D.V. Peregudov,

Department of Internal Affairs for the Lipetsk region

LEGAL ASPECTS OF INFORMATION PROTECTION IN THE ACTIVITIES OF ECONOMIC SECURITY UNITS OF THE INTERNAL AFFAIRS

Security information security within the framework of the system of internal affairs bodies, it is an organizational combination of forces and means, mechanisms, methods and methods, functioning under the control of strict observance of the current normative legal acts in the field of information protection. At the same time, the problem of ensuring information security is closely connected not only with the solution of scientific and technical problems, but also with the issues of legal regulation of informatization relations, the development of the legislative base. In this regard, it can be concluded that information protection is a complex of legal, organizational and engineering-technical measures (measures) aimed at preventing leakage of protected information, unauthorized access to it. In turn, the legal aspects of information protection are of paramount importance in the block of protection measures. This is due to the fact that the legal regulation of relations in the field of economic security predetermines the existence of all other measures as a fundamental basis dividing the behavior of subjects (users, owners and other persons) of information relations into “possible (permitted)” and “prohibited” in relation to the object - information. Organizational and technical measures are only streamlined and legalized by the legal framework.

In the internal affairs bodies, the legal support of information security is based on federal legislation Russian Federation... The legal and regulatory framework at the departmental level is the successor to the RF Law “On State Secrets”, the RF Law “On Information, Information Technologies and Information Protection”, the Decree of the President of the Russian Federation dated 03.04.1995, No. the development, production, sale and operation of information tools, as well as the provision of services in the field of information encryption ", decrees of the Government of the Russian Federation dated April 15, 1995 No. 333" On licensing the activities of enterprises and organizations to carry out work related to the use of information constituting state secrets, the creation of information protection means, as well as with the implementation of measures and (or) the provision of services for the protection of state secrets ", from

06/26/1995 No. 608 "On the certification of information security means", dated 09/15/1993, No. 912-51 "On the state system of information protection of the Russian Federation from foreign intelligence services and from its leakage through technical channels", dated 01/05/2004 No. 3-1 "On approval of the Instruction on ensuring secrecy in the Russian Federation", as well as on the basis of "Special requirements and recommendations for the protection of information constituting a state secret from leakage through technical channels", approved by the Decision of the State Technical Commission of Russia dated 23.05.1997 No. 55, Decision of the State Technical Commission of Russia dated 03.10.1995, No. 42 "On standard requirements for the content and procedure for developing guidelines for protecting information from technical intelligence and from its leakage through technical channels at the facility", dated 16.07.1996, No. 49 "Model of foreign technical intelligence for the period up to 2010" ("Model ITR-2010") and other

their legislative and other regulatory legal acts in the field of information security, regulating the procedure and rules for the technical protection of information in the Russian Federation.

Peculiarity information support in the internal affairs bodies, in particular in the economic security divisions, is that the employees of these divisions carry out their activities within the framework of the work and handling of information constituting a state secret.

State secrets are information protected by the state in the field of its military, foreign policy, economic, intelligence, counterintelligence and operational-search activities, the dissemination of which may harm the security of the Russian Federation. Subdivisions of the economic security of the internal affairs bodies work with information in the field of operational investigative activities, ie, based on the Law of the Russian Federation of 12.08.1995, No. 144-FZ "On operational and investigative activities." The classification of information constituting a state secret is carried out in accordance with the List of information classified as a state secret, approved by the Decree of the President of the Russian Federation dated

30.11.1995, No. 1203, and in accordance with the rules for classifying information constituting a state secret to various degrees of secrecy, approved by the Government of the Russian Federation dated 04.09.1995, No. 870, as well as on the basis of the list of information to be classified in the system Ministry of Internal Affairs of Russia, determined by the Minister of Internal Affairs of the Russian Federation. At the same time, the admission of persons to information constituting a state secret is carried out in accordance with the instructions on the procedure for admitting officials and citizens of the Russian Federation to state secrets, approved by the Government of the Russian Federation dated October 28, 1995, No. 1050. In the internal affairs bodies, by order of the Ministry of Internal Affairs of Russia dated 03/02/2002 No. 200 for DSP stipulates a detailed list of information to be classified.

In turn, the BEP units also work with information constituting an official secret. These include information of limited distribution, access to which is limited by state authorities in order to avoid damage to both the internal affairs bodies and the security of the state authorities of the Russian Federation. The classification of information as official information of limited distribution is made on the basis of the Approximate list of official information of limited distribution and documents containing them, generated in the course of the activities of the internal affairs bodies, determined by the Minister of Internal Affairs of the Russian Federation. In accordance with the Decree of the President of the Russian Federation of 06.03.1997 No. 188 "On Approval of the List of Confidential Information", official information of limited distribution circulating in the BEP divisions refers to information of a confidential nature (confidential information).

The fundamental departmental regulations in the activities of units for combating economic crimes in the field of information security are the order of the Ministry of Internal Affairs of Russia dated 05.07.2001 No. 029 "On approval of the Temporary Manual on the technical protection of information in the internal affairs bodies of the Russian Federation and the internal troops of the Ministry of Internal Affairs Of the Russian Federation "and the order of the Ministry of Internal Affairs of Russia dated March 15, 2005 No. 015" On approval of the Instruction on ensuring secrecy in the internal affairs bodies ". The first regulatory document characterizes the requirements of an organizational and technical plan for the protection of legally protected information in the activities of BEP units, in particular, it defines uniform technical and mathematical protection measures

information in all divisions of the internal affairs bodies, carrying out their work with information classified as state and official secrets. Order of the Ministry of Internal Affairs of Russia No. 029:

Defines objects of technical protection of information, possible threats to these objects;

Establishes a unified and integral (mandatory) procedure for the implementation of measures for the technical protection of information;

Establishes a uniform form of documents drawn up for an information protection object, on the basis of which a technical protection regime is established during their processing;

Determines the procedure for monitoring technical protection and licensing in this area.

Despite the fact that this normative document was developed back in 2001, at present in the economic security units of the Internal Affairs Directorate for the Lipetsk region at the district level, the conditions for information activities do not fully comply with the requirements of this order. First of all, this concerns the material support of the objects at which information processing is carried out (electronic computers, technical means of receiving, transmitting and processing information: sound recording, sound reproduction, intercom and television devices, means of duplicating documents, and others), in accordance with the established norms of provision ... Even if such objects are available in the BEP divisions, then they are in single copies and in moral and technical terms lag behind modern and advanced tools and technologies in this area. In turn, as a shortcoming, it should also be noted about the weak knowledge of the employees of the BEP units operating objects of technical protection of information, regulatory legislation on the technical protection of information upon taking office and during the entire period of performance of their official functional tasks. At the same time, the constant turnover of personnel in these divisions also affects.

The order of the Ministry of Internal Affairs of Russia No. 029-2001 is mainly related to the technical support of information protection facilities, which includes:

Establishing their compliance with the technical protection requirements and documenting the technical measures taken to protect information, categorizing objects;

Drawing up technical passports for these objects;

Development of instructions for ensuring organizational (security) and

technical measures to protect information;

Conducting special studies, special checks and examinations of these objects;

Registration of a prescription for the operation of the facility;

Attestation of the facility and measures to control the technical

information protection.

As practice shows, in the regional departments of internal affairs, due to the small number of information protection objects, the work on the technical protection of protected information is carried out formally and is reduced only to the execution of monotonous documents, the semantic meaning of which is unaware of the employees operating the objects in respect of which the technical information protection measures in accordance with the order of the Ministry of Internal Affairs of Russia No. 029-2001

A more substantive and responsible step in the legal field was the development of Order No. 015-2005, which included organizational and technical measures of information protection. The requirements set forth in this order are

The protection of information constituting a state secret and secret service information relating to the current activities of subdivisions of the internal affairs body are eliminated. This departmental act establishes a clear and strict procedure for handling and using objects of information protection - a regime that is mandatory for all subjects of information relations under the threat of the onset of liability provided for by the current legislation. Order of the Ministry of Internal Affairs of Russia No. 015-2005 regulates relations related to the reception, processing, storage, use, transmission of significant and legally protected information in the BEP divisions, monitoring compliance with prescribed norms, determining measures of responsibility for their violation, establishes a single procedure in relations with subjects of other internal affairs bodies - external subjects. Thus, the legal protection of information protection objects is the basis for the development and definition of organizational and technical measures to protect information in the BEP divisions.

An important direction in the field of information security legislation in the internal affairs bodies is the determination of legal responsibility for committing an unlawful act in relation to the object of protection.

In legal science and current legislation, legal liability can appear in four variations:

Civil;

Administrative;

Disciplinary;

Criminal.

Considering that the BEP employees working with information constituting a state secret are officials of the executive authority, they bear the burden of strict responsibility for the disclosure of this information or its loss. In such cases, there can be only two types of liability:

1) disciplinary;

2) criminal.

Their differentiation depends only on the nature of the offense committed, and the difference lies in the specific penalties and the special procedure for their application.

Disciplinary responsibility consists in imposing a disciplinary sanction on a BEP employee by the powers of the head of the internal affairs body. Disciplinary punishments are: warning, reprimand, severe reprimand, dismissal from the internal affairs bodies. However, the internal affairs bodies provide for strict disciplinary liability for violation of the order of the Ministry of Internal Affairs of Russia No. 015-2005, which is expressed in the imposition of the last three of the above types of penalties on an employee.

Disciplinary liability can be applied to an economic security employee in the event of negligence in the performance of his official duties, expressed in violation of the secrecy regime, the rules for handling information related to official secrets - confidential information, without any illegal intent.

The most severe measures of influence are characterized by criminal liability, which is applied in court to a person guilty of a crime, i.e. a guilty, socially dangerous act provided for by the Criminal Code of the Russian Federation. The main types of crimes in the field of information security are shown in the table.

Types of crimes in the field of information protection

Article of the Criminal Code of the Russian Federation

Disposition of the article of the Criminal Code of the Russian Federation

Penalty (sanction)

Article 272. Unlawful access to computer information 1. Unlawful access to legally protected computer information, that is, information on a machine medium, in an electronic computing machine (ECM), a computer system or their network, if this act entailed the destruction, blocking, modification or copying of information, disruption of the operation of a computer, computer system or their networks; Shall be punished with a fine in the amount of up to two hundred thousand rubles or in the amount of the salary or other income of the convicted person for a period of up to eighteen months, or correctional labor for a term of six months to one year, or imprisonment for a term of up to two years;

The same act committed by a group of persons by prior conspiracy or by an organized group or by a person using his official position, as well as having access to a computer, a computer system or their network is punishable by a fine in the amount of one hundred thousand to three hundred thousand rubles or in the amount of wages, or other income of the convicted person for a period of one to two years, or correctional labor for a term of one to two years, or arrest for a term of three to six months, or imprisonment for a term of up to five years

Article 273. Creation, use and distribution malware for computers 1. Creation of computer programs or making changes to existing programs, obviously leading to unauthorized destruction, blocking, modification or copying of information, disruption of the operation of computers, computer systems or their networks, as well as the use or distribution of such programs or machine media with such programs; Shall be punishable by imprisonment for a term of up to three years with a fine in the amount of up to two hundred thousand rubles or in the amount of the wages or other income of the convicted person for a period of up to eighteen months;

the same acts that negligently entailed grave consequences are punishable by imprisonment for a term of three to seven years

Article 274. Violation of the rules of operation of a computer, a computer system or their network 1. A violation of the rules of operation of a computer, a computer system or their network by a person who has access to a computer, a computer system or their network, resulting in the destruction, blocking or modification of legally protected computer information, if the act caused substantial harm; Shall be punishable by deprivation of the right to hold certain positions or engage in certain activities for a period of up to five years, or compulsory labor for a period of one hundred and eighty to two hundred and forty hours, or restraint of liberty for a period of up to two years;

the same act, which negligently entailed grave consequences, is punishable by deprivation of liberty for a term of up to four years

Article 275. State treason High treason, that is, espionage, issuance of state secrets or other assistance to a foreign state, foreign organization or their representatives in carrying out hostile activities to the detriment of the external security of the Russian Federation, committed by a citizen of the Russian Federation. Punished with imprisonment for a term of twelve up to twenty years with or without a fine in the amount of up to five hundred thousand rubles or in the amount of the wages or other income of the convicted person for a period of up to three years.

Article 276. Espionage Transfer, as well as collection, theft or storage for the purpose of transferring information constituting a state secret to a foreign state, foreign organization or their representatives, as well as transfer or collection of other information on the instructions of foreign intelligence for their use to the detriment of the external security of the Russian Federation if these acts were committed by a foreign citizen or stateless person Punished with imprisonment for a term of ten to twenty years

Article 283. Disclosure of state secrets 1. Disclosure of information constituting a state secret by a person to whom it was entrusted or became known in service or work, if this information became the property of other persons, in the absence of signs of high treason; Shall be punishable by arrest for a term of four to six months, or imprisonment for a term of up to four years, with or without the deprivation of the right to hold certain positions or engage in certain activities for a term of up to three years;

The same act that negligently entailed grave consequences is punishable by imprisonment for a term of three to seven years with the deprivation of the right to hold certain positions or engage in certain activities for a term of up to three years

Article 284. Loss of documents containing state secrets Violation by a person who has access to state secrets of the established rules for handling documents containing state secrets, as well as with items, information about which constitutes a state secret. term from four to six months, or imprisonment for up to three years with imprisonment

state secrets, if this entailed by negligence their loss and the onset of grave consequences

the right to hold certain positions or engage in certain activities for up to three years or without

From the analysis of the table it can be seen that acts related to violation of the procedure for using information constituting a state secret can be recognized as a crime. In the internal affairs bodies, such facts can take place only in case of violation of the secrecy regime. And for each fact of such misconduct, an official check is carried out.

A violation of the secrecy regime in the internal affairs bodies is the disclosure of information constituting a state secret, that is, the disclosure of information by the employee to whom this information was entrusted in the service, as a result of which it became the property of unauthorized persons; or the loss of information carriers that constitute a state secret, that is, the release (including temporary) of information carriers from the possession of the employee to whom they were entrusted in the service, as a result of which they became or could become the property of unauthorized persons.

If these facts are revealed, the head of the department of internal affairs is obliged to inform the higher management, the security body (a division of the FSB) and organize an official check and search for carriers of information constituting a state secret, as well as take all measures to localize possible damage. To conduct an official audit, the head must create a commission, which, within a month, must:

1) establish the circumstances of the disclosure of information constituting a state secret, or the loss of media containing such information;

2) search for lost media;

3) identify the persons guilty of disclosing this information or losing media;

4) establish the reasons and conditions that contributed to the disclosure of information constituting a state secret, leakage of media containing such information, and develop recommendations for their elimination.

Based on the results of the work of this commission, the conclusion of an official audit is drawn up with the adoption of specific measures against persons guilty of violating the secrecy regime.

As practical experience shows, cases of crimes related to disclosure of state secrets committed by operational officers are extremely rare. Most often, there are cases of disciplinary offenses committed by employees in the negligent and improper performance of their official duties to comply with the requirements of the secrecy regime.

Thus, analyzing the legal framework designed to ensure legal protection of the legally protected interests of the state, society, legal and individuals in the field of information relations, we can conclude that it is extremely weak in the internal affairs bodies. In its semantic presentation, there is no substantive approach to the acute and serious problem of protecting state and official secrets, although there are requirements for mandatory compliance with regime information protection measures, however, in practical terms, especially in regional divisions, control over the implementation of the binding instructions of departmental regulations of the Ministry of Internal Affairs of Russia , there are practically no territorial internal affairs bodies, work on the technical security of information protection objects is carried out formally without taking into account the specific characteristics of the object, material support with technical means of protection

information does not meet the needs and conditions of the BEP operational units. 95% of all violations related to non-compliance with regulations on information protection in internal affairs bodies are detected during inspections by higher authorities.

The foregoing allows us to conclude that it is necessary to improve the legal support for the protection of information in the activities of both the internal affairs bodies in general, and their units of economic security in particular.

Thank you for visitinghttp :// Ndki . narod . ru

Egoryshev A.S. The problem of information security in the activities of internal affairs bodies. / Social reform in the Russian Federation and the Republic of Bashkortostan and the problems of the shadow economy and national security (Materials of the Russian scientific conference) - Moscow-Ufa, 1997. - pp. 102 - 106.

Egoryshev A.S.- student of the Ufa Law Institute of the Ministry of Internal Affairs of the Russian Federation

The problem of information security in the activities of internal affairs bodies.

Contemporary Russian crime is becoming more and more professional. As an indicator of the professionalism of the underworld, one can name the emergence of such a form of crime that did not previously have such a widespread distribution in Russia as computer crime. Its modern scale is such that it requires the most active work to protect information from electronic pirates.

The costs of conversion have led to an outflow of minds from many formerly elite spheres of science and production. For example, Russian electronics engineers are considered the most experienced in the field of computer crime. About 100 thousand people constantly work for computer crime in the republics of the former USSR, and another 3 million people - from time to time. The centers of computer crime are Moscow, St. Petersburg, Ukraine and the Urals. Russian computer crime is a growing concern abroad, because as a result of skillful computer machinations carried out by electronic pirates of Russia, foreign banks are losing large sums of money, disappearing in an unknown direction.

Computer crime has become a real scourge of the economies of developed countries. So, for example, 90% of firms and organizations in the UK have at various times become targets of electronic piracy or are

were under his threat, in the Netherlands 20% of various kinds of enterprises became victims of computer crime. In Germany, 4 billion marks are stolen annually with the use of computers, and 1 billion francs in France. Experts note the high level of latency of this type of crime, because in 85% of cases the facts of software piracy are not disclosed.

The situation is aggravated by the fact that the law enforcement agencies themselves are also becoming the object of attention of criminals armed with modern computers. Therefore, today the task of protecting their own information has become very relevant for the internal affairs bodies.

Information security is the protection of information and supporting infrastructure from accidental or deliberate influences of a natural or artificial nature, fraught with harm to the owners or users of information and supporting infrastructure.

The problem of information security, especially for the internal affairs bodies, is of greatest interest today. The fight against computer crime is one of the most important tasks law enforcement agencies against the background of the colossal development of information systems, local and global networks.

The problem of ensuring information security is of a complex nature, for the solution of which a combination of legislative, organizational, software and technical measures is required.

Timely and effective improvement of legislation is necessary, since the currently available legal framework in this area lags far behind practical needs.

There is a huge shortage of highly qualified personnel in the police department. This problem, in our opinion, can be solved in the following ways:

in connection with a significant reduction in the personnel of the armed forces of the Russian Federation, among whom there are many good specialists in the field of working on computers, it is possible to attract them to work in law enforcement agencies;

the introduction of special courses on the initial and professional preparation of work on personal computers, the introduction into the curriculum of the course "Information security and the use of information technologies in the fight against crime", approved by the Main Personnel Directorate of the Ministry of Internal Affairs of Russia on June 1, 1997 specialty Jurisprudence (specialization "Information Security");

it is necessary to improve financing of organizations and institutions that are part of the Ministry of Internal Affairs of Russia for the purchase of good equipment and modern software, since the material base of the Ministry of Internal Affairs of the Russian Federation in the field of information security is currently at an insufficient level;

it seems possible to raise the issue of improving the training process for police officers specializing in work in the field of information security. For this purpose, in our opinion, a differential training system is needed, since solid training in the field of computer science cannot be obtained within the framework of a traditional higher educational institution of the Ministry of Internal Affairs of the Russian Federation;

to create favorable conditions for recruiting highly qualified specialists working in the area of ​​interest to us in the police department. To ensure the appropriate amount of remuneration, since today, from a material point of view, it is much more profitable to work in this specialty in banking structures and private firms.

To maintain the information security regime, software and hardware measures are most important, since it is known that the main threat to computer systems comes from themselves, which can be expressed in errors software, equipment failures, unsatisfactory work of employees, as well as heads of organizations and institutions related to the ATS system.

V.A. Galatenko identifies the following key security mechanisms: identification and authentication, access control, logging and auditing, cryptography and shielding, for the effective use of which proactive analysis of possible threats is required.

Information security cannot be ensured without a strict distribution of functions of users, administrators of local networks and servers, as well as heads of internal affairs agencies.

Moreover, the duties and functions of the listed groups of police officers should be developed and approved in advance, depending on what goals they will be aimed at. There are several typical functions inherent for employees of any department or department of internal affairs bodies:

The heads of departments are responsible for communicating the approved provisions and principles of the security policy to users and administrators of local networks and servers, in the same place for contacts with them informing about a change in the status of each of the subordinates (dismissal from the internal affairs bodies, appointment to another position, etc.)

This function is most important due to the fact that an employee dismissed for any reason may represent the most significant

danger to the department or department where he worked.

The problem of an "offended" employee has always existed and will continue to exist. Knowing the basic principles of the system's functioning, he can, guided by negative motives, try to delete, change, correct any data. Therefore, it is necessary to ensure that upon dismissal of an employee, his access rights to information resources are canceled. Examples of the emergence of this problem are foreign films, the plot of which is based on real events of our days;

Nor can we put on the sidelines the problem of tylerance, i.e. the problem of the ratio of ends and means. Indeed, the cost of acquiring comprehensive protection measures should not exceed the cost of potential damage.

Local network administrators must ensure the smooth operation of the network, responsible for the implementation of technical measures, the effective application of security measures, thereby ensuring the security policy.

Server administrators are responsible for the servers assigned to them and ensure that the mechanisms used to ensure information confidentiality are in accordance with the general principles of the security policy.

Users are required to work with the local network, guided by the security policy, follow orders and orders of employees responsible for certain aspects of information security, and immediately report to management about all suspicious situations.

In our opinion, from the point of view of compliance with information security, the status of users of personal computers is of particular interest. The fact is that a significant part of information losses is accounted for by accidental and deliberate mistakes of employees working at IWT. Due to their possible negligence and negligence, they can enter deliberately incorrect data, miss errors in the software, thereby creating a breach in the security system. All this makes one think that an internal threat emanating directly from users of personal

computers are more significant and more dangerous than external influences.

In conclusion, it is necessary to remind that the observance of information security is not a task of an individual country, but of all mankind, since the highly developed computer crime of our days has long gone to the world level. Therefore, an effective fight against it is possible only with close cooperation of law enforcement agencies. different countries the world. It is necessary to build a joint complex of measures and means, recruit and train highly qualified personnel, develop in detail the basic principles of security policy, without which normal development is impossible.

information communications.

Literature:

4. Selivanov N. Problems of combating computer crime // Legality, 1993. - No. 8. - P. 36.

5. Galatenko V. Information security. // Open systems, 1996. - № 1. - C 38.

6. Federal Law "On Information, Informatization and Information Protection". // Rossiyskaya Gazeta, 1995.22 February.

7. President of the Russian Federation. Decree of April 3, 1995 No. 334 "On measures to comply with the rule of law in the development, production, sale and operation of encryption tools, as well as the provision of services in the field of information encryption."

8. Galatenko V. Decree. op. - P. 39.

480 RUB | UAH 150 | $ 7.5 ", MOUSEOFF, FGCOLOR," #FFFFCC ", BGCOLOR," # 393939 ");" onMouseOut = "return nd ();"> Dissertation - 480 rubles, delivery 10 minutes, around the clock, seven days a week

240 RUB | UAH 75 | $ 3.75 ", MOUSEOFF, FGCOLOR," #FFFFCC ", BGCOLOR," # 393939 ");" onMouseOut = "return nd ();"> Abstract - 240 rubles, delivery 1-3 hours, from 10-19 (Moscow time), except Sunday

Fisun Yulia Alexandrovna. State and legal foundations of information security in the internal affairs bodies: Dis. ... Cand. jurid. Sciences: 12.00.02: Moscow, 2001 213 p. RSL OD, 61: 01-12 / 635-2

Introduction

Chapter I. The concept and legal basis of information security . 14

1. Concept and essence of information security 14

2. The main directions of the state's activities to ensure information security 35

3. The main directions of the formation of legislation in the field of information security 55

Chapter II. Organizational foundations of information security in internal affairs bodies 89

1. Organization of activities of internal affairs bodies to ensure information security 89

2. Forms and methods of ensuring information security in the internal affairs bodies

Conclusion 161

References 166

Applications 192

Introduction to work

Relevance of the research topic. The informatization of the law enforcement sphere, based on the rapid development of information systems, is accompanied by a significant increase in attacks on information both by foreign states and by criminal structures and citizens. One of the features of the informatization process is the formation and use of information resources with the appropriate properties of reliability, timeliness, relevance, among which their safety is of great importance. This, in turn, presupposes the development of secure information technologies, which should proceed from the priority nature of solving information security problems. It should be noted that the lag in solving these problems can significantly reduce the pace of informatization of the law enforcement sphere.

Thus, one of the primary tasks facing the internal affairs bodies is to resolve the contradictions between the actual and necessary quality of protection of their information interests (needs), i.e., ensuring their information security.

The problem of ensuring information security in the internal affairs bodies is inextricably linked with the activities of the state in the information sphere, including the sphere of information security. Over the last period, a large number of regulatory legal acts on information legislation have been adopted. Only a few of them relate to the field of information security and at the same time relate only to general provisions for ensuring security (for example, the RF Law "On Security"). The very definition of "information security" first appeared in the Federal Law "On Participation in International Information Exchange". Information protection is also referred to in the Federal Law "On Information, Informatization and Information Protection", but without defining the concept of information protection. Due to the lack of concepts of types of information, it is not entirely clear what information should be protected.

The new version of the Concept of National Security, the priority task of which is not only the solution of state security issues, but also its components, is focused primarily on the fight against terrorism. Unfortunately, issues related to information security only affect threats in the information sphere. Nothing is said at all about the role of the Ministry of Internal Affairs as a subject of security.

The relevance of the chosen topic is emphasized by the act of adopting the Doctrine of Information Security of the Russian Federation (RF), which for the first time introduced the definition of information security of the Russian Federation, threats to information security, methods of ensuring information security of the Russian Federation, etc.

As for the issues of information security in the internal affairs bodies, in the legal literature they are mainly reduced to general provisions: lists the threats to security and names some of the methods of ensuring it, characteristic of the entire law enforcement sphere. The organizational and legal aspects of ensuring the information security of the internal affairs bodies within the framework of the proposed concept of information security are considered incompletely.

Taking into account the above, it is proposed to introduce the concept of information security of internal affairs bodies. Information security of the internal affairs bodies is a state of security of the information environment corresponding to the interests of the internal affairs bodies, in which their formation, use and development opportunities are ensured regardless of the impact of internal and external information threats. At the same time, taking into account the well-known definitions of a threat, an information threat will be understood as a set of conditions and factors that create a threat to the information environment and the interests of the internal affairs bodies.

Thus, the relevance of the legal regulation of information security in the activities of the internal affairs bodies is beyond doubt. To achieve the proper level of legal and regulatory support for information security, it is required to define its subject areas, regulate relations between security subjects, taking into account the characteristics of the main objects of information security. Therefore, according to the candidate for a degree, a comprehensive study is needed not only of the legal regulation of information security at the level of ministries and departments, but also a study of the state and development of the regulatory legal framework in the field of information security.

The degree of elaboration of the research topic. The author's analysis of the research results of scientists allows us to state that the problems of legal regulation of information relations, ensuring information security and its components are relevant for legal science and practice and require further development. " the field of information security, information security, which presupposes its protection against theft, loss, unauthorized access, copying, modification, blocking, etc., considered within the framework of the legal institution of secrecy being formed. A. B. Agapov, V. I. Bulavin, Yu. M. Baturin, S. A. Volkov, V. A. Gerasimenko, V. Yu. Gaikovich, I. N. Glebov, G. V. Grachev, S. N. Grinyaev, G. V. Emelyanov, V. A. Kopylov, A. P. Kurilo, V. N. Lopatin, A. A. Malyuk, A. S. Prudnikov, S. V. Rybak, A. A. Streltsov, A. A. Fatyanov, A. P. Fisun, V. D. Tsigankov, D. S. Chereshkin, A. A. Shiversky and others1.

In the course of the dissertation research, the latest achievements of natural, socio-economic and technical sciences, historical and modern experience in ensuring information security of an individual, society and state were widely used; materials of various scientific periodicals, scientific, scientific and practical conferences and seminars, works of scientists in the field of the theory of law and state, monographic studies in the field of law, information legislation, comprehensive information protection and information security.

Object and subject of research. The object of the research is the current and emerging system of public relations that have developed in the information sphere and the sphere of information security.

The subject of the research is international legal acts, the content of the Constitution of the Russian Federation, the norms of domestic legislation regulating relations in the field of ensuring information security of the individual, society and the state, as well as the content of legal norms regulating the activities of internal affairs bodies to ensure information security.

Goals and objectives of the study. Based on the analysis and systematization of the current legislation in the information sphere, information security, the dissertation student developed the foundations and introduced scientific and methodological recommendations on the use of legal and organizational tools for ensuring information security both in the activities of the internal affairs bodies and in the educational process.

Within the framework of achieving this goal, the following theoretical and scientific-practical tasks were set and solved: basic concepts, types, content of information as an object of ensuring information security and legal relations were analyzed and refined;

2) systematized the existing directions and proposals for the formation of the legal and organizational foundations of information security, identified and clarified the directions for improving the legal framework in the field of information security, including in the internal affairs bodies;

3) normative legal acts have been systematized and the structure of the current legislation in the information sphere has been formed;

4) the content of the organizational foundations of the activities of the internal affairs bodies to ensure information security has been determined;

5) identified the organizational and legal aspects of the information security system and its structure in the activities of the internal affairs bodies;

6) analyzed and selected the forms and methods of ensuring information security in the internal affairs bodies within the framework of the legal regulation of their application and development.

The methodological basis of the dissertation research is formed by general philosophical methods and principles of materialist dialectics; general scientific methods of comparison, generalization, induction; private scientific methods: system-structural, system-activity, formal-legal, comparative-legal and other research methods.

The normative base of the study is the Constitution of the Russian Federation, normative legal acts of the Russian Federation, including international legislation, norms of various branches of law, departmental regulations.

The scientific novelty of dissertation research is:

In the study of the problem of the development of the legal and organizational foundations for ensuring information security in the internal affairs bodies from the standpoint of the advanced development of the needs of practice and the formation of the information sphere in the context of the widespread introduction of new information technologies and an increase in information threats;

Comprehension of the place and role of constitutional law in the life of Russian society, as well as further perspective its development, within the framework of the state policy of ensuring information security;

Clarification of the system of state legislation in the field of information security;

Implementation of the systematization of regulatory legal acts in the field of information security and the formation of the structure of legislation in the field of information security of the individual, society, state, including internal affairs bodies;

Development of proposals for improving legislation in the field of information security;

Development of organizational and legal components of the information security system in the internal affairs bodies;

Development of scientific and methodological recommendations on the use of legal and organizational training tools for information security in internal affairs bodies and in the educational process when training specialists on the legal basis of information security.

The main provisions for the defense:

1. Definition of the conceptual apparatus on the legal basis of the current legislation in the field of information security, including the concept of information security, which makes it possible to form an idea of ​​information as an object of ensuring information security and legal relations, as well as to formulate security threats.

Information security of internal affairs bodies is a state of security of the information environment, corresponding to the interests of internal affairs bodies, in which their formation, use and development opportunities are ensured, regardless of the impact of internal and external threats.

2. The problem of ensuring information security at the state level presupposes a deeper theoretical and practical understanding of the place and role of constitutional law in the life of Russian society, as well as the further prospects for its development in the following areas:

Improvement of the constitutional legislation "On state states and regimes", in particular in the field of information security, and on this basis the improvement of the legislation of the constituent entities of the Russian Federation in this area;

Priority implementation of the constitutional rights of citizens in the information sphere;

Implementation of a unified state policy in the field of information security, which ensures an optimal balance of interests of subjects in the information sphere and eliminates gaps in constitutional legislation.

3. Proposals to clarify the main directions of the state's activities on the formation of legislation in the information sphere, including the sphere of information security, which are ways to improve the regulatory framework of information legislation and allow to determine the legal basis for the activities of internal affairs bodies in the field of information security. They proceed from the totality of balanced interests of the individual, society and the state in the field of economics, social, internal political, international, informational and other spheres. The following areas are highlighted as priorities:

Compliance with the interests of the individual in the information sphere;

Improvement of legal mechanisms for regulating public relations in the information sphere;

Protection of national spiritual values, moral norms and public morality.

4. It is proposed to improve the structure of legislation in the field of information security, which is a system of interrelated elements, including a set of normative and departmental acts, allowing to visualize a variety of relations in the information sphere and the sphere of information security, the complexity of their regulation.

5. Organizational and legal components of the information security system in the internal affairs bodies, including the content of the organization of their activities (from the standpoint of its legal regulation), represented by the structure of necessary and interrelated elements and including:

Security entities of the Russian Federation;

Objects of information security of internal affairs bodies;

Organization of the activities of the internal affairs bodies;

Forms, methods and means of ensuring information security.

6. The content of the organization of the activities of internal affairs bodies to ensure information security (from the standpoint of its legal regulation), which is a purposeful continuous process in terms of analysis, development, implementation of legal, organizational, technical and other measures related to the field of information security, and also ensuring the rights and legitimate interests of citizens.

The practical significance of the dissertation research is:

In the use of proposals in the development of new normative acts and the improvement of the current legislation in the information sphere of the activities of state authorities of the constituent entities of the Russian Federation, departments, ministries;

Increasing the efficiency of the activities of internal affairs bodies to ensure information security;

Improving the training of specialists in the system of higher vocational education, advanced training of specialists in the field of integrated information protection and legal regulation of information security in the interests of various ministries and departments on the basis of developing a variant of educational and methodological support;

Development of scientific and methodological recommendations on the use of legal and organizational training tools for information security in the educational process, allowing to ensure the required level of training of specialists in the legal framework of information security.

Approbation, implementation of research results and publications.

The theoretical provisions, conclusions, proposals and practical recommendations outlined in this study were reported and discussed at the 8th and 9th International conferences at the Academy of Management of the Ministry of Internal Affairs

Russia "Informatization of law enforcement systems" (Moscow, 1999-2000), Interuniversity regional conference "Universal Declaration of Human Rights: Problems of Improving Russian Legislation and Practice of Its Application" at the Academy of Management of the Ministry of Internal Affairs of Russia (Moscow, 1999) , scientific seminar "Problems of federalism in the development of Russian statehood" and the International scientific-practical conference "Law enforcement in transport: results and prospects", held on the basis of the Oryol Law Institute of the Ministry of Internal Affairs of Russia (Orel, 1999). According to the results of the study, eight scientific papers with a total volume of 8 printed sheets were published.

The structure and volume of the thesis are determined by the logic of the research and consist of an introduction, two chapters, a conclusion of a list of references and an appendix.

The concept and essence of information security

An integral part of the subject of science and scientific research, including the developing scientific direction of information protection and legal regulation of information security, is its conceptual apparatus. Naturally, one of the central concepts in this subject area is the concept of "information" 1, which can be attributed to abstract categories and primary concepts. An analysis of the above concept gives an idea of ​​its understanding in a general systemic, philosophical sense (information is a reflection of the material world) And to the narrowest, technocratic and pragmatic sense (information is all information that is an object of storage, transmission and transformation).

In a number of works, information is understood as certain properties of matter perceived by the control system both from the surrounding external material world and from the processes taking place in the system itself. There is a view of the identifying concepts of "information" and "message", in which information is defined as an essential part of the message for the recipient, and the message is defined as a material carrier of information, one of the specific elements of a finite or infinite set, transmitted through the communication channel and perceived at the receiving end of the system communication with some recipient.

You can to some extent refer to the well-known content of the concept of "information", defined by R. Shannon, where information is called the amount of unpredictable contained in a message. Quantity is a measure of the new that a given message brings into the sphere surrounding the recipient.

The Federal Law "On Information, Informatization and Protection of Information" provides a fairly generalized definition of this concept and its derivatives. So, information is presented as information about objects, objects, phenomena, processes, regardless of the form of their presentation. This generic concept of information is also used to form its derivative definitions used in other regulatory legal acts1. Let's consider some of them in more detail.

Documented information (documents) - information recorded on a material carrier with details that allow it to be identified.

Confidential information - documented information, access to which is limited in accordance with the law.

Mass information - printed, audio messages, audiovisual and other messages and materials intended for an unlimited circle of persons.

Information resources - individual documents and individual arrays of documents, documents and arrays of documents in information systems (libraries, archives, funds, databanks, other types of information systems).

Information products (products) - documented information prepared in accordance with the needs of users and intended or used to meet the needs of users.

State secrets - information protected by the state in the field of its military, foreign policy, economic, intelligence, counterintelligence and operational-search activities, the dissemination of which may harm the security of the Russian Federation.

Computer information - information on a machine medium, in a computer, a computer system or their network. "

Article 128 of the Civil Code defines information as an object of civil legal relations. Analyzing information from these positions, it is necessary to pay attention to the aspect related to the legal protection of information as an object of property rights5. This approach to information is explained by the fact that, on the one hand, the historical and traditional object of property rights is a material object, on the other hand, information, not being a material object of the surrounding world, is inextricably linked with a material carrier: it is a human brain or material carriers alienated from a person. (book, diskette, etc.)

Considering information as a reflection of reality by an object of the surrounding world, we can talk about information as an abstract substance that exists by itself, but for us, neither storage nor transmission of information is possible without a material medium. It is known that information, on the one hand, as an object of ownership is copied (replicated) at the expense of a material carrier1, on the other hand, as an object of ownership it easily moves from one to the next subject of ownership without an obvious (noticeable) violation of ownership of information. But the movement of the material object of the property right is inevitable and, as a rule, entails the loss of this object by the original subject of the property right. At the same time, a violation of his property rights is obvious. It should be noted that a violation of this right takes place only in the case of illegal movement of a particular material object1. The danger of copying and moving information is aggravated by the fact that it is usually alienated from the owner, that is, it is stored and processed in the availability of a large number of subjects who are not subjects of ownership of this information. This includes, for example, automated systems, including networks. A complex system of relationships between the subjects of property rights arises, which determines the ways of their implementation, and, consequently, the directions of the formation of a system of legal protection, which ensure the prevention of violations of property rights to information.

After analyzing the features of information as an object of property rights, we can conclude that the rest of the information is no different from traditional objects of property rights. The analysis of the content of information, including as an object of law, made it possible to identify its main types subject to legal protection (Appendix 1): - information classified as a state secret by authorized bodies on the basis of the RF Law "On state secrets"; - Confidential documented information - the owner of information resources or an authorized person on the basis of the Federal Law "On Information, Informatization and Information Protection"; - personal data.

The main directions of the state's activities to ensure information security

The tendencies of constitutional development are such that they focus on the problem of the nature of constitutional legislation. Along with the currently topical issues of the priority of human rights and freedoms of civil society, the government and its organization, the problem of "state regimes and states" - security (information security as an integral part), defense, state of emergency, etc., comes to the fore. one

The need for constitutional regulation of information security is obvious. After all, the information security of an individual is nothing more than the protection of constitutional human rights and freedoms. And one of the directions of state policy in the field of information security is the observance and implementation of constitutional human and civil rights in this area. First, according to the RF Law "On Security", security is achieved by pursuing a unified state policy in the field of security. Obviously, information security is also achieved through the implementation of the state policy in the field of information security in the Russian Federation. The named policy, in turn, determines the main directions of the state's activities in the area under discussion and deserves some attention.

Secondly, the relevance of the study of the main directions of the state's activity in the area under consideration is due to the following: - the need to develop and improve constitutional legislation that provides an optimal combination of priorities of the interests of the individual, departments and the state as a whole within one of the areas of information security; - improving the activities of the state to implement its functions of ensuring the security of all subjects of information relations; - the need of citizens to protect their interests in the information sphere; - the need to form a unified legal field in the field of information relations. The development of state policy in the field of information security is reflected in the consistent development and development of the National Security Concept of the Russian Federation. Its features are the following provisions: - not a single sphere of life of modern society can function without a developed information structure; - the national information resource is currently one of the main sources of economic and military power of the state; - penetrating into all spheres of state activity, information acquires specific political, material and value expressions; - the issues of ensuring the information security of the Russian Federation as an integral element of its national security are becoming more and more urgent, and the protection of information is turning into one of the priority state tasks; - the system of national interests of Russia in the field of economics, social, domestic political, international, information spheres, in the field of military, border and environmental security is determined by the totality of balanced interests of the individual, society and the state; - the state policy of ensuring the information security of the Russian Federation determines the main directions of the activities of the federal bodies of state power and bodies of state power of the constituent entities of the Russian Federation in this area. The Concept also defines the national interests of Russia in the information sphere1, which are aimed at concentrating the efforts of society and the state in solving the following tasks: - observance of constitutional rights and freedoms of citizens in the field of obtaining information and exchanging it; - protection of national spiritual values, promotion of national cultural heritage, morality and public ethics; - ensuring the right of citizens to receive reliable information; - development of modern telecommunication technologies.

The systematic activity of the state in the implementation of these tasks will allow the Russian Federation to become one of the centers of world development and formation information society providing the needs of the individual, society, the state in the information sphere, including their protection from the destructive effects of information to manipulate the mass consciousness, as well as the necessary protection of the state information resource from the leakage of important political, economic, scientific, technical and military information.

Taking into account the listed provisions, the following principles can be distinguished on which the state policy of ensuring information security of the Russian Federation should be based:

Compliance with the Constitution of the Russian Federation, the legislation of the Russian Federation, generally recognized norms of international law in the implementation of activities to ensure the information security of the country;

Legal equality of all participants in the information interaction process, regardless of their political, social and economic status, based on the constitutional right of citizens to freely search, receive, transfer, produce and disseminate information in any legal way;

Openness, providing for the implementation of the functions of federal bodies of state power and bodies of state power of the constituent entities of the Russian Federation, public associations, including informing the public about their activities, taking into account the restrictions established by the legislation of the Russian Federation;

The priority of the development of domestic modern information and telecommunication technologies, the production of hardware and software that can ensure the improvement of national telecommunication networks, their connection to global information networks in order to comply with the vital interests of the Russian Federation.

Organization of activities of internal affairs bodies to ensure information security

To ensure information security, it is necessary to have appropriate bodies, organizations, departments and ensure their effective functioning. The combination of these bodies constitutes a security system. To identify the features of the organization and activities of internal affairs bodies to ensure information security, we will consider the security system as a whole.

According to the Law of the Russian Federation "On Security", the security system, and therefore information security, is formed by: - ​​legislative, executive and judicial authorities; state, public and other organizations and associations; citizens taking part in ensuring security; - legislation regulating relations in the field of security. The specified law fixes only the organizational structure of the security system. The security system itself is much broader. Its consideration is not possible, since it goes beyond the scope of the dissertation research. Therefore, we will only consider the organizational structure of the security system. The analysis of the current normative legal acts made it possible to single out the following components as subjects of security, representing the organizational structure of the information security system1: - federal government bodies; state authorities of the constituent entities of the Russian Federation; local government bodies solving problems in the field of information security within their competence; - state and interdepartmental commissions and councils specializing in solving information security problems; - structural and intersectoral divisions for the protection of confidential information of state authorities of the Russian Federation, as well as structural divisions of enterprises that carry out work using information classified as state secrets, or specialize in work in the field of information protection; - research, design and engineering organizations performing work to ensure information security; - educational institutions that train and retrain personnel to work in the information security system; - citizens, public and other organizations that have the rights and obligations to ensure information security in the manner prescribed by law;

The main functions of the considered information security system of the Russian Federation are1: - development and implementation of an information security strategy; - creation of conditions for the realization of the rights of citizens and organizations to legally permitted activities in the information sphere; - assessment of the state of information security in the country; identification of sources of internal and external threats to information security; determination of priority directions of prevention, parrying and neutralization of these threats; - coordination and control of the information security system; - organization of the development of federal and departmental programs for information security and coordination of work on their implementation; - pursuing a unified technical policy in the field of information security; - organization of fundamental, search and applied scientific research in the field of information security; - ensuring control over the creation and use of information security means through compulsory licensing of activities in the field of information security and certification of information security means; - implementation of international cooperation in the field of information security, representation of the interests of the Russian Federation in the relevant international organizations.

Analysis of the structure and functions of the information security system, taking into account the existing system of separation of powers, revealed the following: 1) the main purpose of the information security system is to protect the constitutional rights and freedoms of citizens; 2) the state is the main and main subject of information security; 3) the general management of the subjects of information security within the framework of certain powers is carried out by the President of the Russian Federation. Its powers in the field of information security include: - exercising leadership and interaction between government bodies; - control and coordination of the activities of information security bodies; - determination of the vital interests of the Russian Federation in the information sphere; - identification of internal and external threats to these interests; - determination of the main directions of the information security strategy. 4) The Federal Assembly of the Russian Federation forms, on the basis of the Constitution of the Russian Federation, a legislative framework in the field of information security; 5) The Government of the Russian Federation, within the limits of its powers, provides guidance to state bodies for ensuring information security, organizes and controls the development and implementation of measures to ensure information security by ministries and other bodies subordinate to it; 6) judicial authorities are also subjects of information security. They provide judicial protection to citizens whose rights have been violated in connection with information security activities, administer justice in cases of crimes in the information sphere; 7) a special role in ensuring the security of the state, including information security, belongs to the Security Council of the Russian Federation. It is a constitutional body that does not have the status of a federal executive body, but is endowed with sufficient powers in the field of ensuring security. The Security Council is the only advisory body under the President of the Russian Federation, the creation of which is provided for by the current Constitution.

Forms and methods of ensuring information security in internal affairs bodies

The issues of the organization of the protection system considered in the previous paragraph, including the directions of ensuring information security, imply the clarification of the content of the tasks of ensuring information security, methods, means and forms of their solution.

Forms, methods and means are considered through the prism of legal regulation of information security activities, which is inextricably linked with them, and therefore requires clarification and definition of the legal boundaries of their use. In addition, the solution of any theoretical or practical problem is impossible without certain methods - methods and means.

The choice of appropriate methods and means of ensuring information security is proposed to be undertaken within the framework of creating such a system for protecting information that would guarantee the recognition and protection of the fundamental rights and freedoms of citizens; formation and development of the rule of law, political, economic, social stability of society; preservation of national values ​​and traditions.

At the same time, such a system should ensure the protection of information, including information constituting state, commercial, official and other secrets protected by law, taking into account the peculiarities of the protected information in the field of regulation, organization and implementation of protection. Within the framework of this variety of types of protected information, according to the author, the following most general features of the protection of any type of protected information can be distinguished1: - information protection is organized and carried out by the owner or owner of information or persons authorized by him (legal or physical); - the organization of effective protection of information allows the owner to protect their rights to own and dispose of information, to strive to protect it from illegal possession and use to the detriment of his interests; - information protection is carried out by carrying out a set of measures to restrict access to protected information and create conditions that exclude or significantly impede unauthorized, illegal access to protected information and its carriers.

To exclude access to the protected information by unauthorized persons, the owner of the information who protects it, including its classification, establishes certain regime, the rules for its protection, determines the forms and methods of protection. Thus, the protection of information is the proper provision of the circulation of the protected information in a special area limited by regime measures. This is confirmed by a number of approaches of well-known scientists2, who consider information protection as "the regular use of means and methods, the adoption of measures and the implementation of measures in order to systematically ensure the required reliability of information

Taking into account the content of this definition, as well as other definitions of the concept of information protection and the main objectives of information protection highlighted in them, including the prevention of destruction or distortion of information; prevention of unauthorized receipt and reproduction of information, it is possible to highlight the main task of protecting information in the internal affairs bodies. This is the preservation of the secrecy of the protected information.

In the system of complex information protection, the solution to this problem is carried out in relation to the levels of protection and destabilizing factors. And the formation of a relatively complete set of tasks for these groups is carried out on the basis of an analysis of the objective possibilities for the implementation of the set protection goals, which ensure the required degree of information security. Taking into account the considered provisions, the tasks can be divided into two main groups:

1) timely and complete satisfaction of information needs arising in the process of management and other activities, that is, provision of confidential information to specialists of internal affairs bodies;

2) protection of classified information from unauthorized access to it by other subjects.

When solving the first group of tasks - providing specialists with information - it is necessary to take into account that specialists can use both open and confidential information. The provision of open information is not limited by anything other than its actual availability. When providing secret information, there are restrictions that provide for the availability of access to information of the appropriate degree of secrecy and permission to access specific information. An analysis of the current practice and regulatory legal acts that determine the procedure for a specialist's access to relevant information made it possible to identify a number of contradictions. On the one hand, the maximum restriction of access to classified information reduces the likelihood of leakage of this information, on the other hand, for a reasonable and effective solution of official tasks, it is necessary to fully satisfy the needs of a specialist in information. Under normal, non-regime conditions, a specialist has the opportunity to use a variety of information in order to solve the problem facing him. When providing him with classified information, the possibilities of access to it are limited by two factors: his official position and the problem being solved by the specialist at the present time.

The second group of tasks involves the protection of confidential information from unauthorized access to it by unauthorized persons. It is common both for the internal affairs bodies and for all government bodies and includes:

1) protection of the country's information sovereignty and expanding the state's ability to strengthen its power through the formation and management of the development of its information potential;

2) creation of conditions for the effective use of information resources of society and the state;

3) ensuring the security of protected information: preventing theft, loss, unauthorized destruction, modification, blocking of information;

4) maintaining the confidentiality of information in accordance with established rules its protection, including prevention of leakage and unauthorized access to its media, prevention of its copying, modification, etc .;

5) preservation of the completeness, reliability, integrity of information and its arrays and processing programs established by the owner of the information or persons authorized by him.

Send your good work in the knowledge base is simple. Use the form below

Students, graduate students, young scientists who use the knowledge base in their studies and work will be very grateful to you.

Posted on http://allbest.ru

Introduction

1. The main threats to information security arising in the course of the activities of operational units of internal affairs bodies

2. The concept and goals of conducting special checks of objects of informatization; the main stages of the audit

3. Hardware and software-hardware means of data encryption

Conclusion

Bibliography

Introduction

The Federal Law of the Russian Federation "On Information, Informatization and Protection of Information", adopted on January 25, 1995 by the State Duma, defines that "information is information about persons, objects, facts, events, phenomena and processes, regardless of the form of their presentation." Information has a number of features: it is intangible; information is stored and transmitted using physical media; any material object contains information about itself or about another object.

Rapidly developing computer information technologies are making significant changes in our lives. Information has become a commodity that can be purchased, sold, exchanged. Moreover, the cost of information is often hundreds of times higher than the cost of the computer system in which it is stored.

According to one study, about 58% of those surveyed had suffered from computer hacks in the past year. Approximately 18% of those surveyed say they have lost more than a million dollars in attacks, more than 66% have suffered losses in the amount of $ 50 thousand. Over 22% of attacks targeted trade secrets or documents of primary interest to competitors.

The well-being, and sometimes the life of many people, depends on the degree of security of information technologies. Such is the price for the complication and widespread dissemination of automated information processing systems. A modern information system is a complex system consisting of a large number of components of varying degrees of autonomy, which are interconnected and exchange data. Almost every component can be damaged or damaged.

1. The mainthreatsinformationsecurity,emergingvprocessactivitiesoperationalsubdivisionsorgansinternalcases

The development of information and telecommunication technologies has led to the fact that modern society is highly dependent on the management of various processes through computer technology, electronic processing, storage, access and transmission of information. According to the Bureau of Special Technical Measures of the Ministry of Internal Affairs of Russia, more than 14 thousand crimes related to high technologies were recorded last year, which is slightly higher than the year before. Analysis of the current situation shows that about 16% of cybercriminals operating in the "computer" area of ​​crime are young people under the age of 18, 58% - from 18 to 25 years old, and about 70% of them have higher or incomplete higher education ...

At the same time, 52% of the identified offenders had special training in the field of information technology, 97% were employees of state institutions and organizations using computers and information technologies in their daily activities, 30% of them were directly related to the operation of computer equipment.

According to unofficial expert estimates, out of 100% of criminal cases initiated, about 30% go to court, and only 10-15% of the defendants serve their sentences in prison Complex technical control the effectiveness of security measures for control systems in internal affairs bodies // Ed. Chekalina A. - M .: Hot line- Telecom, 2006. Most cases are re-qualified or terminated due to insufficient evidence. The real state of affairs in the CIS countries is a question from the realm of fantasy. Computer crimes refer to crimes with high latency, reflecting the existence in the country of that real situation when a certain part of the crime remains unaccounted for.

A serious threat to the entire world community is posed by the increasingly spreading technological terrorism, part of which is information or cyber terrorism.

The targets of terrorists are computers and specialized systems created on their basis - banking, stock exchange, archival, research, management, as well as means of communication - from direct television broadcasting and communication satellites to radio telephones and pagers.

The methods of information terrorism are completely different from the traditional ones: not the physical destruction of people (or its threat) and the elimination of material assets, not the destruction of important strategic and economic objects, but a large-scale disruption of the operation of financial and communication networks and systems, partial destruction of economic infrastructure and the imposition of power structures of your will.

The threat of information terrorism is growing immeasurably in the context of globalization, when telecommunications are acquiring an exclusive role.

In the context of cyber terrorism, a possible model of terrorist impact will have a "three-stage" appearance: the first stage is the advancement of political demands with a threat, if they are not met, to paralyze the entire economic system of the country (at least, that part of it that uses computer technology in its work), the second is to carry out a demonstration attack on the information resources of a sufficiently large economic structure and paralyze its action, and the third is to repeat the demands in a more severe form, relying on the effect of a demonstration of force.

A distinctive feature of information terrorism is its cheapness and complexity of detection. The Internet system, which linked computer networks around the planet, changed the rules for modern weapons. The anonymity provided by the Internet allows a terrorist to become invisible, as a result, practically invulnerable and not risking anything (first of all, his life) during a criminal action.

The situation is aggravated by the fact that crimes in the information sphere, including cyber terrorism, entail significantly less punishment than for the implementation of "traditional" terrorist acts. In accordance with the Criminal Code of the Russian Federation (Art.273), the creation of computer programs or changes to existing programs that knowingly lead to unauthorized destruction, blocking, modification or copying of information, disruption of the operation of computers, computer systems or their networks, as well as the use of or distribution of such programs or machine media containing such programs is punishable by up to seven years' imprisonment. For comparison, in the United States, laws punish unauthorized entry into computer networks with imprisonment for up to 20 years.

The basis for providing effective fight with cyber terrorism is the creation of an effective system of interrelated measures to identify, prevent and suppress such activities. Various anti-terrorist bodies are working to combat terrorism in all its manifestations. The developed countries of the world pay special attention to the fight against terrorism, considering it to be almost the main danger to society.

Threats to the country's information security, the sources of which are modern crime, criminal national and transnational communities, in their totality and scale of impact, covering the entire territory of the country and affecting all spheres of life of society, make it necessary to consider the struggle between organized crime and law enforcement agencies called upon to resist it, primarily , by the internal affairs bodies, as an information war, the main form of waging which and its specific content are information warfare using information and computing and radio equipment, means of radio intelligence, information and telecommunication systems, including space communication channels, geoinformation systems and other information systems, complexes and funds.

In the conditions of the current state of crime, it is impossible to ensure information security in the activities of the internal affairs bodies only on the basis of the use of protective means and mechanisms. In these conditions, it is necessary to conduct active offensive (combat) actions using all types of information weapons and other offensive means in order to ensure superiority over crime in the information sphere Smirnov A. A. Ensuring information security in the context of the virtualization of society. - M .: Unity-Dana, 2012.

The emergence and development of new large-scale phenomena in the life of the country and society, new threats to national security from the criminal world, which has at its disposal modern information weapons, and new conditions for the implementation of operational and service activities of the internal affairs bodies, determined by the needs of waging information war with national and transnational basically organized crime, determine the need for appropriate legislative, state-legal regulation of relations in the field of information security of the state in general and the internal affairs bodies in particular.

The main measures of a state-legal nature to ensure information security, carried out, among other things, by the internal affairs bodies, are proposed to include: the formation of a regime and protection in order to exclude the possibility of secret penetration into the territory where information resources are located; determination of methods of working with employees in the selection and placement of personnel; work with documents and documented information, including the development and use of documents and media of confidential information, their accounting, execution, return, storage and destruction; determining the order of use technical means collection, processing, accumulation and storage of confidential information; creation of a technology for analyzing internal and external threats to confidential information and developing measures to ensure its protection; systematic control over the work of personnel with confidential information, the procedure for accounting, storage and destruction of documents and technical media.

Analysis of the current Russian legislation in the field of information security and the state information protection system allows us to highlight the most important powers of the internal affairs bodies in the field of ensuring the information security of the state: repelling information aggression directed against the country, comprehensive protection of information resources, as well as the information and telecommunications structure of the state; prevention and resolution of international conflicts and incidents in the information sphere; prevention and suppression of crimes and administrative offenses in the information sphere; protection of other important interests of the individual, society and the state from external and internal threats.

Legal protection of information as a resource is recognized at the international and state levels. At the international level, it is determined by interstate treaties, conventions, declarations and is implemented by patents, copyright and licenses for their protection. At the state level, legal protection is regulated by state and departmental acts.

The main directions of the development of Russian legislation in order to protect the information of the internal affairs bodies should be attributed to:

Legislative consolidation of the mechanism for classifying information infrastructure objects of internal affairs bodies as critical and ensuring their information security, including the development and adoption of requirements for hardware and software used in the information infrastructure of these objects;

Improvement of the legislation on operational-search activities in terms of creating the necessary conditions for conducting operational-search activities in order to identify, prevent, suppress and disclose computer crimes and crimes in the field high technology; strengthening control over the collection, storage and use of information about the private life of citizens, information constituting personal, family, official and commercial secrets by the internal affairs bodies; clarification of the composition of operational-search measures;

Strengthening responsibility for crimes in the field of computer information and clarifying the elements of crimes, taking into account the European Convention on Cyber ​​Crime;

Improvement of criminal procedural legislation in order to create conditions for law enforcement agencies, ensuring the organization and implementation of operational and effective crime prevention, carried out using information and telecommunication technologies to obtain the necessary evidence. Rastorguev S.P. Fundamentals of information security - Moscow: Academy, 2009.

Organizational and managerial measures are a decisive link in the formation and implementation of comprehensive information protection in the activities of internal affairs bodies.

When processing or storing information, the internal affairs bodies, within the framework of protection against unauthorized access, are recommended to carry out the following organizational measures: identification of confidential information and its documentation in the form of a list of information to be protected; determination of the procedure for establishing the level of authority of the subject of access, as well as the circle of persons to whom this right is granted; establishment and execution of access control rules, i.e. a set of rules governing the access rights of subjects to protected objects; familiarization of the subject of access with the list of protected information and its level of authority, as well as with organizational, administrative and working documentation that defines the requirements and procedure for processing confidential information; receiving from the access object a receipt on non-disclosure of confidential information entrusted to it.

In accordance with the Law of the Russian Federation "On the Police", the competence of the Ministry of Internal Affairs of Russia includes the functions of forming nationwide reference and information funds for operational and forensic accounting. The performance of these functions is carried out by information and technical units of the services of the Ministry of Internal Affairs of Russia in cooperation with units of the criminal police, public security police, penitentiary institutions, other law enforcement agencies, government agencies and organizations in charge of public safety issues, as well as law enforcement agencies (police) of other states.

Information interaction in the field of combating crime is carried out within the framework of the laws of the Russian Federation "On operational and investigative activities", "On security", "On accounting and accounting activities in law enforcement agencies", current criminal and criminal procedural legislation, international agreements of the Ministry of Internal Affairs of Russia in the sphere of information exchange, Regulations on the Ministry of Internal Affairs of Russia, orders of the Minister of Internal Affairs of Russia.

Research has shown that the conceptual provisions for ensuring information security of law enforcement agencies should include requirements for the transition to a unified legal framework governing the use of information in the fight against crime. At the same time, in the system of the Ministry of Internal Affairs, instead of a large group of departmental acts, it is proposed to introduce three groups of normative legal documents on information support: common use; sectoral, along the lines of services; regulatory and legal documentation of the local level of government on local applied problems of information support of the territorial body of internal affairs.

2. The concept and goals of conducting special checks of objects of informatization; the main stages of the audit

The object of informatization is a set of informatization tools together with the premises in which they are installed, intended for processing and transferring protected information, as well as dedicated premises Partyka T.L., Popov I.I.Information security - M .: Forum, 2012.

Informatization means - means computing technology and communications, office equipment designed to collect, accumulate, store, search, process data and issue information to the consumer.

Computer facilities - electronic computing machines and complexes, personal electronic computers, including software, peripheral equipment, data teleprocessing devices.

Object of computer technology (VT) - a stationary or mobile object, which is a complex of computer technology, designed to perform certain functions of information processing. Computer facilities include automated systems (AS), automated workstations (AWPs), information computing centers (ICCs) and other complexes of computer technology.

The objects of computing technology can also include individual means of computing technology that perform independent functions of information processing.

Allocated room (VP) - a special room designed for meetings, conferences, conversations and other events of a speech nature on secret or confidential issues.

Activities of a speech nature can be carried out in dedicated rooms with the use of technical means of processing speech information (TSOI) and without them.

Information processing technical means (ICT) is a technical means intended for receiving, storing, searching, transforming, displaying and / or transmitting information through communication channels.

The ICT includes computer facilities, communication facilities and systems for recording, amplification and reproduction of sound, intercom and television devices, means for the production and reproduction of documents, cinema projection equipment and other technical means associated with the reception, accumulation, storage, search, transformation, display and / or transmission of information via communication channels.

Automated system (AC) - a set of software and hardware designed to automate various processes associated with human activities. In this case, a person is a link in the system.

A special check is a check of a technical means of information processing carried out with the aim of finding and removing special electronic embedded devices (hardware tabs).

Certificate of a protected object - a document issued by a certification body or other specially authorized body confirming the existence of necessary and sufficient conditions at the protected object to fulfill the established requirements and standards of information protection efficiency.

Allocated premises certificate - a document issued by an attestation (certification) body or other specially authorized body confirming the existence of the necessary conditions to ensure reliable acoustic protection of the allocated premises in accordance with the established rules and regulations.

A prescription for operation is a document containing requirements for ensuring the security of a technical means of information processing during its operation.

A certification test program is a mandatory, organizational and methodological document that establishes the object and objectives of the test, the types, sequence and scope of experiments conducted, the procedure, conditions, place and timing of tests, provision and reporting on them, as well as responsibility for ensuring and conducting tests.

A certification test procedure is a mandatory organizational methodological document that includes a test method, test means and conditions, sampling, and an algorithm for performing operations. By determining one or several interrelated characteristics of the security of the object of the form of data presentation and assessment of the accuracy, reliability of the results.

Certification test report - a document containing the necessary information about the test object, the methods used, means and test conditions, as well as a conclusion on the test results, drawn up in the prescribed manner.

Basic technical means and systems (OTSS) - technical means and systems, as well as their communications, used for processing, storage and transmission of confidential (secret) information.

OTSS may include means and systems of informatization (computer technology, automated systems of various levels and purposes based on computer technology, including information and computing complexes, networks and systems, means and systems for communication and data transmission), technical means of receiving, transmission and processing of information (telephony, sound recording, sound amplification, sound reproduction, intercom and television devices, means of production, duplication of documents and other technical means of processing speech, graphic video, semantic and alphanumeric information) used for processing confidential (secret) information.

Auxiliary technical means and systems (ATSS) - technical means and systems not intended for transmission, processing and storage of confidential information, installed together with OTSS or in dedicated premises.

These include:

Various types of telephone facilities and systems;

Means and systems for data transmission in a radio communication system;

Security and fire alarm systems and equipment;

Means and systems of warning and signaling;

Control and measuring equipment;

Air conditioning facilities and systems;

Means and systems of a wired radio broadcasting network and reception of radio broadcasting and television programs (subscriber loudspeakers, radio broadcasting systems, televisions and radio receivers, etc.);

Means of electronic office equipment Velichko M.Yu. Information security in the activities of internal affairs bodies. - M .: Publishing house INION RAN, 2007.

Based on the results of certification tests in various areas and components, test reports are drawn up. On the basis of the protocols, a Conclusion is adopted based on the results of certification with a brief assessment of the compliance of the informatization object with information security requirements, a conclusion about the possibility of issuing a "Certificate of Compliance" and the necessary recommendations. If the object of informatization complies with the established requirements for information security, a Certificate of Conformity is issued for it.

Re-certification of the object of informatization is carried out in the case when changes were made at the recently certified object. These changes may include:

Changing the location of OTSS or VTSS;

Replacement of OTSS or VTSS with others;

Replacement of technical means of information protection;

Changes in the installation and laying of low-current and salt cable lines;

Unauthorized opening of sealed OTSS or VTSS cases;

Repair and construction works in dedicated premises, etc. Partyka T.L., Popov I.I.Information security - M .: Forum, 2012.

If it is necessary to re-certification of the object of informatization, re-certification is carried out, according to a simplified program. The simplifications are that only the elements that have undergone changes are tested.

3. Hardware and software-hardware means of data encryption

Any computer system (CS) uses standard and specialized equipment and software that performs a certain set of functions: user authentication, differentiation of access to information, ensuring the integrity of information and its protection from destruction, encryption and electronic digital signature, etc. information security crypto protection

Integrity and restriction of access to information is ensured by specialized system components using cryptographic protection methods. In order for a computer system to be fully trusted, it must be certified, namely:

- define the set of functions performed;

- to prove the finiteness of this set;

- to determine the properties of all functions Gafner V.V. Information security - Rostov on Don: Phoenix, 2010.

Note that during the operation of the system, it is impossible for new function, including as a result of performing any combination of functions specified during development. Here we will not dwell on the specific composition of functions, since they are listed in the corresponding guidance documents of the Federal Agency for Government Communications and Information (FAPSI) and the State Technical Commission (SCC) of Russia.

When using the system, its functionality should not be violated, in other words, it is necessary to ensure the integrity of the system at the time of its launch and during its operation.

The reliability of information protection in a computer system is determined by:

- a specific list and properties of the functions of the COP;

- methods used in the functions of the CS;

- the way to implement the functions of the COP.

The list of functions used corresponds to the security class assigned by the KC during the certification process, and, in principle, is the same for systems of the same class. Therefore, when considering a specific CS, attention should be paid to the methods used and the way of implementing the most important functions: authentication and system integrity check. Here, preference should be given to cryptographic methods: encryption (GOST 28147-89), electronic digital signature (GOST 34.10-94) and hashing function (GOST 34.11-94), the reliability of which has been confirmed by the relevant government organizations.

Most of the functions of modern CS are implemented in the form of programs, maintaining the integrity of which at system startup and especially during operation is a difficult task. A significant number of users, to one degree or another, have knowledge of programming, are aware of errors in construction operating systems... Therefore, there is a fairly high probability that they will use their existing knowledge to "attack" software.

First of all, encryption devices of the pre-computer era should be attributed to hardware cryptographic information security tools to preserve historical justice. This is Aeneas's tablet, Alberti's encryption disk, and, finally, disk encryption machines. The most prominent representative of disk encryption machines was the Enigma encoder from the Second World War. Modern cryptographic protection tools cannot be strictly classified as hardware, it would be more correct to call them hardware-software, however, since their software part is not controlled by the OS, in the literature they are often called hardware. The main feature of hardware cryptographic information protection tools is the hardware implementation (through the creation and use of specialized processors) of the main cryptographic functions - cryptographic transformations, key management, cryptographic protocols, etc.

Cryptographic information security hardware and software combine flexibility software solution with the reliability of hardware Velichko M.Yu. Information security in the activities of internal affairs bodies. - M .: Publishing house INION RAN, 2007. At the same time, due to the flexible software shell, you can quickly change user interface, the final functions of the product, to make its final settings; and the hardware component makes it possible to protect the algorithm of the cryptographic primitive from modification, to ensure high security of the key material and often a higher speed of operation.

Here are some examples of hardware-software cryptographic information protection tools:

The use of hardware removes the problem of ensuring the integrity of the system. Most modern tamper protection systems use firmware flashing in ROM or a similar microcircuit. Thus, in order to make changes to the software, it is necessary to access the corresponding board and replace the microcircuit. In the case of using a universal processor, the implementation of such actions will require the use of special equipment, which will further complicate the attack. The use of a specialized processor with the implementation of the operation algorithm in the form integrated circuit completely removes the problem of violation of the integrity of this algorithm.

In practice, the functions of user authentication, integrity checks, and cryptographic functions that form the core of the security system are often implemented in hardware, while all other functions are implemented in software.

Conclusion

Threat - a set of conditions and factors that create a potential or real threat of violation of confidentiality, availability and (or) integrity of information.

If we talk about threats of an information and technical nature, we can highlight such elements as theft of information, malware, hacker attacks, SPAM, employee negligence, hardware and software failures, financial fraud, and theft of equipment.

According to statistics for these threats, the following data can be cited (based on research conducted in Russia by InfoWath): Information theft - 64%, Malicious software - 60%, Hacker attacks - 48%, Spam - 45%, Employee negligence - 43 %, Hardware and software failures - 21%, Theft of equipment - 6%, Financial fraud - 5%.

As you can see from the above data, theft of information and malware is the most common.

Knowledge of the main methods of committing and preventing computer crimes, methods of combating computer viruses, as well as modern methods of information protection is necessary for the development of a set of measures to ensure the protection of automated information systems of internal affairs bodies.

All this will help to increase the efficiency of the internal affairs bodies as a whole.

Listliterature

1. Velichko M.Yu. Information security in the activities of internal affairs bodies. - M .: Publishing house of INION RAN, 2007 .-- 130 p.

2. Gafner V. V. Information security - Rostov on Don: Phoenix, 2010 - 336 p.

3. Gorokhov PK Information security. - M .: Radio and communication, 2012 - 224 p.

4. Comprehensive technical control of the effectiveness of security measures of control systems in the internal affairs bodies // Ed. Chekalina A. - M .: Hot Line - Telecom, 2006 - 528 p.

5. Partyka T. L., Popov I. I. Information security - M .: Forum, 2012 - 432 p.

6. Rastorguev SP Fundamentals of information security - Moscow: Academy, 2009 - 192 p.

7. Smirnov A. A. Ensuring information security in the context of the virtualization of society. - M .: Unity-Dana, 2012 - 160 p.

8. Teplyakov AA, Orlov AV Fundamentals of security and reliability of information systems - Minsk: Academy of Management under the President of the Republic of Belarus, 2010 - 310 p.

Posted on Allbest.ru

...

Similar documents

The concept and goals of conducting special checks of objects of informatization and its main stages. Vulnerability of computer systems, the concept of unauthorized access, its classes and types. Vulnerability of the main structural and functional information elements.

test, added 11/25/2009


Basic concepts in the field of information security. The nature of actions that violate the confidentiality, reliability, integrity and availability of information. Threats implementation methods: disclosure, information leakage and unauthorized access to it.

presentation added 07/25/2013


Types of information security threats. The main directions and measures for the protection of electronic information. Attacking means of information influence. Information crime, terrorism. Protective actions related to information security.

abstract, added on 12/27/2011


Legal basis for the protection of personal data. Classification of information security threats. Personal data base. Enterprise LAN device and threats. Basic software and hardware protection for personal computers. Basic security policy.

thesis, added 06/10/2011


State policy in the formation of information resources. Selection of a complex of information security tasks. System of projected software and hardware for information security and information protection of the enterprise.

term paper added 04/23/2015


Methods for analyzing threats to information security at objects of informatization of internal affairs bodies. Identification of the main ways to implement information leakage. Development of a threat model. Algorithm for choosing the optimal means of engineering and technical data protection.

term paper, added 05/19/2014


Information security, its goals and objectives. Information leakage channels. Software and hardware methods and means of protecting information from unauthorized access. A model of threats to the security of information processed at a computer facility.

thesis, added 02/19/2017


The essence of the concept of "information security". Security model categories: confidentiality; integrity; availability. Information security and the Internet. Information security methods. The main tasks of anti-virus technologies.

test, added 06/11/2010


Information security objectives. Sources of the main information threats for Russia. The importance of information security for various specialists from the standpoint of the company and stakeholders. Methods for protecting information from deliberate information threats.

presentation added on 12/27/2010


The concept of "information needs" and "new information technology". Modern technological solutions in the field of informatization of objects of the agro-industrial complex. Efficiency of organizational support of the Automated workplace.

Ways to increase the level of information security in the AU

Legal and moral-ethical means

These tools determine the rules for handling information and the responsibility of subjects of information relations for their observance.

Legislative and moral-ethical countermeasures are universal in the sense that they are fundamentally applicable for all channels of penetration and NSD To AS and information. In some cases, they are the only applicable, such as when protecting open information from illegal duplication or protection from abuse of official position when working with information.

Let us consider the well-known statement that the creation of an absolute (that is, ideally reliable) protection system in practice is fundamentally impossible.

Even with the assumption of the possibility of creating absolutely reliable physical and technical means of protection that block all channels that need to be closed, there is always the possibility of influencing the system personnel who take the necessary actions to ensure the correct functioning of these means (administrator AS, security administrator, etc.). Together with the very means of protection, these people form the so-called "security core". In this case, the resilience of the security system will be determined by the resilience of personnel from the core of the security of the system, and it can be increased only through organizational (personnel) measures, legislative and moral and ethical measures. But, even with perfect laws and pursuing an optimal personnel policy, it will still not be possible to completely solve the problem of protection. Firstly, because it is unlikely that it will be possible to find personnel in whom one could be absolutely confident, and in respect of which it would be impossible to take actions forcing them to violate the prohibitions. Secondly, even an absolutely reliable person can commit an accidental, unintentional violation.

The objects of informatization in the internal affairs bodies include computer technology, automated systems of various levels and purposes based on computer technology, including information and computing complexes, networks and communication systems, data transmission and software, technical means of receiving, transmitting and processing information (telephony, sound recording, sound reinforcement, sound reproduction, intercom and television devices, means of production, duplication of documents and other technical means of processing speech, graphic, video, semantic and alphanumeric information), as well as office premises intended for holding meetings, meetings of working groups, conferences, discussions and negotiations on official matters.

It should be noted that the direct head of the department, at whose disposal is located this object... The implementation of technical measures to protect the object of informatization is entrusted to the units of technical protection.

The internal affairs bodies are constantly developing and modernizing information security tools, expanding opportunities, increasing the reliability of new tools. To date, the internal affairs bodies operate complexes for the protection of both speech and computer information of domestic production.

Depending on the form and content, external and internal threats to objects of technical protection of information are distinguished.

External security includes protection from natural disasters (fire, flood, etc.), from intruders from the outside entering the system in order to steal, gain access to information or disable the system.

With regard to the internal affairs bodies, external threats include the activities of foreign intelligence services, criminal communities, individuals, as well as commercial and non-commercial enterprises and organizations that have the ability to provide unauthorized access to information in any form.

It is not without reason that external threats also include the impact of malicious programs, the actions of which are aimed at disrupting the performance of the AU.

Security internal security AS focuses on creating reliable and convenient mechanisms for regulating the activities of all its legitimate users and service personnel in order to force them to unconditionally comply with the discipline of access to system resources (including information) established in the organization. Internal security also includes user training with mandatory knowledge testing, various organizational measures, etc.

Among internal threats to objects of technical protection of information, such as information leakage through channels related to work technical devices and software, as well as information leakage through channels associated with the actions of people, which may be due to the failure to comply with a set of required organizational and technical measures to protect information at informatization facilities.

The emergence of a technical channel for information leakage depends on its type. Among them, a group of channels can be distinguished that are associated with speech information and information processed by computer systems:

1) side electromagnetic radiation from technical means and information transmission lines (for example, radiation from a monitor based on a PC cathode-ray tube or disk drives);

2) viewing and copying information from display screens using optical means;

3) signals caused by the impact on technical means of high-frequency signals from reconnaissance equipment;

4) special electronic devices interception of information ("bookmarks");

5) acoustic radiation of a speech signal or a signal caused by the operation of technical means of information processing (for example, a teletypewriter, a printer);

6) vibration signals that arise during the transformation from acoustic when it is exposed to building structures and engineering communications of premises.

It is planned to consider in more detail and specifically various aspects of ensuring information security of internal affairs bodies within the framework of other topics of the discipline.