The concept of "information" is consumed very widely and versatile. It is difficult to find such an area of \u200b\u200bknowledge, wherever it is used. Huge information flows Literally overwhelming people. Like any product, information has consumers who need it, and therefore has certain consumer qualities, and also has its own owners or manufacturers.

From the point of view of the consumer, the quality of the information used allows to obtain an additional economic or moral effect.

From the point of view of the owner - preservation in the secret of commercially important information allows you to successfully compete in the production market and sales of goods and services. This, naturally, requires certain actions aimed at protecting confidential information. At the same time, safety is understood as the state of the protection of the vital interests of the person, enterprise, states from internal and external threats.

When storing, maintaining and providing access to any information object, its owner or the person authorized by them imposes an obviously either self-evident set of rules for working with it. Intentional violations are classified as an attack on information.

What are the possible consequences of attacks on information? First of all, of course, these are economic losses.

The disclosure of commercial information can lead to serious direct market losses.

News about the stealing of a large amount of information usually seriously affects the reputation of the company, leading indirectly to losses in trading volumes.

Competitors can take advantage of theft of information if it remained unnoticed in order to completely ruin the company, imposing her fictitious or knowingly unprofitable deals.

The substitution of information, both at the transfer stage, and at the storage phase in the firm can lead to huge losses.

Multiple successful attacks on a firm providing any type of information services reduce confidence in the company from customers, which affects the volume of income.

According to domestic and foreign printing, malicious actions on information are not only not reduced, but also have a fairly stable trend towards growth.

Information protection - a set of activities aimed at ensuring the most important aspects information security (integrity, availability and, if necessary, the confidentiality of information and resources used to enter, storing, processing and transmitting data).

The system is called safe if it, using the appropriate hardware and software, manages access to information so that only properly authorized persons or the processes acting on their behalf receive the right to read, write, create and delete information.

Absolutely secure Systems No, so they talk about a reliable system in the sense of "a system that can be trusted" (as you can trust a person). The system is considered reliable if it uses sufficient hardware and software tools to simultaneously process information of different degree of secrecy by a group of users without violating access rights.

The main criteria for evaluating reliability are the security policy and warranty.

Safety policy, being an active protection component (includes an analysis of possible threats and the choice of appropriate countermeasures), displays that set of laws, rules and norms of behavior that uses a specific organization when processing, protecting and disseminating information.

The choice of specific system security mechanisms is made in accordance with the formulated security policies.

Warranty, being a passive element of protection, displays the measure of confidence, which can be provided to the architecture and implementation of the system (in other words, it shows how correctly the mechanisms that ensure system security) are selected.

In a reliable system, all the occurring safety events must be recorded (the mechanism of logging accountability should be used, which is complemented by the analysis of the memorable information, that is, an audit).

The main directions of information protection - the protection of state, commercial, service, banking secrets, personal data and intellectual property.

State secrecy - state-protected information in the field of its military, foreign policy, economic, intelligence, counterintelligence and operational investigation activities whose distribution may cause security damage Russian Federation.

Correspond to the list of information constituting the state secret, are not included in the list of information not to be classified, and meet the legislation of the Russian Federation on state secrets (principle of legality);

The feasibility of classifying specific information is established by expert assessment of probable economic and other consequences, the possibility of damage to the safety of the Russian Federation, based on the balance of the vital interests of the state, society and individuals (the principle of validity);

Restrictions on the dissemination of these information and access to them are established from the moment they are received (development) or in advance (the principle of timeliness);

The competent authorities and their officials took the decision on the specific information about the attribution of them to state secrets and classifying and established them with respect to their relevant regime of legal protection and protection (the principle of mandatory protection).

Commercial mystery is protected with the assistance of the state. An example of this statement can serve numerous facts of restricting access to foreigners to the country (in China to protect the secrets of the production of porcelain), in certain sectors of the economy or specific production. In Russia, the commercial secret attributed a commercial secret, but then it was liquidated as a legal institution in the early 1930s and in connection with the nationalization of the sectors of the economy was defended as a state and official mystery. Now the reverse process began.

Information can be a commercial secret if it meets the following requirements (legal protection criteria):

Has a valid or potential commercial value due to its uncertainty to third parties;

Does not fall under the list of information, access to which cannot be limited, and the list of information assigned to the state secret;

It does not have free access to legal grounds;

The owner of information takes measures to protect its confidentiality.

To commercial secrets, information cannot be attributed:

Subject to disclosure by the issuer of securities, a professional participant in the securities market and the owner of securities in accordance with the legislation of the Russian Federation on securities;

Associated with compliance with environmental and antitrust legislation, ensuring safe working conditions, sales of products that cause harm to the health of the population, other violations of the legislation of the Russian Federation, the legislation of the constituent entities of the Russian Federation, as well as containing data on the amount of damages causal;

On the activities of charitable organizations and other non-commercial organizations that are not related to entrepreneurial activities;

About the availability of free jobs;

On storage, use or displacement of materials and the use of technologies that are dangerous to life and health of citizens or ambient;

On the implementation of the state privatization program and the conditions for the privatization of specific objects;

On the size of property and invested means for privatization;

On the liquidation of a legal entity and on the procedure and deadlines for submitting applications or requirements by his creditors;

For which restrictions on the establishment of a commercial secrecy regime in accordance with federal laws and adopted in order to implement them by subtitle acts.

The main subjects of the right to commercial secrets are the owners of commercial secrets, their successors.

Owners of commercial secrecy - physical (regardless of citizenship) and legal (commercial and non-commercial organizations) Persons engaged in entrepreneurial activities and having a monopoly right to information that makes a commercial secret for them.

All information from the point of view of law is divided into several main segments:

1) Information without restricting access rights. This kind of information, for example, belongs:

Information common useprovided to users for free;

Information on the state of the environment, its contamination is information (data) obtained as a result of monitoring the environment, its pollution ( the federal law dated May 2, 1997 No. 76-FZ "On the destruction of chemical weapons");

Information on the work on storage, transportation, destruction of chemical weapons - information on the state of the health of citizens and environmental facilities in areas of placing objects for the storage of chemical weapons and objects for the destruction of chemical weapons, activities to ensure chemical, sanitary and hygienic, environmental and fire safety When carrying out work on the storage, transportation and destruction of chemical weapons, as well as measures to prevent emergency situations and the elimination of their consequences in the implementation of the specified works provided at the requests of citizens and legal entities, including public associations (Federal Law of May 2, 1997 No. 76-FZ "On the destruction of chemical weapons", Article 1.2).

Information containing information about the circumstances and facts representing the threat of life, the health of citizens, cannot be classified, cannot be attributed to the secret.

2) Information with limited access - state secrets, service secrets, commercial mystery, banking mystery, professional mystery and personal data as an institution for the protection of the right to privacy.

3) information whose distribution is harmful to the interests of society, legitimate interests and rights of citizens, - pornography; Information, inciting national, racial and other retail; Propaganda and calls for war, false advertising, advertising with hidden inserts, etc. - so-called "harmful" information.

4) objects of intellectual property (something that cannot be attributed to information with limited access, but is protected by special procedure through the institutions of intellectual property - copyright, patent law, individualization tools, etc. The exception is the know-how protected in Commercial Secret mode).

Computer crimes are extremely multifaceted and complex phenomena. Objects of such criminal encroachments may be technical means (computers and peripherals) as material objects or software and databases for which technical means are surroundings; The computer can act as a subject of encroachment or as a tool.

Types of computer crimes are extremely diverse. This is an unauthorized access to information stored in a computer, and input to the "logic bombs" software, which are triggered when performing certain conditions and partially or completely output a computer system, and the development and distribution of computer viruses, and theft of computer information. Computer crime may also occur due to negligence in the development, manufacture and operation of software and computing complexes or due to fake computer information.

Among the entire set of information protection methods are allocated as follows:

Figure 11.1. Classification of information protection methods in computer systems

The methods and means of organizational protection of information include organizational and technical and legal events held in the process of creating and operating the COP to ensure information protection. These activities should be carried out in the construction or repair of premises in which computers will be placed; designing system, installation and commissioning of its technical and software; Tests and testing the performance of the computer system.

The basis for organizing events is the use and preparation of legislative and regulatory documents in the field of information security, which at the legal level should regulate access to information from consumers. In Russian legislation, later than in the legislation of other developed countries, the necessary legal acts have emerged (although not all).

Engineering and technical protection (ITZ) is a combination of special bodies, technical means and activities for their use in the interests of protecting confidential information.

The diversity of goals, tasks, objects of protection and events involves consideration of a certain system of classification of funds, orientation and other characteristics.

For example, engineering protection means can be considered on the objects of their impact. In this regard, they can be used to protect people, material resources, finances, information.

The variety of classification characteristics allows us to consider engineering and technical means on the objects of impact, the nature of the activities, methods of implementation, the scale of coverage, the class of means of intruders, who are opposed to the security service.

According to the functional purpose, the means of engineering and technical protection are divided into the following groups:

1. Physical agents that include various means and structures that prevent physical penetration (or access) of intruders on protecting facilities and to material carriers of confidential information (Fig. 16) and protecting personnel, material funds, finance and information from unlawful impacts;

2. Hardware - appliances, devices, devices and other technical solutions used in the interests of information protection. In the practice of the enterprise, the most wide use of the most different equipment, starting with the telephone device to perfect automated systems, providing production activities. The main task of hardware is to provide a persistent protection of information from disclosure, leakage and unauthorized access through technical means of ensuring production activities;

3. Software, covering special programs, software complexes and information protection systems in information systems for various purposes and processing tools (collection, accumulation, storage, processing and transmission) data;

4. Cryptographic means are special mathematical and algorithmic means of protecting information transmitted by systems and communication networks, stored and processed on a computer using a variety of encryption methods.

Physical remedies are a variety of devices, devices, designs, devices, products designed to create obstacles to the movement of intruders.

Physical facilities include mechanical, electromechanical, electronic, electron-optical, radio and radio engineering and other devices for the reversion of unauthorized access (entry, output), fraction (removal) of means and materials and other possible types of criminal action.

These funds are used to solve the following tasks:

1) protection of the territory of the enterprise and monitoring it;

2) protection of buildings, indoor premises and control over them;

3) protection of equipment, products, finance and information;

4) Implementation of controlled access to the building and premises.

All physical means of protecting objects can be divided into three categories: means of preventing, detection tools and threat elimination system. Security alarms and security television, for example, belong to threat detection tools; Fences around objects are means of preventing unauthorized penetration into the territory, and reinforced doors, walls, ceilings, windows lattices and other measures are protected from penetration, and from other criminal actions (listening, shelling, throwing garnet and explosives, etc. .). Fire extinguishing products belong to threat liquidation systems.

The hardware of information protection includes the most different on the principle of action, device and capabilities. technical structuresproviding preventing disclosure, protection against leakage and countering unauthorized access to sources of confidential information.

Hardware tools for information protection are used to solve the following tasks:

1) conducting special research of technical means of ensuring production activities for the presence of possible channel leakage channels;

2) identification of channel leakage channels on different objects and indoors;

3) localization of information leakage channels;

4) search and detecting industrial espionage funds;

5) Counteraction to unauthorized access to sources of confidential information and other actions.

Computer protection systems from someone else's invasion are very diverse and classified as:

1) funds provided for by general software;

2) means of protection in the composition of the computing system;

3) information protection tools;

4) actuate means;

5) Passive protection and others.

You can allocate the following areas of use of programs to ensure confidential information, in particular, such:

1) protection of information from unauthorized access;

2) protection of information from copying;

3) protection of coping programs;

4) Protection of programs from viruses;

5) Protection of information from viruses;

6) Software protection of communication channels.

For each of these areas there is a sufficient amount of high-quality developed by professional organizations and distributed in software products.

Protection software has the following types of special programs:

1) identification of technical means, files and user authentication;

2) registration and control of the operation of technical means and users;

3) maintenance of modes of processing information of limited use;

4) protection of operating tools of computer and user application programs;

5) destruction of information in protective devices after use;

6) signaling resource disorders;

7) auxiliary programs Protection of various purposes.

To protect against someone else's invasion, certain security measures are necessarily provided. The main functions that should be implemented by software, this is:

1) identification of subjects and objects;

2) distinction (sometimes full insulation) access to computing resources and information;

3) Control and registration of actions with information and programs.

The most common identification method is password identification. However, practice shows that the password data protection is a weak link, since the password can be overheard or high, intercept or just solve.

Copy protection tools prevent the use of stolen copies of the software and are currently the only reliable means - both protecting the copyright programmers-developers and stimulating market development. Under the means of protection against copying is understood to the means that ensure the execution of the program of their functions only when identifying a certain unique non-populated element. Such an element (called key) can be a diskette, a specific part of the computer or a special device connected to a personal computer. Copy protection is implemented by a number of functions that are common to all protection systems:

1. The identification of the medium from which the program (diskette or PC) will be launched;

2. Environmental authentication from which the program is running;

3. Reaction to launch from an unauthorized environment;

4. Registration of sanctioned copy;

5. Countering the study of the system's work algorithms.

Prreditary programs and, above all, viruses represent a very serious danger when storing confidential information on PEVM. The underestimation of this danger may have serious consequences for user information. Knowledge of the mechanisms of action of viruses, methods and means of combating them allows to effectively organize the opposition to viruses, minimize the likelihood of infection and losses from their impact.

Computer Viruses are small executable or interpretable programs that have the property of distribution and self-reproduction (replication) in the computer system. Viruses can change or detect software or data stored in PC. In the process of spreading, viruses can modify themselves.

Currently, there are more than 40 thousand of only registered computer viruses in the world. Since the overwhelming majority of modern pest programs have the ability to self-insulating, they are often referred to as computer viruses. All computer viruses can be classified according to the following features:

- on the habitat of the virus,

- by the way of infecting the habitat,

- on destructive capabilities,

- According to the characteristics of the virus algorithm.

Mass distribution of viruses, the seriousness of the consequences of their impact on the resources of computers caused the need to develop and use special antivirus and methods for their use. Antivirus tools are used to solve the following tasks:

- Detection of viruses in the COP,

- blocking the work of viruses programs,

- elimination of the effects of virus effects.

The detection of viruses is desirable to implement at the stage of their implementation or at least before the implementation of the destructive functions of viruses. It should be noted that there are no antivirus tools that guarantee the detection of all possible viruses.

When a virus is detected, it is necessary to immediately stop the operation of the virus program to minimize the damage from its impact on the system.

The elimination of the effects of virus impact is conducted in two directions:

- removal of viruses,

- Restore (if necessary) files, memory areas.

To combat viruses, software and hardware and software are used, which are used in a certain sequence and combination, forming methods to combat viruses.

The most reliable method of protection against viruses is the use of hardware and software antivirus. Currently, special controllers and their software are used to protect the PEVM. The controller is installed in the expansion connector and has access to a common bus. This allows him to control all appeals to disk system. IN software The controller is remembered on the disks, the change in which in the usual modes of operation is not allowed. Thus, you can establish protection for changing the main boot record, boot sectors, configuration files, executable files, etc.

When performing forbidden actions, any program controller issues the appropriate message to the user and blocks the operation of the PC.

Hardware and software anti-virus agents have a number of advantages over software:

- work constantly;

- all viruses detect, regardless of the mechanism of their action;

- Block unresolved actions that are the result of the operation of the virus or unqualified user.

The disadvantage of these funds is one - dependence on the hardware PCH. Changing the latter leads to the need to replace the controller.

Modern software antivirus can carry out a comprehensive computer check for the identification of computer viruses. This uses such antivirus programs How - Kaspersky Anti-Virus (AVP), Norton AntiVirus, Dr. Web, Symantec Antivirus. They all have antivirus basesthat are periodically updated.

Cryptography as a means of protection (closure) of information is becoming increasingly important in the world of commercial activities.

Cryptography has a fairly long history. Initially, it was used mainly in the field of military and diplomatic communications. Now it is necessary in industrial and commercial activities. If we consider that today there are hundreds of millions of messages, telephone conversations, huge amounts of computer and telemetry data in the country today, and all this is not for foreign eyes and ears, it becomes clear: the preservation of the mystery of this here is extremely necessary.

Cryptography includes several sections of modern mathematics, as well as special sectors of physics, electronics, communications and some other related industries. Its task is to transform mathematical methods transmitted over the communication channels of the secret message, telephone conversation or computer data in such a way that they become completely incomprehensible to unauthorized persons. That is, cryptography should provide such protection of secret (or any other) information, which even if it is intercepted by unauthorized persons and processing with any ways using the fastest EUM and the latest achievements of science and technology, it should not be decrypted for several decades. For such a transformation of information, various encryption means are used - such as document encryption tools, including portable execution, speech encryption tools (telephone and radio engineering), telegraph messages and data transmission.

Initial information that is transmitted through communication channels may be speech, data, video signals, called unencrypted messages R.

In the encryption device, the message P is encrypted (converted to the message C) and is transmitted over the "unclosed" communication channel. On the receiving side, the message with decryption to restore the source value of the message R.

The parameter that can be applied to extract separate information is called the key.

If in the process of sharing information for encryption and read use one same key, then such a cryptographic process is called symmetrical. Its main disadvantage is that before starting the exchange of information, you need to transmit the key, and this requires a secure connection.

Currently, when exchanging data from communication channels uses asymmetric cryptographic encryption based on the use of two keys. These are new open-key cryptographic algorithms based on the use of two types of keys: secret (closed) and open.

In the open key cryptography, at least two keys are, one of which is impossible to calculate from the other. If the key decryption key cannot be obtained from the encryption key, the secrecy of information encrypted using an unfaithful (open) key will be provided. However, this key must be protected from the substitution or modification. The decryption key must also be secret and protected from substitution or modification.

If, on the contrary, the computational methods cannot obtain the encryption key from the decryption key, the decryption key may not be secret.

The keys are arranged in such a way that the message encrypted by one half can be decrypted only by another half. Having created a pair of keys, the company widely distributes an open (public) key and reliably protects the closed key.

Protection with a public key is not absolutely reliable. Having studied the algorithm for its construction can be reconstructed closed key. However, the knowledge of the algorithm also does not mean the ability to reconstruct the key in a reasonable acceptable time frame. Based on this, the principle of adequacy of information protection is formed: information protection is assumed sufficient if the cost of overcoming exceeds the expected cost of the information itself. This principle is guided by asymmetric data encryption.

Separation of encryption functions and decryption by separation into two parts for more informationrequired to perform operations is the valuable idea that underlies the open key cryptography.

Cryptographic protection specialists pay special attention, considering it the most reliable, and for information transmitted by a large length of a large length - the only means of protection against theft.

Informational security understands the state of information protection of the society environment from internal and external threats, ensuring its formation, use and development in the interests of citizens, organizations, states (the law of the Russian Federation "On participation in international informational exchange").

The information security system imposes certain requirements:

- clarity to determine the powers and rights of users to access certain types of information;

- providing the user to the minimum authority necessary for him to fulfill the commissioned work;

- minimizing the number of common protection for several users;

- accounting of cases and attempts to unauthorized access to confidential information;

- ensuring the evaluation of the degree of confidential information;

- ensuring control of the integrity of protection funds and immediate response to their failure.

Under the security system, the organized combination of special bodies, services, means, methods and activities that protect the vital interests of the individual, enterprises and states from internal and external threats are understood.

Like any system, the information security system has its own goals, tasks, methods and means of activity that are coordinated by place and time depending on the conditions.

From the point of view of information security, the information has the following categories:

1. Privacy - a guarantee that specific information is available only to the circle of persons for which it is intended; Violation of this category is called the predation or disclosure of information.

2. Integrity - a guarantee that the information now exists in its original form, that is, unauthorized changes were made during its storage or transmission; Violation of this category is called message falsification.

3. Aauthentic is a guarantee that the source of information is exactly the person who is stated as its author; Violation of this category is also called falsification, but already the author of the message.

4. Appeemability is a rather complicated category, but often used in e-commerce - a guarantee that, if necessary, it will be possible to prove that the author of the message is the stated person, and no one else can be; The difference between this category from the previous one that when the author is substituted, someone is trying to declare that he is the author of the communication, and when the appeal is impaired, the author himself is trying to "disappear" from his words signed by him once.

Under the threats of confidential information, it is customary to understand potential or actually possible actions with respect to information resources, leading to unlawful mastering protected information.

Such actions are:

Familiarization with confidential information in various ways and ways without disrupting its integrity;

Modification of information for criminal purposes as a partial or significant change in the composition and content of information;

Destruction (destruction) of information as an act of vandalism in order to directly apply material damage.

Actions resulting in unlawful mastering confidential information:

1. The disclosure is intentional or careless actions with confidential information that led to familiarization with them who were not admitted to them.

2. The leakage is an uncontrolled way out of confidential information beyond the organization or a circle of those who were trusted.

3. Unauthorized access is an unauthorized intentional mastering of confidential information by a person who does not have access to protected secrets.

1. Why do you need to protect information?

2. What is understood by the protection of information?

3. What system can be called safe?

4. What is a state secret?

5. What information can be attributed to state secrets?

6. What is a commercial mystery?

7. What information is the commercial secret?

8. What does not apply to a commercial secret?

9. What levels of access to information are regulated by Russian legislation?

10. How are the methods of information protection are divided?

11. What are the organizational and legal methods and information protection means?

12. What engineering techniques and means are used when protected information?

13. How to protect information from unauthorized access?

14. What is a "computer virus"?

15. How are computer viruses classified?

16. What funds are used for antivirus protection?

17. With the help of which the virus can get into the computer?

18. How to protect information from copying?

19. What are cryptographic methods and information protection tools?

20. How is asymmetric data encryption?

21. What is the meaning of information security?

23. What is the threat of information security?

24. What actions lead to unlawful mastering information?

Information Today is an important resource whose loss is fraught with unpleasant consequences. The loss of confidential data of the company carries in themselves the threats of financial losses, since competitors or intruders can take advantage of the information. To prevent such unwanted situations, all modern firms and institutions use information protection methods.

Safety of information systems (IP) is a whole course that all programmers and specialists in the field of building IP are undergoing. However, know species information threats and protection technology needs to everyone who works with secret data.

Types of information threat

The main type of information threats to protect against which the whole technology is created at each enterprise is the unauthorized access of attackers to the data. The attackers are planning in advance criminal actions that can be carried out by direct access to devices or by remote attack using programs specially designed to theft.

In addition to the actions of hackers, firms are often faced with loss of information due to violation of software and hardware.

In this case, the secret materials do not fall into the hands of attackers, but are lost and not subject to recovery or restored for too long. Failures in computer systems may occur for the following reasons:

• Loss of information due to damage to carriers - hard drives;
• Mistakes in software tools;
• Violations in the work of hardware due to damage or wear.

Modern information protection methods

Data protection technologies are based on the use of modern methods that prevent information leakage and its loss. Today is six main ways to protect:

• Let;
• Disguise;
• Regulation;
• Control;
• Compulsion;
• Movement.

All listed methods are aimed at building an effective technology, in which losses are excluded due to negligence and successfully reflected different types Threats. The obstacle means a way to physically protect information systems, thanks to which the attackers do not have the opportunity to get into a protected area.

Masking - Ways to protect information providing for data transformation into a form, not suitable for perception of unauthorized persons. For decryption requires knowledge of principle.

Management - Ways to protect information under which management over all components of the information system.

Regulation is the most important method of protecting information systems, involving the introduction of special instructions, according to which all manipulations with protected data should be carried out.

Coercion - methods of information protection, closely related to regulation, involving the introduction of a complex of measures in which employees are forced to perform established rules. If methods of exposure to workers under which they perform instructions on ethical and personal reasons, they are talking about prompting.

On video - detailed lecture on the protection of information:

Information Systems Protection Means

Ways to protect information involve the use of a certain set of funds. To prevent the loss and leakage of secret information, the following means are used:

• Physical;
• Software and hardware;
• Organizational;
• Legislative;
• Psychological.

Physical means of protecting information prevent the access of unauthorized persons to the protected area. The main and oldest means of physical obstacle is to install durable doors, reliable locks, lattices on the windows. To enhance information protection, bandwidths are used on which access controls are carried out (guards) or special systems. In order to prevent information loss, the installation of the fire system is also advisable. The physical means are used to protect data both on paper and on electronic media.

Software and hardware are an indispensable component to ensure the safety of modern information systems.

Hardware is presented by devices that are embedded in equipment for information processing. Software - programs reflecting hacker attacks. Also, the software can also be attributed to the software complexes that perform the recovery of lost information. With the help of a complex of equipment and programs provided backup Information - to prevent losses.

Organizational tools are associated with several methods of protection: regulation, management, coercion. Organizational means include developing job descriptions, conversations with employees, a set of penalties and promotion measures. With the effective use of organizational funds, the enterprise employees are well aware of the technology of working with protected information, clearly fulfill their duties and are responsible for providing unreliable information, leakage or loss of data.

Legislative remedies - a set of regulatory acts governing people who have access to protected information and determining the measure of responsibility for the loss or theft of secret information.

Psychological means - a set of measures for creating personal interest of workers in the safety and authenticity of information. To create personal interest personnel, managers use different types of encouragements. Psychological means include the construction of corporate culture, in which each employee feels an important part of the system and is interested in the success of the enterprise.

Protection of transmitted electronic data

To ensure the security of information systems today, the methods of encryption and protection of electronic documents are actively used. These technologies allow remote data transmission and remote confirmation of authentication.

Information protection methods by encryption (cryptographic) are based on changing information using the secret keys of a special type. At the heart of the technology of electronic data cryptography - transformation algorithms, replacement methods, algebra matrices. The stability of encryption depends on how difficult the conversion algorithm was. Encrypted information is reliably protected from any threats other than physical.

Electronic digital signature (EDS) - parameter electronic documentserving to confirm its authenticity. The electronic digital signature replaces the signature of the official on the paper document and has the same legal force. EDS serves to identify its owner and to confirm the absence of unauthorized transformations. The use of EDS provides not only information protection, but also contributes to the cheapening of document management technology, reduces the time of the documents of the documents when reporting.

Information System Safety Classes

The protection technology and the degree of efficiency is determined by the security class of the information system. International standards allocate 7 security classes systems that are combined in 4 levels:

• D - zero security level;
• C - systems with arbitrary access;
• In - systems with compulsory access;
• A - systems with verified security.

The level D corresponds to the systems in which the defense technology is poorly developed. With this situation, any extraneous person has the ability to access information.

The use of underdeveloped protection technology is fraught with loss or loss of information.

The level C has the following classes - C1 and C2. Security C1 assumes data and users. A specific user group has access to only specific data, it is necessary to receive an authentication - user authentication by requesting a password. When security class C1, there are hardware and software for protection. Systems with C2 class are complemented by measures that guarantee user responsibility: A access log is created and supported.

Level B includes security technologies that have level C classes, plus a few optional. Class B1 assumes the availability of security policies, a trusted computing database for managing safety tags and forced access control. When class B1, experts carry out careful analysis and testing of the source code and architecture.

Security class B2 is characteristic of many modern Systems And assumes:

• Supply of the secrecy of all resources of the system;
• Registration of events that are related to the organization of secret memory sharing channels;
• Structuring a trusted computing base on well-defined modules;
• Formal security policy;
• High stability of systems to external attacks.

Class B3 suggests, in addition to the class B1, alert of the administrator about attempts to violate security policies, analysis of the emergence of secret channels, the presence of mechanisms for data recovery after the equipment failure or.

Level A comprises one highest class Safety - A. This class includes systems that have been tested and received confirmation of compliance with formal top-level specifications.

On video - detailed lecture on the safety of information systems:

To ensure confidentiality of information, protection against listening to buildings of companies and firms, effective counteraction to industrial espionage, numerous methods and information protection techniques are used. Many of these methods are based on the use of technical information protection.

Existing technical means of protecting information for enterprises and organizations can be divided into several groups.
1) Detection and destruction devices unauthorized technical means of intelligence:
. nonlinear locators (investigate the response to the effects of the electromagnetic field);
. nonlinear wired lines locators;
. magnetoresonance locators;
. radigenometers;
. acoustic correlators;
. Metal detectors;
. thermal imagers;
. Search devices for changes in the magnetic field;
. Electromagnetic radiation search devices - scanners, receivers, frequency meters, noiseomers, infrared radiation detectors, spectrum analyzers, microvoltmeter, radio emission detectors;
. Search devices for changes in the parameters of the telephone line. To identify connections to the telephone line, circuits are used - telephone lines analyzers, microcircuit-based lines status indicators, parallel telephone blocks.

2) Passive facilities for the protection of premises and equipment:
. Interference settings. Acoustic noise generators masking sound signal In rooms and lines of communication (white noise with an amplitude spectrum, distributed according to normal law). Window glass modulators (make the amplitude of glass oscillations greater than the one that is caused by the voice of a person) - to prevent the interception of speech messages with special devices. Network filters that exclude the ability to leak information with power supply chains.
. Observation devices - open observation systems, secret monitoring systems;
. Devices of automatic recording telephone conversations.

3) technical means cryptographic protection information.

4) Special technical means of recognizing PC users.

Electronic access keys to personal computers. The key is a microprocessor; The information is brought to its storage device unique information for each user.
. Identification devices for fingerprints.
. Identification devices vote. The voice of the voice is influenced both anatomical features and the acquired human habits: the frequency range of vibration vibration, frequency characteristics of the voice.

From the point of view of technical implementation, the most acceptable is the study. frequency characteristics. For this, special multichannel filters are used. Recognition of user commands is performed by comparing current data with a reference signal on each frequency channel.

The above list of technical means of protecting information is far from complete, and in the measure of modern science and technology, it is constantly updated, providing enterprises and organizations to additional methods and ways to protect confidential data and commercial secrets.

Information protection tools for inflated tools when implementing the safety policies of various structures. Today there are quite a variety of tracking equipment, so the high-quality hardware organization of the security system is the key to the successful functioning of divisions of various activities. SpecTexthexulting offers all interested to buy information protection tools, using which can be implemented a modern reliable security system. We have the most different information security equipment in the widest assortment - you are guaranteed to purchase everything you need based on the specifics of the functioning of your organization or structure.

Based on the level of secrecy of internal information and the current situation in the work of the company, information security tools can be set to temporarily or use on an ongoing basis. For example, information protection means makes sense to apply during meaningful negotiations with business partners or internal meetings, but they can work on an ongoing basis to fully prevent information leakage from certain structural divisions of the company. In "SpecTehKonsulting" you can buy means of protecting information of a variety of principle of operation and purpose. To implement the global information security system, it is necessary to use comprehensively - use hardware, software and organizational protection tools.

Specialists "Specialthekonsalting" are ready to provide comprehensive assistance that the technical equipment of information protection chosen by you is effectively and completely prevented by leakage of data. Various information security tools must be chosen in a thoroughly, given the strengths and weak aspects, the possibilities of interaction and other specifics. Just buy information protection tools for various principles of action is not enough to implement an effective security system. On the pages of the online catalog "SpecTechConsulting" presented in detail technical information And the possibilities of the equipment implemented by us for information security are given. We tried to provide optimal conditions for selecting our visitors.

Tracking and espionage tools are improved all the time, but exactly also appear more powerful and effective means Protection of information. Therefore, with a competent approach to the implementation of information security, it can be guaranteed it effective work. In "SpecTehkensalting", you can purchase information protection tools that will help reliably protect commercial, production or service information that does not provide for use from outside. The installation of modern information security equipment will create conditions for safe operation, negotiation and important business meetings.