document / State Technical Commission under the President of the Russian Federation.
13. Fund protection concept computer technology and automated systems against unauthorized access to information: Guiding document / State Technical Commission under the President of the Russian Federation.
14. Computer facilities. Firewalls. Protection against unauthorized access to information. Indicators of security against unauthorized access to information: Guiding document / State Technical Commission under the President of the Russian Federation.
15. Computer facilities. Protection against unauthorized access to information. Indicators of security against unauthorized access to information: Guiding document / State Technical Commission under the President of the Russian Federation.
16. Data protection. Special protective signs. Classification and general requirements: Guiding document / State Technical Commission under the President of the Russian Federation.
17. Protection against unauthorized access to information. Terms and definitions: Guiding document / State Technical Commission under the President of the Russian Federation.

Ensuring information security of the Russian Federation is a developing and promising sector that plays a huge role in storing and transmitting data.

Information security system of the Russian Federation

IN lately Any organization or individual has a very large amount of generalized information that is stored on the Internet or on computers, such a large amount of information has become the reason that it is leaked very often, but no one would want classified and confidential information about anything. or got into the hands of strangers, in fact, this is why it is necessary to take precautions to ensure information security.

Statistics in this area show that a number of countries have already begun to apply certain information security measures that have become generally accepted, but there are other statistics that show us that fraudsters not only have not stopped trying to get to sensitive information, on the contrary, with improvement , attackers are finding new ways to bypass or hack it, so at the moment we can see a trend of increasing fraudulent activity, not decreasing. I would like to add that now the information provision of the Russian Federation is developing quite rapidly and has a positive growth trend; previously there was no such high level of information provision in the Russian Federation.

Absolutely any organization or enterprise understands perfectly well that the threat of losing classified information is quite high, so they try with all their might to prevent leakage and make sure that classified information remains classified as such, but the scheme is not professional, it protects a large amount of information and closes many passages for scammers, but gaps still remain in it, so it happens that competent programmers bypass security systems and get to secret information, which they then use for illegal purposes.

Functions and conditions of the information security system

The main functions of the information security system of the Russian Federation, which must be present in any security system:

1. Instant detection of intrusion threats. Eliminating this threat and closing the channel of access to information with the help of which attackers can harm an enterprise and an individual in material and moral terms;
2. Creating a mechanism for quickly identifying violations in the operation of the enterprise and responding to situations in which information security is in a weakened state or under the threat of hacking;
3. Conditions are being created to compensate for possible damage caused to the enterprise by physical or legal entity, and conditions for the speedy restoration of the enterprise, so that the lost information cannot affect its operation and the achievement of the objectives set for the enterprise.

Video about media monitoring:

Information base and principles of ISMS

The above tasks already provide sufficient information base, so that a person understands why information security systems are needed and how it functions in real conditions.

Principles for building an information security system that should guide organizations and enterprises when protecting confidential information from intruders.

It has long been known that in order to ensure a high level of your own information, you need to be guided by certain principles, since without them the scheme information support will be easily bypassed, thus you cannot always be sure that the information is truly classified.

1. So, the first and most important principle of the information security system of the Russian Federation is continuous work to improve and improve the system, since development technologies do not stand still, and neither does the development of fraudulent activities aimed at hacking and obtaining secret data, therefore such a scheme should be constantly improved. It is necessary to check and test the current security system as often as possible - this aspect is included in the first principle of building an information security system; one should analyze the system and, if possible, identify its defense gaps and weaknesses, which attackers will actually use. When you find gaps or any ways of information leakage, you should immediately update the security system mechanism and modify it so that the gaps found are immediately closed and inaccessible to fraudsters. Based this principle, it’s worth learning that you can’t just install a security system and be calm about your secret information, since this system needs to be constantly analyzed, improved and improved;
2. The second principle is to use the full potential of system security, all functions for each individual file that is responsible for one or another aspect of the enterprise’s operation, that is, the security system must be used in its entirety and comprehensively, so that the entire arsenal available to this system must be in service;
3. The third and final principle is the holistic use of the security system; you should not break it into separate parts, consider individual functions, thereby ensuring different levels of security important files and less important. It works like one huge mechanism, which has a large number of gears that perform different functions, but make up one system.

Video about ensuring the safety of industrial systems:

Legislation and ISPS

A very important aspect of an information security system is cooperation with government law enforcement agencies and the legality of this system. An important role is played by the high level of professionalism of the employees of the company providing you with information security; do not forget that an agreement on non-disclosure of the company’s secret information must be concluded with this company and its employees, since all employees ensuring the full operation of the security system will have access to information company, thus you must have guarantees that employees will not transfer this information to third parties interested in obtaining it for personal gain or to undermine the work of your enterprise.

If you neglect these principles and conditions, then your security will not be able to provide you with the required high level of protection, thereby there will be no guarantee that the data is constantly out of the reach of attackers, and this can have a very bad effect on the operation of the enterprise.

Requirements for ensuring information security of any object

You need to not only know the principles, but also be able to put them into practice; this is why there are a number of requirements for the information security protection system that must be met, just like the principles themselves.

An ideal security scheme should be:

1. Centralized. The security system must always be managed centrally, therefore the information security system of an enterprise must be similar to the structure of the enterprise itself, to which this method of ensuring information security (ISIS) is attached;
2. Planned. Based on the general goals of ensuring information security, each individual employee responsible for a specific aspect of the system should always have a detailed plan for improving the security system and using the current one. This is necessary in order for information protection to work as one holistic scheme, which will ensure the highest level of protection of confidential information of the protected object;
3. Concretized. Each security scheme must have specific protection criteria, since different enterprises different preferences, some need to protect specific files that the company’s competitors can use in order to undermine the production process. Other companies need holistic protection for each file, regardless of its importance, so before you install information protection, you should decide what exactly you need it for;
4. Active. It is always necessary to ensure the protection of information very actively and purposefully. What does it mean? This means that a company providing a security base must have a department containing experts and analysts. Because your security principle should not only eliminate existing threats and find gaps in the database, but also know ahead possible variant development of an event in order to prevent possible threats even before they appear, therefore the analytical department is a very important part in the information security structure, do not forget about this and try to pay special attention to this aspect. "Forewarned is forearmed";
5. Universal. Your scheme should be able to adapt to absolutely any conditions, that is, it does not matter on what medium your database is stored, and it should not matter in what language it is presented and in what format it is contained. If you want to transfer it to another format or to another medium, this should not cause information leakage;
6. Unusual. Your information security plan must be unique, that is, it must be different from similar schemes that other enterprises or firms use. For example, if another enterprise that has a data protection scheme similar to yours was attacked, and attackers were able to find a hole in it, then the likelihood that the resource will be hacked increases significantly, so in this regard you should show individuality and establish for your enterprise, a security scheme that has never appeared or been used anywhere before, thereby increasing the level of protection of your enterprise’s confidential data;
7. Open. It should be open in terms of changes, adjustments and improvements made, that is, if you find a gap in the defense of your own security system or want to improve it, you should not have problems with access, since access to the system may take some time, during which the database can be hacked, so make it open to your own company and the company providing information security for the Russian Federation, on which the preservation of your information systems depends;
8. Economical. Cost-effectiveness is the last requirement for any security system; you must calculate everything and make sure that the costs of information support for information security systems of the Russian Federation in no case exceed the value of your information. For example, no matter how expensive and advanced a security design is, there is still a possibility that it can be hacked or bypassed, since a gap can be found in any security if desired, and if you spend a lot of money on such a security design, but in At the same time, the data itself is not worth that kind of money, then it is simply pointless spending that can negatively affect the enterprise’s budget.

Video about IDM solutions:

Secondary information security requirements

The basic requirements necessary for the full operation of the security system were listed above; below, requirements that are not mandatory for the system will be given:

• The security scheme should be quite easy to use, that is, any employee who has access to protected information, if necessary, should not spend a lot of time on this, as this will interfere with the main work; the scheme should be convenient and “transparent”, but only within your company;
• Each employee or authorized representative must have some privileges to access protected information. Again, I’ll give an example: you are the director of an enterprise and there are a number of employees working at your facility whom you trust and can provide access, but you do not do this, and only you and the company employees providing the information security system have access, it turns out that your accountant and other employees, having to look at reports or other protected files, will have to look up from work, tear you or the company's employees providing security away from work, in order to gain access to one file, thereby compromising the work of the enterprise and its efficiency reduced. Therefore, provide privileges to your employees to make work easier for them and for yourself;
• The ability to easily and quickly disable protection, since there are situations when information protection will significantly hinder the operation of the enterprise, in this case you should be able to easily disable and, when necessary, enable the information protection system;
• The information security scheme must function separately from each security subject, that is, they should not be interconnected;
• The company providing you with an information security system should itself periodically try to hack it, it can ask its programmers working on other projects to do this, if they succeed, then they need to immediately find out exactly how this happened and where the weakness in the security system exists, to neutralize it as quickly as possible;
• Your enterprise should not have detailed reports and detailed descriptions of the mechanisms for protecting your information; such information should only be available to the owner of the enterprise and the company providing information security.

Information support system - stages

An important element is the phasing of actions in the development and installation of a system for ensuring information security of the Russian Federation.

Initially, when creating a protection system, you need to determine what exactly is intellectual property for you. For example, for an enterprise, intellectual property is knowledge and accurate information about each product produced, its improvements, the manufacture and development of new products and ideas for improving the enterprise, in general, everything that ultimately brings you profit. If you cannot determine what intellectual property is for you, then no matter how good the information systems support scheme is, it will not be able to provide you with a high level of protection, and you also risk losing unprotected information, which will subsequently lead to moral and material losses, so that this point should initially be given special attention.

After you determine what constitutes intellectual property for you, you should proceed to the following stages, generally accepted for absolutely any organization, regardless of its size and specification:

1. Establishing certain boundaries within which the information systems support plan has its validity;
2. Constantly studying and identifying weaknesses in the security system;
3. Setting a specific security policy and quickly taking countermeasures when a threat is identified;
4. Continuous verification of the information security system;
5. Drawing up a detailed plan for the protection system;
6. Accurate implementation of a previously drawn up plan.

Information plays a special role in the development of civilization. Possession of information resources and their rational use create conditions for optimal management of society. On the contrary, distortion of information, blocking its receipt, and use of unreliable data lead to erroneous decisions.

One of the main factors ensuring efficiency in managing various spheres of public life is the correct use of information of various types. The pace of progress today, and even more so tomorrow, largely depends on the state of affairs in the field of information and computing services in the most important areas of activity - science, technology, production and management.

The problem of using economic information in the field of material production management is especially relevant, where the growth of information flow is quadratically dependent on the industrial potential of the country. In turn, the rapid development of automation processes and the use of computers in all spheres of modern life, in addition to undoubted advantages, have led to the emergence of a number of specific problems. One of them is the need to ensure effective information protection. Based on this, the creation of legal norms that establish the rights and obligations of citizens, groups and the state to information, as well as the protection of this information, become the most important aspect of the state’s information policy. Information protection, especially in the economic sphere, is a very specific and important type of activity. Suffice it to say that in the world the average amount of damage from one bank theft using electronic means is estimated at 9 thousand dollars. Annual losses from computer crimes in the USA and Western Europe reach 140 billion dollars. According to American specialists, the removal of information security systems from computer networks will lead to the ruin of 20% of medium-sized companies within a few hours, 40% of medium-sized and 16% of large companies will fail in a few days, 33% of banks will collapse in 2-5 hours, 50% of banks - in 2 -3 days.

Information about data protection problems that led to material losses in US companies is of interest:

network failures (24%);

software errors (14%);

computer viruses (12 %);

computer malfunctions (11%);

data theft (7%);

sabotage (5%);

unauthorized entry into the network (4%);

others (23%).

The rapid development and spread of computer systems and information networks serving banks and stock exchanges is accompanied by an increase in offenses related to theft and unauthorized access to data stored in computer memory and transmitted over communication lines.

Computer crimes occur today in all countries of the world and are common in many areas of human activity. They are characterized by high secrecy, the difficulty of collecting evidence based on the established facts of their commission, and the difficulty of proving such cases in court. Offenses in the field computer information can be done in the form:

fraud through computer manipulation of the data processing system in order to obtain financial gain;

computer espionage and software theft;

computer sabotage;

theft of services (time), misuse of data processing systems;

unauthorized access to data processing systems and “hacking” them;

traditional crimes in business (economics) committed with the help of data processing systems.

Computer crimes are usually committed by highly qualified system and banking programmers and specialists in the field of telecommunication systems. A serious threat to information resources is posed by hackers And crackers, penetrating computer systems and networks by hacking security software. Crackers can also erase or change data in the information bank in accordance with their interests. Over the past decades, in the countries of the former USSR, a powerful generation of highly trained potential hackers has appeared, working in organizations and departments engaged in information piracy at the state level to use information received from the West for military and economic interests.

What do hackers steal? A potential object can be any information stored in a computer, passing through computer networks or located on computer media and capable of bringing profit to a hacker or his employer. This information includes almost all information that constitutes a trade secret of companies, from developments and know-how to payrolls, from which it is easy to “calculate” the company’s turnover, number of employees, etc.

Particularly valuable is information on banking transactions and loans carried out by e-mail, as well as transactions on the stock exchange. Of great interest to hackers are software products that are valued on the modern market at thousands, or even millions, of dollars.

Crackers - “computer terrorists” - are engaged in damaging programs or information using viruses - special programs that ensure the destruction of information or system failures. Creating “virus” programs is a very profitable business, since some manufacturing companies use viruses to protect their software products from unauthorized copying.

For many companies, obtaining information by introducing a hacker-programmer to competitors is the simplest and most profitable thing. Introducing special equipment to your opponents and constantly monitoring their office for radiation using special equipment is an expensive and dangerous undertaking. In addition, when a competing company discovers technical means, it may respond by starting a game by giving false information. Therefore, your hacker-programmer in the “enemy camp” is the most reliable way fight against competitors.

Thus, the ever-increasing danger of computer crime, primarily in the financial and credit sphere, determines the importance of ensuring the security of automated information systems.

Information security of an organization (institution)

Under The security of an automated information system of an organization (institution) means its protection from accidental or intentional interference in the normal process of operation, as well as from attempts to theft, modification or destruction of its components. System security is achieved by ensuring the confidentiality of the information it processes, as well as the integrity and availability of system components and resources.

Computer confidentiality – this is the property of information to be known only to admitted and verified (authorized) subjects of the system (users, programs, processes, etc.).

Integrity component (resource) of a system – the property of a component (resource) to be unchanged (in the semantic sense) during the operation of the system.

Availability component (resource) of the system – the property of a component (resource) to be available for use by authorized subjects of the system at any time.

System security is ensured by a set of technological and administrative measures applied to hardware, programs, data and services to ensure the availability, integrity and confidentiality of computer-related resources; This also includes procedures for verifying that the system performs certain functions in strict accordance with their planned operating order.

The system security system can be divided into the following subsystems:

computer security;

data security;

secure software;

security of communications.

Computer security is provided by a set of technological and administrative measures applied to computer hardware in order to ensure the availability, integrity and confidentiality of the resources associated with it.

Data Security is achieved by protecting data from unauthorized, accidental, intentional or negligent modifications, destruction or disclosure.

Secure Software represents general-purpose and application programs and tools that safely process data in the system and safely use system resources.

Communication security is provided through telecommunications authentication by taking measures to prevent unauthorized persons from providing sensitive information that may be produced by the system in response to a telecommunications request.

TO information security objects at an enterprise (firm) include:

information resources containing information classified as a trade secret and confidential information presented in the form of documented information arrays and databases;

information technology tools and systems – computer and organizational equipment, networks and systems, general system and application software, automated enterprise (office) management systems, communication and data transmission systems, technical means collection, registration, transmission, processing and display of information, as well as their informative physical fields.

IN modern world information resources have become one of the powerful levers for the economic development of enterprises (firms) playing an important role in business activities. Moreover, the lack of effective computer and modern information technologies in the domestic business sector, which are the basis for the functioning of “fast” economies, significantly hinders the transition to new forms of economic management.

In information and automated enterprise (company) management systems, the foreground is to provide effective solutions to marketing management tasks, i.e., tasks of accounting and analysis of contracts and contacts of the enterprise (company), searching for business partners, organizing advertising campaigns for promoting goods, providing intermediary services, developing market penetration strategies, etc.

Without the support of various political, commercial and official security agencies, it is usually possible to carry out any serious operation efficiently only by hiding your true activities (“illegals deeds”) and your true identity (“illegals personalities”).

This applies both to an amateur individual and to an unofficial group specially created to solve some sensitive problems that do not enjoy universal approval.

The same problem arises when, for some reason, a person needs to hide from various services of a commercial, government, criminal, or political nature.

You can become a typical illegal immigrant either intentionally or forcedly. In any case, however, it is necessary to know at least a minimum of standard security tactics in order to successfully get through this period without losing, through sheer stupidity, physical or mental freedom, and sometimes life itself.

Security system elements

The level of insurance measures used strongly depends on both the degree of desired secrecy of a person (or group), as well as on the situation, environment and, of course, on the capabilities of the insured themselves.

Certain personal safety techniques should become a natural habit and be performed regardless of the needs of the immediate situation.

What is presented here does not exhaust the possible means of ordinary insurance, the criterion for the use of which is always a high opinion of the enemy and, of course, the common sense of the insured themselves.

The following types of security are typical:

External (during communication with strangers);

Internal (when contacting within one’s environment and group);

Local (in various situations and actions).

Let's look at all this in a little more detail.

External security

Various troubles can arise when communicating with ordinary people and government agencies, but much of this can be foreseen and avoided using the banal principle of the three “don’ts”: don’t irritate, don’t get involved, don’t stand out.

Necessary:

Do not attract undue attention to yourself (the tactic of “dissolving in the environment”):

– do not stand out in appearance (ordinary haircut, decent clothes, absence of anything “loud”; if, however, your surroundings are extravagant, then be like them...);

– do not get involved in quarrels and scandals (this, firstly, attracts unnecessary attention to you, and secondly, it may simply be a provocation aimed at arrest or “punishment”);

– carefully pay all utility bills and other government fees; always pay for transport fares;

– try to strictly follow the pattern of the chosen social role and not have any complaints about work (and not stand out there against the general collective background...);

– do not inflame the obsessive curiosity of neighbors with an unusual lifestyle or visits from different people;

– do not show excessive knowledge in anything, unless, of course, your role requires it (do not forget the ancients: “The vigilant must have the law of three nos: “I don’t know,” “I haven’t heard,” “I don’t understand”) .

Do not generate any hostility in neighbors, colleagues and acquaintances, but evoke sympathy in them:

– do not be a “black sheep” (people are always attracted to those who reveal themselves from a side they understand...);

– develop a manner of behavior that does not cause possible wariness in others (excessive curiosity, “intelligence” or obsession...) or hostility (tactlessness, tediousness, pride, rudeness...);

– be even and courteous with everyone around you and, if possible, provide them with small (but not lackey!) services;

– do not do anything that may cause dissatisfaction and curiosity of neighbors (slamming doors at night, too many visitors, returning home by taxi, visits from women, late phone calls in a shared apartment...).

Carefully control all your connections and contacts (remember that “the most dangerous enemy is the one you don’t suspect”):

– keep secrets from your loved ones (wife, friends, relatives, lovers...);

– with habitual wariness (“why and why?”) always perceive attempts to get closer to you (casual acquaintance, someone’s recommendations...);

– treat all repair, advertising and service workers with care, review their documents and politely but reasonably check their identity over the phone, and then with their “colleagues”;

– be careful with anyone who offers seemingly “disinterested” services (loans money, actively helps with something, provides something needed for cheap...).

Find out your own vulnerabilities and know how you can protect yourself here:

– analyze your entire life and highlight those dubious moments that can be used for blackmail or discredit;

– realistically assess the possible consequences of disclosing such facts to all those to whom they may be communicated;

– estimate who and for what reason is capable of knowing incriminating evidence and how it is possible to neutralize such knowledge;

– identify the objects of your vulnerability (woman, children, moral principles...), since through them pressure can be exerted on you;

– identify your weaknesses (hobbies, wine, sex, money, character traits...) and remember that they can always be used against you.

– Do not get involved in dubious scams that are not related to the common cause. You should only get involved in risky adventures that are relevant to your business with permission from above.

Homeland Security

Contacts in your own environment cannot be considered guaranteed to be secure. Remember that “the greatest harm usually comes from two conditions: from disclosing secrets and trusting treacherous people.”

Preservation of identity secrets:

– instead of real names, pseudonyms are always used (usually nominal, but also numerical, alphabetic or “nickname”); in each direction, “players” go under a separate pseudonym, although it is possible to work under several options, as well as act under a common pseudonym of several different persons;

– team members, if possible, know each other only under pseudonyms; Only trusted persons should be aware of real names, home addresses and telephone numbers;

– with the looming possibility of failure and decryption, all used pseudonyms, as a rule, change;

– you should not give anyone any intimate or other information about your own person;

– try to create (using hints or rumors) a fictitious, but outwardly plausible “legend” about yourself;

– no one in the group should show excessive interest in the activities, habits and intimate lives of their comrades;

– no one should disclose to others any information about partners unless absolutely necessary;

– in some cases, it makes sense to visually change your appearance (hairstyle, beard, makeup, wigs, tattoos, skin color, glasses with plain or smoked lenses and different frames, inserts that change your voice and gait...);

– you need to get into the habit of not leaving behind any material traces indicating that you were here (cigarette butts, thrown pieces of paper, shoe marks, contrasting smells, noticeable changes in the environment...).

Keeping the case confidential:

– active working contacts are maintained with a strictly limited set of people (a system of threes or fives depending on the tasks being solved...), while partners should not know what exactly the partners do;

- everyone specializes in only two or three areas, after it has become too dangerous for him to engage in activities in one of them - a respite is possible, as well as a transition to another direction;

– it is necessary to strictly distinguish between operational and information work: let everyone do only their own business;

– the best way to disguise preparation for a specific action is to implement another;

– you can tell others about your activities only if they need it for their business; remember that a secret is kept by a maximum of five people;

– the information received should be conveyed only to those who clearly need it (showing excessive knowledge of something can reveal the source of information, and this can lead to its neutralization);

– be careful when using means of communication that provide obvious opportunities for intercepting information (mail messages, radio and telephone conversations...);

– never write in plain text real addresses, names and settings in letters, or mention them in conversations on the street or on the phone;

– use codes and pseudonyms even during intragroup communication, changing them from time to time;

– the group must have 2-3 separate ciphers, known to different people;

– rely more on memory than on recording; in the latter case, you must use your personal code and cipher;

– try not to have incriminating papers written in your own handwriting or printed on your own office equipment;

– when communicating with “exposed” persons, refrain from direct contacts, using, if necessary, third parties or other means of communication;

– always take into account and remember that there is a possibility of information leakage or betrayal, and be prepared for appropriate counteractions.

Local Security

The best guarantee of success is usually a safety net, and therefore it is advisable to carry out any actions taking into account all possible troubles from the enemy or random witnesses.

General rules for direct communication.

try not to conduct informative conversations in open text on a crowded street or on public transport;

You should not mention real surnames, first names, well-known nicknames and addresses in an open conversation, and also not use “alarming” terminology;

use code names to designate individual actions;

the most secret aspects of the conversation (real addresses, passwords, dates) are written on paper, which is then destroyed;

it is necessary to navigate the technical capabilities of eavesdropping systems and know basic measures to counter them (see the section on obtaining information...);

if one of the interlocutors notices something alarming during a conversation, the partner is warned with a special word (“ATAS”...) or with a gesture (finger to lips...), and the whole conversation is transferred to a neutral direction;

if you know that you are being overheard, it is better not to conduct informative negotiations or use them for misinformation;

when they are supposedly “listening” to you, but you still need to communicate, they use conventional language, where harmless sentences have a completely different meaning; Phrases that should not be taken into account are also used (they are usually communicated by some agreed upon gesture, for example, crossing the fingers...), and often standard techniques (coughing, inserts in the mouth...) that make it difficult to identify the speaker;

when it is necessary to ensure complete secrecy of communication in a crowded place, they use methods of conditional (non-verbal) communication, such as body language, body movements and finger gestures, as well as codes based on clothing attributes (different positions of a headdress, tie clip, handkerchief...) or to manipulate improvised objects (watches, cigarettes, keys...).

Using your phone

A. ENSURING PERSONAL SAFETY:

– try to negotiate the times of other people’s and your own calls and limit the frequency of contacts;

– do not abuse conversations on your own phone (given that it can be tapped) and do not give others your number unless clearly necessary (knowing that it is not difficult to use it to reach your address);

– take into account that everyone can listen phone conversation(when connected on the line...), and only what you are talking about (a bug or a neighbor outside the door...);

– it is useful to build into the device a simple “control” (detecting the voltage drop...) for connecting someone else’s equipment to the line;

– use Caller ID (automatic number identification), or better yet “anti-anti-caller ID”, so as not to advertise your number when calling others;

– do not rely on the reliability of any radiotelephones;

– long-distance and other fixed contacts are best made from someone else’s “number” via a cellular “double” or radio extender (see the section on blackmail...), as well as through a direct connection to any pair of contacts in the switchboard;

– for greater secrecy of negotiations, you can use encryptors (at least simple improvised inverters and scramblers), although their use can sharply stimulate the attention of others;

– you should not particularly trust protection through “noise” or “increasing line voltage”;

– if you don’t want to “decipher” your interlocutor, then you can try to change your voice (through mechanical and electronic gadgets, or by simply coughing, stretching and spreading your lips, pinching your nose...) and the stylistic pattern of the conversation (using jargon...);

– do not forget that sometimes payphones are also tapped, the location of which is easily calculated, like all other telephones;

– if you need someone else’s call, but don’t want to give your coordinates, an intermediate one is used – with an answering machine or a live “dispatcher” who may or may not know (one-way option...) your private number – telephone;

– in some cases, wordless use of the telephone is possible, when one, or more often several “empty” calls in a certain rhythm reveal a certain code;

– sometimes a specific signal can be simply the fact that a certain person calls during the most trivial conversation, as well as the coded mention of code names in case of a “mistaken number”.

B. ENSURING VERBAL SAFETY:

– do not conduct business conversations in open text;

– do not give real dates, names, addresses;

– use code names for individual actions;

– use conventional language in which harmless phrases have a completely different meaning;

– call only when necessary, although it is also possible to have frequent “irrelevant” conversations with the same person (the “dissolving information” tactic).

B. CONVERSATION WITH STRANGERS:

– the entire dialogue is conducted by your partner, and you only say “yes” or “no” so that those standing next to you do not understand or recognize anything;

– the fact that strangers are nearby is communicated in plain text or in a verbal code; the conversation after this should be conducted by the partner, who should not ask any questions that require detailed answers;

– when there is direct control of a not very friendly person, the partner is warned about this by a discussed code phrase (preferably in a greeting...), after which the entire conversation is conducted in an empty or misinformation style;

- if one of the interlocutors believes that his phone is being tapped, he immediately tries to warn those calling him about this using a phrase well known to all of them (“teeth hurt”...), and the conversation then turns into a neutral direction.

D. USING A SHARED TELEPHONE (IN AN APARTMENT, AT WORK...):

– use such a telephone as little as possible (especially “for appointments”), if this is not related to the role being played (dispatcher, advertising agent...);

- call on this phone must be the same person;

– try not to call too late or too early;

– when outsiders try to identify the voice of the caller (“Who’s asking?”...), answer politely and neutrally (“co-worker”...) and, if the person being called is not there, immediately stop further conversation;

- in fact, it is not difficult to make a separate telephone, using, for example, a code splitter, so that a specific dialing of a common number will reliably ensure that only your device is called, without affecting the neighboring one at all.

Organization of meetings

The level of security measures required in specific cases depends on the desired degree of secrecy of the contact, the degree of legality of its participants and the possible control of it by strangers.

A. CHOOSING A MEETING PLACE:

– when looking for suitable places for contact, they usually rely on the principles of naturalness, validity and chance;

– frequent meetings are easiest to carry out at the site of a fan party (fitting into its pattern...), in the hall of the sports section, in the workroom...;

– especially serious meetings can be held in hunting grounds, specially rented dachas, bathhouses, resort sanatoriums, at all kinds of sports centers, on beaches abroad;

– paired meetings are scheduled in the subway and squares, in toilets and cars, on less busy streets, in zoos, museums and exhibitions; intersections in such places are unlikely and therefore less dangerous;

– you should refrain from secret meetings in a famous restaurant, a fashionable cafe and at a train station, given that such places are usually controlled;

– it is possible to hold “casual” meetings in the private apartments of third parties for a justified reason (funeral, anniversary, “washing up” of a certain event...);

– you should not carry out any meetings (except for the everyday ones) in stereotypical communal apartments;

– use your own apartments for contacting in an extremely limited manner;

– in some cases it makes sense to rent a special safe house, if possible in a building where there is a duplicate exit;

– while inspecting the meeting place, make sure whether it is possible to get there unnoticed and how you can safely escape from there; remember the old truth: “If you don’t know how to leave, don’t try to enter!”

B. INFORMATION ABOUT THE MEETING:

– places of possible meeting are usually discussed in advance, and all of them are given a code - alphabetic, numerical or “false” - name, with several options for each;

– others are informed about the intended contact by telephone, pager, letter, and also through a messenger;

– when agreeing on a meeting via “open” communication lines, they use the code name of the place, an encrypted date (for example, the day before the specified one) and a shifted time (by a constant or sliding number);

– before the scheduled date, it is necessary to issue confirmation of contact either in clear text or via signal communication;

– if waiting during a meeting is acceptable (at a public transport stop, in line at a gas station...), it is advisable to indicate a specific period of time, after which there is no need to wait.

B. CONDUCT OF THE MEETING:

– you should arrive at crowded meetings not in a crowd, but dispersed and not leaving all your personal cars in one place;

– try to avoid the presence of any unauthorized or unnecessary persons at the training camp;

- understanding that those who don’t need to know about crowded secret meetings will most likely know, you should not take with you obviously incriminating things (weapons, fake documents...) and remember that they can sometimes be slipped;

– it is very desirable to control the place of communication by special people before, during and after the meeting, so that, if necessary, they can warn of an emerging danger using any agreed upon (taking into account their capture) signals;

- during any contact, you need to figure out how you might be spied on or overheard, stubbornly asking yourself short questions: “Where? How? Who?";

– especially secret conversations must be carried out in local isolated points, checked and insured against all possibilities of eavesdropping, spying and undermining;

– it is desirable to have at least simple indicators that report the radiation of radio microphones or whether the interlocutor has a recording voice recorder;

– the use of even “clumsy” spark suppressors, as well as magnetic recording erasure generators, is useful;

– classic illegal doubles matches are always calculated to the minute and are conducted as “random”;

– in order to arrive at the meeting point at the exact appointed time, it is necessary to time the movement in advance and give some reserve of time for all sorts of surprises (blocking the route route, tying up a stranger, a transport accident...);

– if a meeting is planned on the street, then it doesn’t hurt to take a walk there an hour before the meeting, carefully looking at every passerby and all parking cars; if something worries you, then contact must be postponed, informing your partner about this using camouflaged signaling techniques;

– when meeting with unfamiliar people, they are recognized by a description of their appearance, a specific pose or gesture, a mention of things held in their hands, and best of all, by a photograph, with further confirmation of identity with a verbal (and other) password;

– it is necessary to be located in a hospital in such a way as to constantly monitor the obvious places where the threat arises (say, in a cafe - facing the entrance, while watching what is happening outside the window and being located not far from the open service passage...);

– remember and follow all previously specified rules of verbal communication.

D. ORGANIZATION OF CLOSED MEETINGS (NEGOTIATIONS).

The organization of any event, including meetings and negotiations, is associated with its preparation. There are no uniform infallible rules in this direction. However, the following version of the scheme for such preparation is recommended: planning, collecting material and processing it, analyzing the collected material and editing it.

At the initial planning stage, the topic or issues that it is desirable to discuss and possible participants in the business conversation are determined. In addition, the most favorable moment is selected, and only then is it agreed upon the place, time of the meeting and the organization of security for the enterprise (as a rule, such conversations are conducted one-on-one, confidentially, without the participation of outsiders).

When the meeting has already been scheduled, a plan for its conduct is drawn up. First, you should determine the goals the entrepreneur faces, and then develop a strategy for achieving them and tactics for conducting conversations.

Such a plan is a clear program of action for preparing and conducting a specific conversation. Planning allows you to mitigate and neutralize the influence of unexpectedly emerging new facts or unforeseen circumstances on the course of the conversation.

The plan includes those responsible for the implementation of each item of the plan and the following measures to organize the security of the meeting (negotiations):

1. Meeting guests arriving for the meeting with the client.

2. Coordination of the actions of the main security and bodyguards of invited persons.

3. Security of clothing, belongings of guests and their cars in the surrounding area.

4. Prevention of incidents between guests at a meeting.

5. Monitoring the condition of drinks, snacks and other treats (trained dogs are used for these purposes).

6. Identification of suspicious persons present at the event or in adjacent premises.

7. Clearing the premises (meeting room and adjacent rooms) before negotiations to remove listening devices and explosive devices.

8. Establishment of posts for recording and monitoring persons:

a) coming to a business reception or meeting with packages, briefcases, etc.;

b) bringing audio or video equipment to the event;

c) who come to a business reception or meeting for a short time or unexpectedly leave the event.

9. Preventing listening to conversations of event organizers and guests in the premises and on the telephone.

10. Development of alternative options for conducting negotiations (in a private apartment, in a hotel, in a car, on a boat, in a bathhouse (sauna), etc.

This list of activities is not exhaustive. It can be significantly expanded and specified depending on the conditions of the object of protection, the nature of the event and other conditions agreed with the client.

Common tasks that are solved during meetings (negotiations) or other public events include:

1) meeting rooms are selected in such a way that they are located on the first or last floors and are located between those rooms that are controlled by the security service;

2) familiarization with the object of protection, establishing the state of the crime situation around it;

3) establishing interaction with the police during the events;

4) establishment of access control in order to prevent the bringing of weapons, explosives, flammable and toxic substances, drugs, heavy objects and stones into the protected facility;

5) preventing persons with dogs from entering the protected area or protected premises;

6) control and maintenance of order in the adjacent territory and in adjacent premises;

7) distribution of roles among security guards of the reinforcement (support) group;

8) determination of the equipment of the guards, including their weapons and communications;

9) establishment of open and “encrypted” control and observation posts;

10) preparation of transport in case of extreme circumstances and evacuation of event participants;

11) checking the stability of communication on the territory of the facility in order to identify the so-called “dead zones”;

12) checking the possibility of using gas weapons and tear gas canisters in order to identify the direction of air movement, drafts and turbulence, so that the guards themselves do not suffer as a result of the use of special means;

13) checking the coherence of the guards by practicing various introductory tasks.

During the working stage of security, security service employees (security company) must accurately fulfill their duties agreed upon at the preparation stage.

In this case, special attention is paid to the following issues:

1) the arrival of late participants of the event, who count on a weak access control after the start of the meeting (negotiations);

2) mandatory inspection of the contents of briefcases and large bags or the use of hand-held metal detectors, explosive vapor detectors used to detect mines, grenades, bombs and other explosives;

3) vehicles entering and leaving the protected area must be subject to special inspection, at least visually. This is especially important in order to prevent unauthorized persons from entering the protected facility and to prevent mining of vehicles of meeting (negotiation) participants;

4) control of the interiors and trunks of departing cars can prevent the kidnapping of persons arriving at the event for the purpose of extorting the organizers of the meeting (negotiations);

5) protection of outer clothing and personal belongings of event participants in order to prevent its theft and establish radio bookmarks;

6) despite the desire of the event managers to have a beautiful view from the window, it is necessary to take into account that the area should be convenient for control by the security service (security company);

7) cars that may contain equipment for retrieving information from radio tags should not be parked under the windows of meeting rooms;

8) creating security zones in a room intended for negotiations and equipping it with special equipment, screens, noise generators, etc.;

9) when conducting negotiations for the purpose of preserving trade secrets, all “secret” information is presented in writing, and its discussion takes place in Aesopian language.

At the final stage of the event, the security service (security company) must remain vigilant, despite the seemingly insignificant events occurring at the site, which can be very deceptive.

Inspecting the facility after the completion of the event may involve no less risk to life than work at the previous stages. During this period, the final cleanup of the site is carried out using the same methodology as during the preparatory activities. In this case, a search must be made for persons who may be hiding at the site, or for victims of criminals who require medical assistance. Close attention is paid to forgotten objects and things.

Souvenirs and gifts given to the head of the organization (company) and other participants of the event are subject to control inspection.

Everything discovered by security at the facility that does not belong to employees of the organization (company) must be transferred to the client or the administration of the protected premises along with one copy of the inventory. The second copy of the inventory with the signature of the person who accepted the items for storage is located in the security service (security company).

An apartment, a car, a street, a restaurant cannot be a reliable “protector” of trade secrets. Therefore, it is worth listening to the advice of professionals.

When conducting business meetings, it is necessary to close windows and doors. It is advisable that the meeting room be an isolated room, such as a hall.

Competitors, if they want, can easily listen to conversations by sitting in adjacent rooms, for example, in an apartment on the floor above or below. The times when intelligence officers of all countries and peoples drilled holes in ceilings and walls are long gone - especially sensitive microphones allow you to receive the necessary information almost unhindered.

For negotiations, you need to choose rooms with insulated walls, get to know the neighbors living on the floor above and below; find out if they rent out their apartment (room) to strangers. It is worth turning your neighbors into allies, but at the same time take into account that they can play a double game or quietly turn from well-wishers into blackmailers.

The activity of competitors depends, first of all, on the seriousness of their intentions. If necessary, listening devices (“bugs”) can be installed directly in the entrepreneur’s apartment - and neither iron doors, nor imported locks, nor well-trained security will help here.

A business person should ask his relatives to invite home only people they know well and, if possible, control their behavior. When receiving guests, the home office doors should be locked, and in order not to tempt children, the VCR and computer should be in a place accessible to them. The computer, of course, should be without working programs and confidential information.

If it is suspected that your vehicle is "equipped", a "clean car" operation must be carried out on it before negotiations.

On the eve of a business meeting, one of the company’s employees or a friend of the entrepreneur, whom he completely trusts, must leave the car at an appointed place. A few minutes after this, the business man transfers from his car to an abandoned one and, without stopping anywhere, goes to negotiations. At the same time, you should not forget to take a power of attorney for the right to drive someone else’s car!

During negotiations, the car must be in motion, and its windows must be tightly closed. At stops (for example, at a traffic light), it is better not to discuss confidential issues.

Let's analyze where else a business person can hold an important business meeting?

On the street. There are two types of microphones that can be used to listen to conversations: highly directional and built-in. The former allow you to capture information at a distance of up to a kilometer within line of sight. The built-in microphones function in the same way as radio earbuds.

To effectively combat highly directional microphones, it is necessary to move all the time, sharply changing the direction of movement, using public transport, organizing counter-surveillance - with the help of the security service or hired agents of private detective firms.

At the restaurant. The static position allows you to control conversations in common restaurant areas. Therefore, to conduct such business meetings, you need a reliable head waiter. At a time convenient for the entrepreneur and unexpectedly for competitors, a table or a separate office is reserved, which, in turn, must be under the reliable control of the company’s security service. Attempts to drown out a conversation with the sounds of a restaurant orchestra, as well as the sound of water, by the way, are ineffective.

In a hotel room. Booking a hotel room for negotiations must be done discreetly. After the start of a business meeting, security officers must keep control not only of neighbors, but also of all people living on the floor above and below.

All of the above methods and countermeasures are effective provided that misinformation to others about the time and nature of the planned meetings (negotiations) is well organized. When the circle of employees privy to the full list of planned events is as narrow as possible and each of those participating in them knows exactly as much as is necessary in the scope of his responsibilities, then you can count on success in any business.

Protection of information objects

Types of threats to information objects

The general classification of threats to an object’s automated information system is as follows:

Threats to the confidentiality of data and programs. Implemented by unauthorized access to data (for example, information about the status of bank clients’ accounts), programs or communication channels.

Information processed on computers or transmitted over local networks data transmission can be removed through technical leakage channels. In this case, equipment is used that analyzes electromagnetic radiation generated during computer operation.

Such information retrieval is a complex technical task and requires the involvement of qualified specialists. Using a receiving device based on a standard TV, you can intercept information displayed on computer screens from a distance of a thousand meters or more. Certain information about the operation of a computer system is extracted even when the process of exchanging messages is monitored without access to their contents.

Threats to the integrity of data, programs, and equipment. The integrity of data and programs is violated by unauthorized destruction, adding unnecessary elements and modification of account records, changing the order of data, generating falsified payment documents in response to legitimate requests, and actively relaying messages with their delay.

Unauthorized modification of system security information may lead to unauthorized actions (incorrect routing or loss of transmitted data) or distortion of the meaning of transmitted messages. The integrity of the equipment is compromised if it is damaged, stolen or the operating algorithms are illegally changed.

Threats to data availability. Occurs when an object (user or process) does not gain access to services or resources legally allocated to it. This threat is realized by seizing all resources, blocking communication lines by an unauthorized entity as a result of transmitting its information through them, or excluding necessary system information.

This threat can lead to unreliability or poor quality of service in the system and will therefore potentially impact the accuracy and timeliness of payment document delivery.

– Threats of refusal to carry out transactions. They arise when a legal user transmits or accepts payment documents, and then denies it in order to relieve himself of responsibility.

Assessing the vulnerability of an automated information system and building an impact model involves studying all options for implementing the threats listed above and identifying the consequences to which they lead.

Threats may be caused by:

– natural factors (natural disasters - fire, flood, hurricane, lightning and other causes);

– human factors, which in turn are divided into:

passive threats(threats caused by activities of an accidental, unintentional nature). These are threats associated with errors in the process of preparing, processing and transmitting information (scientific, technical, commercial, monetary and financial documentation); with untargeted “brain drain”, knowledge, information (for example, due to population migration, travel to other countries to reunite with family, etc.);

active threats(threats caused by deliberate, deliberate actions of people). These are threats associated with the transfer, distortion and destruction of scientific discoveries, inventions, production secrets, new technologies for selfish and other antisocial reasons (documentation, drawings, descriptions of discoveries and inventions and other materials); viewing and transferring various documentation, viewing “garbage”; eavesdropping and transmission of official and other scientific, technical and commercial conversations; with a targeted “brain drain”, knowledge, information (for example, in connection with obtaining another citizenship for selfish reasons);

– human-machine and machine factors, divided into:

passive threats. These are threats associated with errors in the design, development and manufacturing process of systems and their components (buildings, structures, premises, computers, communications, operating systems, application programs, etc.); with errors in the operation of equipment due to poor quality manufacturing; with errors in the process of preparing and processing information (errors of programmers and users due to insufficient qualifications and poor quality service, operator errors in the preparation, input and output of data, correction and processing of information);

active threats. These are threats associated with unauthorized access to the resources of an automated information system (making technical changes to computer equipment and communications, connecting to computer equipment and communication channels, theft of various types of storage media: floppy disks, descriptions, printouts and other materials, viewing input data, printouts, viewing “garbage”); threats implemented in a non-contact manner (collection of electromagnetic radiation, interception of signals induced in circuits (conductive communications), visual-optical methods of obtaining information, eavesdropping on official and scientific-technical conversations, etc.).

The main typical ways of information leakage and unauthorized access to automated information systems, including through telecommunication channels, are the following:

interception of electronic radiation;

use of listening devices (bookmarks);

remote photography;

interception of acoustic radiation and restoration of printer text;

theft of storage media and industrial waste;

reading data in the arrays of other users;

reading residual information in system memory after executing authorized requests;

copying storage media by overcoming security measures;

disguise as a registered user;

hoax (disguise as system requests);

illegal connection to equipment and communication lines;

malicious disabling of protection mechanisms;

use of software traps.

Possible channels of intentional unauthorized access to information in the absence of protection in an automated information system may be:

standard channels for accessing information (user terminals, means of displaying and documenting information, storage media, means of downloading software, external communication channels) when used illegally;

technological consoles and controls;

internal installation of equipment;

communication lines between hardware;

side electromagnetic radiation carrying information;

collateral interference on power supply circuits, equipment grounding, auxiliary and extraneous communications located near the computer system.

Methods of influencing threats to information security objects are divided into information, software and mathematical, physical, radio-electronic and organizational-legal.

Information methods include:

violation of the targeting and timeliness of information exchange, illegal collection and use of information;

unauthorized access to information resources;

manipulation of information (disinformation, concealment or distortion of information);

illegal copying of data in information systems;

violation of information processing technology.

Software and mathematical methods include:

introduction of computer viruses;

installation of software and hardware embedded devices;

destruction or modification of data in automated information systems.

Physical methods include:

destruction or destruction of information processing and communication facilities;

destruction, destruction or theft of machine or other original storage media;

theft of software or hardware keys and means of cryptographic information protection;

impact on personnel;

supply of “infected” components of automated information systems.

Radio-electronic methods are:

interception of information in technical channels of its possible leakage;

introduction of electronic information interception devices into technical means and premises;

interception, decryption and imposition of false information in data networks and communication lines;

impact on password-key systems;

radio-electronic suppression of communication lines and control systems.

Organizational and legal methods include:

failure to comply with legal requirements and delays in adopting necessary regulatory provisions in the information sphere;

unlawful restriction of access to documents containing information important to citizens and organizations.

Software security threats. Ensuring the security of automated information systems depends on the security of the software used in them and, in particular, the following types of programs:

regular user programs;

special programs designed to violate system security;

various system utilities and commercial applications that are highly professionally developed but may still contain flaws that could allow attackers to attack systems.

Programs can create two types of problems: firstly, they can intercept and modify data as a result of the actions of a user who does not have access to this data, and secondly, using gaps in the protection of computer systems, they can either provide access to the system to users those who do not have the right to do so, or block access to the system for legitimate users.

The higher the level of training of a programmer, the more implicit (even to him) the mistakes he makes become, and the more carefully and reliably he is able to hide deliberate mechanisms designed to violate the security of the system.

The target of an attack can be the programs themselves for the following reasons:

In the modern world, programs can be a product that brings considerable profit, especially to those who are the first to begin replicating the program for commercial purposes and obtain copyright for it.

Programs can also become the target of an attack aimed at modifying these programs in some way, which would allow an attack on other system objects in the future. Programs that implement system protection functions are especially often the target of attacks of this kind.

Let's look at several types of programs and techniques that are most often used to attack programs and data. These techniques are referred to by a single term – “software traps”. These include trapdoors, Trojan horses, logic bombs, salami attacks, covert channels, denial of service, and computer viruses.

Hatches in programs. Using hatches to penetrate a program is one of the simplest and most frequently used methods of violating the security of automated information systems.

Luke refers to the ability to work with this software product that is not described in the documentation for the software product. The essence of using hatches is that when the user performs certain actions not described in the documentation, he gains access to capabilities and data that are normally closed to him (in particular, access to privileged mode).

Hatches are most often the result of developer forgetfulness. A temporary mechanism for direct access to parts of the product, created to facilitate the debugging process and not removed upon completion, can be used as a hatch. Hatches can also be formed as a result of the often practiced “top-down” software development technology: their role will be played by “stubs” left for some reason in the finished product - groups of commands that imitate or simply indicate the place where future subroutines are connected.

Finally, another common source of trapdoors is the so-called “undefined input” - entering “meaningless” information, gobbledygook in response to system requests. The response of a poorly written program to undefined input can be, at best, unpredictable (where the program reacts differently each time the same invalid command is entered again); it is much worse if the program performs some repeated actions as a result of the same “undefined” input - this gives the potential attacker the opportunity to plan his actions to violate security.

Undefined input is a private implementation of an interrupt. That is, in the general case, an invader can deliberately create some non-standard situation in the system that would allow him to carry out necessary actions. For example, it can artificially crash a program running in privileged mode in order to seize control while remaining in that privileged mode.

The fight against the possibility of interruption ultimately results in the need to provide, when developing programs, a set of mechanisms that form the so-called “foolproof”. The meaning of this protection is to ensure that any possibility of processing undefined input and various types of non-standard situations (in particular, errors) is cut off, and thereby prevent a violation of the security of the computer system even in the event incorrect operation with the program.

Thus, a hatch (or hatches) may be present in a program because the programmer:

forgot to delete it;

deliberately left it in the program to allow testing or to perform the rest of the debugging;

deliberately left it in the program in the interests of facilitating the final assembly of the final software product;

deliberately left it in the program in order to have a hidden means of accessing the program after it was included in the final product.

The hatch is the first step to attacking the system, the ability to penetrate computer system bypassing protection mechanisms.

"Trojan horses".

There are programs that implement, in addition to the functions described in the documentation, some other functions not described in the documentation. Such programs are called “Trojan horses”.

The more obvious the results of its actions (for example, deleting files or changing their protection), the higher the likelihood of detecting a Trojan horse. More complex Trojan horses can mask traces of their activity (for example, return file protection to its original state).

"Logic Bombs"

A “logic bomb” is usually called a program or even a section of code in a program that implements a certain function when a certain condition is met. This condition could be, for example, the occurrence of a certain date or the discovery of a file with a certain name.

When “exploding,” a “logical bomb” implements a function that is unexpected and, as a rule, undesirable for the user (for example, it deletes some data or destroys some system structures). The “logic bomb” is one of the favorite ways of programmers to take revenge on companies that fired them or offended them in some way.

Salami attack.

The salami attack has become a real scourge of banking computer systems. In banking systems, thousands of transactions related to non-cash payments, transfers of amounts, deductions, etc. are carried out every day.

When processing invoices, whole units (rubles, cents) are used, and when calculating interest, fractional amounts are often obtained. Typically, values ​​exceeding half a ruble (cent) are rounded to the nearest whole ruble (cent), and values ​​less than half a ruble (cent) are simply discarded. During a salami attack, these insignificant values ​​are not deleted, but are gradually accumulated in a special account.

As practice shows, the amount made up literally from nothing, in a couple of years of operation of a “cunning” program in an average-sized bank can amount to thousands of dollars. Salami attacks are quite difficult to detect unless the attacker begins to accumulate large amounts of money in one account.

Hidden channels.

Hidden channels are programs that transmit information to people who would not normally receive this information.

In those systems where critical information is processed, the programmer should not have access to the data processed by the program after the start of operation of this program.

You can derive considerable benefit from the fact of possessing some proprietary information by at least simply selling this information (for example, a list of clients) to a competing company. A sufficiently qualified programmer can always find a way to transmit information covertly; However, a program designed to create the most innocuous reports may be a little more complex than the task requires.

To covertly transmit information, you can successfully use various elements of the “harmless” report format, for example, different line lengths, spaces between lines, the presence or absence of service headers, controlled output of insignificant digits in the output values, the number of spaces or other characters in certain places in the report, etc. d.

If an attacker has the ability to access a computer while a program of interest is running, a covert channel could be sending critical information to a specially created random access memory computer data array.

Covert channels are most applicable in situations where the invader is not even interested in the content of the information, but, for example, in the fact of its existence (for example, the presence of a bank account with a certain number).

Denial of service.

Most security breach techniques are aimed at gaining access to data that the system would not normally allow. However, no less interesting for invaders is access to control the computer system itself or changing its quality characteristics, for example, obtaining some resource (processor, input/output device) for exclusive use or provoking a clinch situation for several processes.

This may be required in order to explicitly use the computer system for your own purposes (at least to solve your problems for free) or simply block the system, making it inaccessible to other users. This type of system security breach is called “denial of service” or “denial of benefit.” Denial of service is extremely dangerous for real-time systems - systems that control some technological processes, performing various types of synchronization, etc.

Computer viruses.

Computer viruses are the quintessence of all kinds of security breach methods. One of the most common and favorite ways to spread viruses is the Trojan horse method. Viruses differ from a “logical bomb” only in their ability to multiply and ensure their launch, so many viruses can be considered a special form of “logical bombs”.

To attack the system, viruses actively use various kinds of “traps”. Viruses can carry out a wide variety of dirty tricks, including a “salami” attack. In addition, the success of an attack of one type often helps to reduce the “immunity” of the system, creating a favorable environment for the success of attacks of other types. The invaders know this and actively use this circumstance.

Of course, the techniques described above are quite rare in their pure form. Much more often, individual elements of different techniques are used during an attack.

Threats to information in computer networks. Networks of computers have many advantages over a collection of separately operating computers, including: sharing system resources, increasing the reliability of system operation, distributing load among network nodes, and expandability by adding new nodes.

At the same time, when using computer networks, serious problems arise in ensuring information security. The following ones can be noted.

Sharing shared resources.

Due to the sharing of a large number of resources by different network users, possibly located at great distances from each other, the risk of unauthorized access is greatly increased, since it can be carried out more easily and discreetly on the network.

Expansion of control zone.

The administrator or operator of a particular system or subnetwork must monitor the activities of users outside his reach.

Combination of various software and hardware.

Connecting multiple systems into a network increases the vulnerability of the entire system as a whole, since each information system is configured to fulfill its own specific security requirements, which may be incompatible with the requirements on other systems.

Unknown parameter.

The easy expandability of networks leads to the fact that it is sometimes difficult to determine the boundaries of a network, since the same node can be accessible to users of different networks. Moreover, for many of them it is not always possible to accurately determine how many users have access to a particular network node and who they are.

Multiple attack points.

In networks, the same set of data or message can be transmitted through several intermediate nodes, each of which is a potential source of threat. In addition, many modern networks can be accessed using dial-up lines and a modem, which greatly increases the number of possible points of attack.

Difficulty in managing and controlling access to the system.

Many attacks on a network can be carried out without gaining physical access to a specific node - using the network from remote points.

In this case, identifying the offender can be very difficult. In addition, the attack time may be too short to take adequate measures.

On the one hand, a network is a single system with uniform rules for processing information, and on the other hand, it is a collection of separate systems, each of which has its own rules for processing information. Therefore, taking into account the dual nature of the network, an attack on the network can be carried out from two levels: upper and lower (a combination of both is possible).

In the highest level of attack on a network, an attacker uses the properties of the network to penetrate another node and perform certain unauthorized actions. At the lowest level of attack on the network, the attacker uses the properties network protocols to violate the confidentiality or integrity of individual messages or the flow as a whole.

Disturbance in the flow of messages can lead to information leakage and even loss of control over the network.

There are passive and active low-level threats specific to networks.

Passive threats

(violation of confidentiality of data circulating on the network) is the viewing and/or recording of data transmitted over communication lines. These include:

view message;

graph analysis - an attacker can view the headers of packets circulating in the network and, based on the service information they contain, make conclusions about the senders and recipients of the packet and transmission conditions (time of departure, message class, security category, message length, traffic volume, etc. .).

Active threats

(violation of the integrity or availability of resources and network components) - unauthorized use of devices with access to the network to change individual messages or a flow of messages. These include:

failure of messaging services - an attacker can destroy or delay individual messages or the entire flow of messages;

“masquerade” - an attacker can assign someone else’s identifier to his node or relay and receive or send messages on someone else’s behalf;

introduction of network viruses – transmission of a virus body over a network with its subsequent activation by a user of a remote or local node;

message stream modification - an attacker can selectively destroy, modify, delay, reorder and duplicate messages, as well as insert forged messages.

Threats to commercial information.

In the context of informatization, such methods of unauthorized access to confidential information as copying, forgery, and destruction also pose a particular danger.

Copying.

In case of unauthorized access to confidential information, they copy: documents containing information of interest to the attacker; technical media; information processed in automated information systems. The following copying methods are used: blueprinting, photocopying, thermal copying, photocopying and electronic copying.

Fake.

In a competitive environment, counterfeiting, modification and imitation are becoming increasingly widespread. Attackers forge trust documents that allow them to obtain certain information, letters, invoices, accounting and financial documentation; forge keys, passes, passwords, ciphers, etc. In automated information systems, forgery includes, in particular, such malicious actions as falsification (the recipient subscriber forges the received message, passing it off as real in his own interests), masking (the subscriber - the sender disguises himself as another subscriber in order to receive protected information).

Destruction.

A particular danger is the destruction of information in automated databases and knowledge bases. Information on magnetic media is destroyed using compact magnets and software (“logic bombs”). A significant place in crimes against automated information systems is occupied by sabotage, explosions, destruction, and failure of connecting cables and air conditioning systems.

Methods and means of ensuring information security of an organization (company)

Methods for ensuring information security are the following: obstruction, access control, camouflage, regulation, coercion and inducement.

Obstacle – a method of physically blocking an attacker’s path to protected information (equipment, storage media, etc.).

Access Control– a method of protecting information by regulating the use of all resources of an organization’s (company’s) automated information system. Access control includes the following security features:

identification of users, personnel and resources of the information system (assigning a personal identifier to each object);

authentication (establishing the authenticity) of an object or subject using the identifier presented to them;

verification of authority (checking compliance of the day of the week, time of day, requested resources and procedures with the established regulations);

permission and creation of working conditions within the established regulations;

registration (logging) of requests to protected resources;

response (alarm, shutdown, delay of work, refusal of request) in case of attempts of unauthorized actions.

Disguise – a method of protecting information in an automated information system by cryptographicly closing it.

Regulation– a method of information protection that creates conditions for automated processing, storage and transmission of information under which the possibility of unauthorized access to it would be minimized.

Coercion – such a method of information protection in which users and system personnel are forced to comply with the rules for the processing, transfer and use of protected information under the threat of material, administrative or criminal liability.

Inducement – such a method of information protection that encourages users and system personnel not to violate established rules by complying with established moral and ethical standards.

The above methods of ensuring the information security of an organization (firm) are implemented in practice by using various protection mechanisms, for the creation of which the following basic means are used: physical, hardware, software, hardware-software, cryptographic, organizational, legislative and moral-ethical.

Physical protection are intended for external protection of the territory of objects, protection of components of an automated information system of an enterprise and are implemented in the form of autonomous devices and systems.

Along with traditional mechanical systems, with the dominant participation of humans, universal automated electronic physical protection systems are being developed and implemented, designed to protect territories, protect premises, organize access control, and organize surveillance; fire alarm systems; media theft prevention systems.

The elemental base of such systems consists of various sensors, the signals from which are processed by microprocessors, electronic smart keys, devices for determining human biometric characteristics, etc.

To organize the protection of equipment that is part of the enterprise’s automated information system and transportable storage media (floppy disks, magnetic tapes, printouts), the following are used:

various locks (mechanical, coded, microprocessor-controlled, radio-controlled) that are installed on entrance doors, shutters, safes, cabinets, devices and system units;

microswitches that detect the opening or closing of doors and windows;

inertial sensors, for connecting which you can use the lighting network, telephone wires and television antenna wiring;

special foil stickers that are affixed to all documents, devices, components and blocks of the system to prevent them from being removed from the premises. Whenever there is an attempt to take an object with a sticker outside the premises, a special installation (analogous to a metal object detector) located near the exit sounds an alarm;

special safes and metal cabinets for installing individual elements of an automated information system (file server, printer, etc.) and portable storage media.

To neutralize information leakage via electromagnetic channels, shielding and absorbing materials and products are used. Wherein:

shielding of work areas where components of an automated information system are installed is carried out by covering the walls, floor and ceiling with metallized wallpaper, conductive enamel and plaster, wire mesh or foil, installing fences made of conductive brick, multi-layer steel, aluminum or special plastic sheets;

to protect windows, metallized curtains and glass with a conductive layer are used;

all openings are covered with a metal mesh connected to a grounding bus or wall shielding;

Limit magnetic traps are installed on ventilation ducts to prevent the propagation of radio waves.

To protect against interference from electrical circuits nodes and blocks of an automated information system are used:

shielded cable for intra-rack, intra-block, inter-block and outdoor installation;

shielded elastic connectors (connectors), network filters suppression of electromagnetic radiation;

wires, lugs, chokes, capacitors and other noise-suppressing radio and electrical products;

Separating dielectric inserts are placed on water supply, heating, gas and other metal pipes, which break the electromagnetic circuit.

To control the power supply, electronic trackers are used - devices that are installed at the input points of the alternating voltage network. If the power cord is cut, broken or burned out, the coded message sets off an alarm or activates a television camera to record the event.

To detect embedded “bugs”, X-ray examination is considered the most effective. However, the implementation of this method is associated with great organizational and technical difficulties.

The use of special noise generators to protect against the theft of information from computers by picking up its radiation from display screens has an adverse effect on the human body, which leads to rapid baldness, loss of appetite, headaches, and nausea. That is why they are rarely used in practice.

Hardware protection – These are various electronic, electromechanical and other devices directly built into the blocks of an automated information system or designed as independent devices and interfaced with these blocks.

They are designed for internal protection of structural elements of computer equipment and systems: terminals, processors, peripheral equipment, communication lines, etc.

Main functions of hardware protection:

prohibition of unauthorized internal access to separate files or information system databases, possible as a result of accidental or intentional actions of maintenance personnel;

protection of active and passive (archive) files and databases associated with non-maintenance or shutdown of the automated information system;

software integrity protection.

These tasks are implemented by information security hardware using the access control method (identification, authentication and verification of the authority of system subjects, registration and response).

To work with especially valuable information of an organization (firm), computer manufacturers can produce individual disks with unique physical characteristics that do not allow the information to be read. At the same time, the cost of a computer can increase several times.

Security software are designed to perform logical and intellectual protection functions and are included either in the software of an automated information system, or in the composition of means, complexes and control equipment systems.

Information security software is the most common type of protection, having the following positive properties: versatility, flexibility, ease of implementation, possibility of change and development. This circumstance makes them at the same time the most vulnerable elements of protecting an enterprise’s information system.

Currently, a large number of operating systems, database management systems, network packages and application software packages have been created, including a variety of information security tools.

The following information security tasks are solved using security software:

control of loading and login using personal identifiers (name, code, password, etc.);

delimitation and control of access of subjects to resources and system components, external resources;

isolation of process programs performed in the interests of a specific subject from other subjects (ensuring each user works in an individual environment);

management of confidential information flows in order to prevent recording on data media of inappropriate security level;

protecting information from computer viruses;

erasing residual confidential information in the computer’s RAM fields unlocked after completing requests;

erasing residual confidential information on magnetic disks, issuing protocols on the results of erasure;

ensuring the integrity of information by introducing data redundancy;

automatic control over the work of system users based on logging results and preparation of reports based on data from entries in the system log.

Currently, a number of operating systems natively contain built-in “reuse” blocking capabilities. There are quite a lot of commercial programs for other types of operating systems, not to mention special security packages that implement similar functions.

The use of redundant data is aimed at preventing random errors in the data and identifying unauthorized modifications. This may be the use of checksums, data control for even-odd, error-resistant coding, etc.

It is often practiced to store signatures of important system objects in some protected place in the system. For example, for a file, a combination of the file's protection byte with its name, length and date of last modification can be used as a signature. Each time a file is accessed or in case of suspicion, the current characteristics of the file are compared with the standard.

The auditability property of an access control system means the ability to reconstruct events or procedures. Auditability tools must find out what actually happened. This involves documenting the procedures followed, maintaining logs, and using clear and unambiguous identification and verification methods.

It should be noted that the task of access control while simultaneously ensuring the integrity of resources is reliably solved only by information encryption.

Confidential information is of great interest to competing firms. It is this that causes attacks by criminals.

Many problems are associated with underestimating the importance of the threat, which can result in failure and bankruptcy for the enterprise. Even a single case of worker negligence can bring a company multimillion-dollar losses and loss of customer trust.

Data about the composition, status and activities of the company are exposed to threats. The sources of such threats are its competitors, corrupt officials and criminals. Of particular value to them is familiarization with protected information, as well as its modification in order to cause financial damage.

Information leakage of even 20% can lead to this outcome. Sometimes the loss of company secrets can happen by accident, due to inexperience of staff or due to the lack of security systems.

The following types of threats may exist for proprietary information:

Threats to the confidentiality of information and programs. May occur after illegal access to data, communication channels or programs. Containing or sending data from a computer can be intercepted through leak channels.

For this purpose, special equipment is used that analyzes electromagnetic radiation received while working on a computer.

Risk of damage. Illegal actions by hackers may result in routing distortion or loss of transmitted information.

Availability threat. Such situations prevent the legitimate user from using services and resources. This happens after they are captured, data is obtained from them, or the lines are blocked by attackers. Such an incident may distort the reliability and timeliness of the information transmitted.

There are three important conditions that will allow a Russian citizen: an ideal business plan, well-thought-out accounting and personnel policies and the availability of free funds.

Preparing documents to open an LLC requires some time. It takes approximately 1-2 days to open a bank account. Read about what documents you will need to open an LLC here.

Risk of refusal to execute transactions. Refusal by the user of the information transmitted by him in order to avoid liability.

Internal threats. Such threats pose a great danger to the enterprise. They come from inexperienced managers, incompetent or unqualified personnel.

Sometimes employees of an enterprise can deliberately provoke an internal leak of information, thereby showing their dissatisfaction with their salary, work or colleagues. They can easily present all the valuable information of an enterprise to its competitors, try to destroy it, or deliberately introduce a virus into computers.

Ensuring enterprise information security

The most important accounting processes are automated by the appropriate class of systems, the security of which is achieved by a whole range of technical and organizational measures.

They include an anti-virus system, firewall and electromagnetic radiation protection. The systems protect information on electronic media, data transmitted via communication channels, limit access to various documents, create backup copies and restore confidential information after damage.

Full provision of information security at an enterprise must be and be under full control year-round, in real time, around the clock. At the same time, the system takes into account the entire life cycle of information, from the moment it appears until it is completely destroyed or loses its significance for the enterprise.

For safety and to prevent data loss, protection systems are being developed in the information security industry. Their work is based on complex software systems with a wide range of options that prevent any data loss.

The specificity of the programs is that their correct functioning requires a legible and streamlined model of internal circulation of data and documents. The security analysis of all steps when using information is based on working with databases.

Information security can be ensured using online tools, as well as products and solutions offered on various Internet resources.

The developers of some of these services have managed to competently put together an information security system that protects against external and internal threats, while ensuring an ideal balance of price and functionality. The proposed flexible modular systems combine the operation of hardware and software.

Kinds

The operating logic of information security systems involves the following actions.

Forecasting and quick recognition of data security threats, motives and conditions that contributed to damage to the enterprise and caused disruptions in its work and development.

Creation of such working conditions under which the level of danger and the likelihood of damage to the enterprise are minimized.

Compensation for damage and minimization of the impact of identified attempts to cause damage.

Information security measures can be:

• technical;
• software;
• cryptographic;
• organizational;
• legislative.

Organization of information security at the enterprise

All entrepreneurs always strive to ensure information accessibility and confidentiality. To develop suitable information protection, the nature of possible threats, as well as the forms and methods of their occurrence, are taken into account.

Information security in an enterprise is organized in such a way that a hacker can face multiple levels of protection. As a result, the attacker is unable to penetrate the protected part.

The most effective way to protect information is a crypto-resistant encryption algorithm for data transmission. The system encrypts the information itself, and not just access to it, which is also relevant for.

The structure of access to information should be multi-level, and therefore only selected employees are allowed to access it. Only trustworthy persons should have the right to full access to the entire volume of information.

The list of information relating to confidential information is approved by the head of the enterprise. Any violations in this area should be punishable by certain sanctions.

Protection models are provided for by the relevant GOSTs and are standardized by a number of comprehensive measures. Currently, special utilities have been developed that monitor the network status and any warnings from information security systems around the clock.

Please be aware that low-cost wireless networks may not provide the required level of security.

To avoid accidental data loss due to inexperience of employees, administrators should conduct training sessions. This allows the enterprise to monitor employee readiness for work and gives managers confidence that all employees are able to comply with information security measures.

The atmosphere of a market economy and the high level of competition force company managers to always be on alert and quickly respond to any difficulties. Over the past 20 years, information technology has been able to enter all areas of development, management and business.

From the real world, business has long turned into a virtual one; just remember how it became popular, which has its own laws. Currently, virtual threats to an enterprise’s information security can cause enormous real harm to it. By underestimating the problem, managers risk their business, reputation and authority.

Most businesses regularly suffer losses due to data breaches. The protection of enterprise information should be a priority during the formation and conduct of a business. Ensuring information security is the key to success, profit and achievement of enterprise goals.