Information security of internal affairs bodies. Fundamentals of information security Characteristics of information security means in OVD

Fundamentals of Information Security

Introduction

National security is the state of protection of the vital interests of the individual, society and the state from internal and external threats.

Vital interests are a set of needs, the satisfaction of which reliably ensures the existence and opportunities for the progressive development of the individual, society and the state.

Security threat - a set of conditions and factors that create a threat to the vital interests of the individual, society and the state.

Ensuring security is a unified state policy, a system of measures of an economic, political, law-making (other) nature, adequate to the threats to the vital interests of the individual, society and the state.

Security protection - direct impact on the object of protection.

Security protection - a set of ensuring and protecting security measures.

Information security is the state of protection of the country's national interests (the country's national interests are vital interests based on a balanced basis) in the information sphere from internal and external threats.

That is why information security issues are relevant especially recently.

The purpose and objectives of the work is a detailed study of individual aspects of information security.

1 Types and content of threats to information security

Sources of threats to the information security of the Russian Federation are divided into external and internal. External sources include:

activities of foreign political, economic, military, intelligence and information structures directed against the interests of the Russian Federation in the information sphere;
the desire of a number of countries to dominate and infringe on Russia's interests in the global information space, to oust it from the external and internal information markets;
aggravation of international competition for the possession of information technologies and resources;
activities of international terrorist organizations;
increasing the technological gap between the leading powers of the world and building up their capabilities to counter the creation of competitive Russian information technologies;
activities of space, air, sea and ground technical and other means (types) of reconnaissance of foreign states;
the development by a number of states of concepts of information wars, providing for the creation of means of dangerous influence on the information spheres of other countries of the world, disruption of the normal functioning of information and telecommunication systems, the safety of information resources, obtaining unauthorized access to them 1 .

Internal sources include:

the critical state of domestic industries;
an unfavorable crime situation, accompanied by tendencies for the merging of state and criminal structures in the information sphere, for criminal structures to gain access to confidential information, increase the influence of organized crime on the life of society, reduce the degree of protection of the legitimate interests of citizens, society and the state in the information sphere;
insufficient coordination of the activities of federal government bodies, government bodies of the constituent entities of the Russian Federation in the formation and implementation of a unified state policy in the field of ensuring information security of the Russian Federation;
insufficient elaboration of the regulatory legal framework governing relations in the information sphere, as well as insufficient law enforcement practice;
underdevelopment of civil society institutions and insufficient state control over the development of the information market in Russia;
insufficient funding of measures to ensure information security of the Russian Federation;
insufficient economic power of the state;
decrease in the efficiency of the education and training system, insufficient number of qualified personnel in the field of information security;
insufficient activity of federal bodies of state power, bodies of state power of the constituent entities of the Russian Federation in informing society about their activities, in explaining decisions made, in the formation of open state resources and the development of a system of access to them for citizens;
Russia's lag behind the leading countries in the world in terms of informatization of federal government bodies, government bodies of the constituent entities of the Russian Federation and local government bodies, the credit and financial sphere, industry, agriculture, education, healthcare, the sphere of services and everyday life of citizens 2 .

2 Technical implementation of the ATS information security concept

The information used in the internal affairs bodies contains information about the state of crime and public order in the serviced territory, about the bodies and units themselves, their forces and means. In the duty units, operatives, district police inspectors, investigators, employees of forensic departments, passport and visa machines, and other divisions, on primary registration documents, in accounting logs and on other media, arrays of data for operational search and operational reference purposes are accumulated, which contain information:

about offenders and criminals;
about the owners of motor vehicles;
about the owners of firearms;
about events and facts of a criminal character, offenses;
about stolen and confiscated things, antiques;
as well as other information to be stored.

Services and divisions of the internal affairs bodies are characterized by the data:

about the forces and means at the disposal of the body;
on the results of their activities.

The above information is used when organizing the work of units and taking practical measures to combat crime and delinquency.

In the information support of the internal affairs bodies, the central place is occupied by records, which are used to register primary information about crimes and the persons who committed them.

Accounting Is a system for registering and storing information about persons who have committed crimes, about the crimes themselves and related facts and objects.

Accounting for crimes subordinate to the Ministry of Internal Affairs of Russia covers 95% of criminal manifestations and gives a fairly complete picture of the operational situation in the country and its regions.

In Russia as a whole, in recent years, with the help of the information contained in the records, from 19 to 23% of crimes committed, or almost every fourth of the total, have been disclosed through the criminal investigation.

In the USSR, in 1961, the Instructions for registration in the internal affairs bodies were introduced. Under the Ministry of Internal Affairs of the USSR in 1971, the Main Scientific Information Center for Information Management (GNITSUI) was created, later renamed into the Main Information Center (GIC), and information centers (IC) were created in the Ministry of Internal Affairs and the Internal Affairs Directorate.

The main information center is the largest bank of operational reference and search information in the system of the Ministry of Internal Affairs of Russia. It is entrusted with the task of providing bodies and institutions of internal affairs with various information - statistical, search, operational reference, forensic, production and economic, scientific and technical, archival. These are unique, multidisciplinary centralized arrays of information, with a total of about 50 million accounting documents.

In the surname operational reference file on convicted persons, more than 25 million accounting documents are concentrated, and in the fingerprint file - 17 million GIC has a unique database on computer media containing statistical reports of the Ministry of Internal Affairs, GUVD, ATC, UVTD on 50 forms for the period from 1981 to 1992 and in retrospect until 1974 3 .

Information centers of the Ministry of Internal Affairs and the Internal Affairs Directorate are the most important link in the information support system of the internal affairs bodies of the Russian Federation. They bear the main burden in providing information support to the internal affairs bodies in the disclosure and investigation of crimes, and the search for criminals.

Information centers are the main subdivisions in the system of the Ministry of Internal Affairs, the Internal Affairs Directorate, the Internal Affairs Directorate in the field of informatization: providing statistical, operational reference, operational investigative, forensic, archival and other information, as well as computerization and construction of regional information and computer networks and integrated data banks. Information centers perform their duties in close cooperation with the departments of the Ministry of Internal Affairs, the Internal Affairs Directorate, the Internal Affairs Directorate and the Gorrailin organs, as well as the Main Information Center of the Ministry of Internal Affairs of Russia.

With the help of the accounts, information is obtained that helps in the disclosure, investigation and prevention of crimes, the search for criminals, the identification of unknown citizens and the ownership of the seized property. They are formed in the municipal authorities, the IC of the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate according to the territorial (regional) principle and form the federal accounts of the Main Information Center of the Ministry of Internal Affairs of Russia. In addition, registrations are available in passport machines.

Along with the records in the internal affairs bodies, forensic centralized collections and card indexes are maintained, which are created and stored in the forensic expert centers (ECC) of the Ministry of Internal Affairs of Russia (federal) and forensic departments (ECU) of the Ministry of Internal Affairs, GUVD, ATC (regional). The EKU and EKC collections and filing cabinets are focused primarily on ensuring the detection and investigation of crimes.

The operational reference, search and forensic information accumulated in records, collections and card files is called criminal information.

Accounting is classified according to functional and object characteristics.

Functionally, the accounts are divided into three groups: operational reference, search, forensic.

On the basis of the object, the accounts are divided into persons, crimes (offenses), objects.

The main operational reference and search information is formed in the city railing authorities. Part of it settles on the spot, and the other is sent to the IC and GIC to form a single data bank.

The information base of the Ministry of Internal Affairs system is built on the principle of centralized accounting. It is made up of operational reference, search and forensic records and card indexes, concentrated in the Main Information Center of the Ministry of Internal Affairs of Russia and the Information Center of the Ministry of Internal Affairs, ATC, UVDT, and local records of Gorrailin organs. In general, their arrays are estimated at about 250-300 million accounting documents.

Centralized operational reference, forensic and search records have the following information about Russian citizens, foreigners and stateless persons:

conviction, place and time of serving the sentence, date and grounds for release;
movement of convicts;
death in places of imprisonment, change of sentence, amnesty, number of the criminal case;
place of residence and place of work prior to conviction;
detention for vagrancy;
blood group and fingerprint formula of convicts.

Fingerprint registration makes it possible to establish the identity of criminals, arrested, detained, as well as unknown sick and unidentified corpses. Fingerprint card indexes have 18 million fingerprint cards. They receive over 600 thousand requests, for which about 100 thousand recommendations are issued. The information in the files contributed to the disclosure of crimes or the identification of a person in 10 thousand cases. Currently, these are mainly hand-held filing cabinets. 4 .

The accounts of the internal affairs bodies, depending on the method of information processing, are divided into three types: manual, mechanized, automated.

Automated records consist of a number of automated information retrieval systems (AIPS). The accumulation and processing of criminal information with the help of AIPS is carried out in regional banks of criminal information (RBKI).

In accordance with the new tasks, the GIC of the Ministry of Internal Affairs of Russia in November 2004 was transformed into the Main Information and Analytical Center of the Ministry of Internal Affairs of Russia. In the system of internal affairs bodies, the Main Information and Analytical Center (GIAC) of the Ministry of Internal Affairs of Russia is the head organization in the following areas:

information support with statistical, operational and reference, investigative, forensic, archival and scientific and technical information;
operational-analytical and information support of operational-search activity, as well as information interaction for the exchange of operational information with other subjects of operational-search activity;
planning, coordination and control of the processes of creation, implementation, use, development in the system of the Ministry of Internal Affairs of Russia of modern information technologies, automated information systems of general use and operational-investigative nature, integrated public data banks, computer equipment and system software for them;
maintenance and development of the Unified system of classification and coding of technical, economic and social information.

The main tasks of the GIAC of the Ministry of Internal Affairs of Russia are:

providing the leadership of the Ministry, subdivisions of the system of the Ministry of Internal Affairs of Russia, government bodies of the Russian Federation, law enforcement agencies of other states with statistical information on the state of crime and the results of operational and service activities of internal affairs bodies, as well as operational reference, search, forensic, archival, scientific technical and other information;
formation in the internal affairs bodies of a unified system of statistical, operational reference, investigative, forensic accounting, automated data banks of centralized accounting, all-Russian and sectoral classifiers of technical, economic and social information;
creation, implementation and development of modern information technologies in the system of the Ministry of Internal Affairs of Russia in order to increase the efficiency of using the accounts by the internal affairs bodies;
control over the activities of the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate of the constituent entities of the Russian Federation, the UVDT in terms of the timely submission, completeness and reliability of informationin statistical, operational reference, investigative, forensic, operational and other records, the maintenance of which is attributed to the competence of information divisions of the internal affairs bodies;
pursuing a unified scientific and technical policy within the framework of the development of the information and computing system of the Ministry of Internal Affairs of Russia;
coordination and support of activities for the implementation in the internal affairs bodies and internal troops of the Ministry of Internal Affairs of Russia of the legislation of the Russian Federation on archival affairs and on the rehabilitation of citizens who have been subjected to political repression in the administrative order;
organizational and methodological guidance and provision of practical assistance to subdivisions of the system of the Ministry of Internal Affairs of Russia, the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate of the constituent entities of the Russian Federation on issues related to the competence of the GIAC.

To implement the assigned tasks, the GIAC of the Ministry of Internal Affairs of Russia carries out:

formation and maintenance of centralized operational reference, investigative and forensic records, automated data banks of centralized records, the Interstate Information Bank - within the framework of agreements concluded between law enforcement agencies; databases of statistical information on the state of crime and the results of the fight against it;
collection, accounting and analysis of operational information; information and analytical support of operational and search activities of operational units of the Ministry of Internal Affairs of Russia. Providing operational and analytical materials to the leadership of the Ministry and operational units of the Ministry of Internal Affairs of Russia;
formation and maintenance of records of persons declared on the federal and interstate wanted list, preparation and distribution to the internal affairs bodies of the Russian Federation and other states in accordance with the established procedure of materials on the announcement and termination of the search, bulletins of operational-search information and collections of orientations;
establishing, at the request of the NCB of Interpol under the Ministry of Internal Affairs of Russia, the Ministry of Foreign Affairs of Russia, the Central Committee of the Russian Red Cross Society, the location (fate) of foreign citizens (subjects) and stateless persons arrested and convicted on the territory of Russia and the states of the former USSR;
formation and maintenance of a data bank of the system of scientific and technical information of the Ministry of Internal Affairs of Russia about the experience of the internal affairs bodies of the Russian Federation and law enforcement agencies of other states; issuance of this information in accordance with the established procedure at the request of subdivisions of the system of the Ministry of Internal Affairs of Russia;
formation and maintenance of a fund of all-Russian classifiers of technical and economic information in the part related to the Ministry of Internal Affairs of Russia, development and registration of sectoral and intra-system classifiers operating in the internal affairs bodies;
reception, registration, preservation and use in the prescribed manner of archival documents of divisions of the Ministry of Internal Affairs of Russia and internal affairs bodies;
analysis of the processes of formation and use of statistical, operational reference, investigative, forensic records of internal affairs bodies, the creation, implementation, development of modern information technologies in the system of the Ministry of Internal Affairs of Russia, provision of information and analytical materials to the leadership of the Ministry and divisions of the Ministry of Internal Affairs of Russia.

The structure of the Main Information and Analytical Center of the Ministry of Internal Affairs of Russia includes:

Center for Statistical Information;
Criminal Information Center;
Operational Information Center;
Center for Operational Investigative Information;
Center for Information Technologies and Systems of Internal Affairs;
Computing Center;
Center for Rehabilitation of Victims of Political Repression and Archival Information;
Department of Scientific and Technical Information;
Department of Documentation and Security Regime;
Organizational and Methodological Department;
Human Resources Department;
Financial and economic department;
Second department (special communications);
Fifth department (information interaction with the CIS FSO of Russia);
Logistics Department;
Legal group.

All operational and preventive measures and the overwhelming majority of operational and search activities carried out in the internal affairs bodies are provided with information support carried out by the GIAC and the IC.

The role of information departments is increasing from year to year, as evidenced by the following facts. If in 1976 with the help of our records 4% of the total number of solved crimes were solved, in 1996 - 25%, in 1999 - 43%, in 2002 - 60%, then in 2009 - over 70% 5 .

Today, GIAC carries out fully automated collection and generalization of statistical information. The information is summarized as a whole for Russia, for federal districts and subjects of the Russian Federation. The automated database of statistical indicators of the GIAC contains information since 1970.

Public data banks have been deployed in the GIAC and information centers of the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate, and a standard integrated data bank of the regional level has been introduced.

At the regional and federal levels, a set of measures was carried out to equip all information centers of the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate and the GIAC with standard software and hardware complexes.

The centralized equipping of the regions with modern information processing complexes made it possible to purposefully carry out measures to integrate open information resources at the regional and federal levels.

Completed work on the creation of an integrated data bank of the federal level. It combined the resources of 9 existing systems ("Kartoteka", "ABD-Center", "ASV-RIF" and "Crime-Foreigners", "Antiques", "FR-Alert", "Weapons", "Autopoisk" and "Dossier- scammer"). This made it possible, by one request of operational workers, investigators and interrogators, to receive the information available in the automated records of the GIAC in the form of a "dossier" and to increase the effectiveness of assistance in solving crimes.

The integrated bank of the federal level systematizes information about issued, lost, stolen passports (passport blanks) of citizens of the Russian Federation; about foreign citizens staying and residing (temporarily and permanently) in the Russian Federation; about registered vehicles.

A step-by-step interaction of the Federal Automated Fingerprint System "AFIS-GIC" with similar interregional systems of federal districts, regional systems of information centers and NCB of Interpol is being carried out. The possibility of obtaining fingerprint information in electronic form allows in the shortest possible time to identify the identity of suspects, to increase the efficiency of disclosing and investigating crimes.

On the basis of the GIAC of the Ministry of Internal Affairs of Russia, an interdepartmental automated system for maintaining the Register of the Federal Integrated Information Fund was created, providing for the integration of information resources and information interaction between ministries and departments (Ministry of Internal Affairs, FSB, Ministry of Finance, Ministry of Justice, Prosecutor General's Office, Supreme Court of the Russian Federation, etc.).

Using the mode of direct access to the data bank (within 7-10 minutes without breaking the communication line) and the mode of deferred request (within 1 hour using e-mail) will greatly facilitate the work of employees of operational services, investigation and inquiry units, and other law enforcement structures.

The total number of users who are provided with access to the automated centralized accounting of the vertical "Main information and analytical center - information centers of the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate" is more than 30 thousand. More than a third of them are users of the GROVD level and police departments (divisions).

For information support of the operational and service activities of bodies, divisions and institutions of internal affairs, the educational process and scientific activities of research and higher educational institutions of the Ministry of Internal Affairs of Russia, the Databank of the scientific and technical information system (DB SNTI) of the Ministry of Internal Affairs of Russia was created in the GIAC. DB SNTI contains materials about the experience of the internal affairs bodies of Russia, the activities of law enforcement agencies of foreign countries, as well as information about the results of research and development work and dissertation research carried out in the system of the Ministry of Internal Affairs of Russia.

The most effective means of increasing the availability and ease of obtaining information, bringing it to the consumer is the data bank of the scientific and technical information system (DB STTI) of the Ministry of Internal Affairs of Russia.

The data bank of the SNTI of the Ministry of Internal Affairs of the Russian Federation is designed to provide information to employees of bodies and institutions of the Ministry of Internal Affairs of Russia with information about the experience of the internal affairs bodies of Russia, the activities of law enforcement agencies of foreign countries and the results of scientific research carried out in the system of the Ministry of Internal Affairs of Russia.

Structurally, the databank consists of three sections:

domestic experience - express information, bulletins, guidelines, analytical reviews, criminological forecasts;
foreign experience - information publications, translations of articles of foreign magazines, reports on foreign business trips and other materials on the activities of law enforcement agencies of foreign countries;
scientific research - reporting documents on research and development work, abstracts of defended theses, prepared by employees of research and higher educational institutions of the Ministry of Internal Affairs of Russia.

As of January 1, 2010, the SNTI database contains over 5 thousand materials, of which 30% are about the work experience of the Internal Affairs Directorate of Russia, 38% of foreign law enforcement activities, and 32% of scientific research.

The databank is installed on the GIAC communication node as part of the data transmission backbone (MRTD) of the Ministry of Internal Affairs of Russia. All employees of the Ministry of Internal Affairs of Russia, the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate of the constituent entities of the Russian Federation, UVDT, research and educational institutions who are subscribers of the GIAC node can directly contact the DB STTI.

It also provides an opportunity to select materials in the deferred request mode for all subscribers of the MRTD of the Ministry of Internal Affairs of Russia.

Along with the growth in the use of the SNTI DB at the GIAC communication node in 65 regions of the Russian Federation, regional data banks of scientific and technical information have been created and are being formed on the basis of information arrays of the SNTI DB. 6 .

Access to regional data banks of NTI is provided by services, divisions and city district agencies. In a number of regions (the Republic of Sakha (Yakutia), Krasnodar Territory, Magadan Region, etc.), which occupy a significant territory, subregional STI data banks are organized in remote cities. Information arrays for them are regularly replicated and sent out on CD-ROMs.

The creation and development of regional data banks NTI is one of the promising ways to solve the problem of bringing information to the practitioners of the territorial bodies of internal affairs.

Together with the interested departments and divisions of the Ministry of Internal Affairs of Russia, work is underway to create a Central Data Bank for registering foreign citizens and stateless persons temporarily staying and residing in the Russian Federation.

conclusions

The main directions of protection of the information sphere.

1. Protection of the interests of the individual, society and the state from the impact of harmful, poor-quality information. Such protection is provided by institutions: mass media, documented and other information.

2. Protection of information, information resources and information system from unlawful influence in various situations. Such protection is provided by:

Institute of State Secrets;

Personal data.

3. Protection of information rights and freedoms (Institute of Intellectual Property).

The main task of information security is to balance the interests of society, the state and the individual. This balance should be adequate to the goals for the security of the country as a whole. Ensuring information security should be focused on the specifics of the information environment, determined by the social structure.

The focus of information security should be on the information environment of public authorities.

In the context of the globalization process, it is necessary to ensure a constant analysis of changes in policies and legislation in other countries.

The last task is to take into account the fulfillment of factors in the process of expanding the legal attention of the Russian Federation in the peaceful information space, including cooperation within the CIS, and the practice of using the Internet.

List of used literature

Constitution of the Russian Federation. - 1993

The concept of the national security of the Russian Federation (as amended by the Decree of the President of the Russian Federation of January 10, 2000 No. 24).

Information security doctrine of the Russian Federation (approved by the President of the Russian Federation on September 9, 2000, No. Pr-1895).

Law of the Russian Federation of July 27, 2006 No. 149-FZ "On Information, Information Technologies and Information Protection".

Bot E., Sichert K .. Windows Security. - SPb .: Peter, 2006.

Dvoryankin S.V. Information confrontation in the law enforcement sphere / In collection: "Russia, XXI century - anti-terror ". - M .: "BIZON-95ST", 2000.

Karetnikov M.K. On the content of the concept "Information security of internal affairs bodies" / In collection: "International conference" Informatization of law enforcement systems ". - M .: Academy of Management of the Ministry of Internal Affairs of Russia, 1998.

Nikiforov S.V. Introduction to networking technologies. - M .: Finance and statistics, 2005 .-- 224c.

A.A. Torokin Engineering and technical information security: Textbook. - M .: "Helios ARV", 2005.

1 Beloglazov E.G. and other Fundamentals of information security of internal affairs bodies: Textbook. - M .: MosU of the Ministry of Internal Affairs of Russia, 2005.

2 V.I. Yarochkin Information Security: A Textbook for University Students. - M .: Academic Project; Gaudeamus, 2007.

3 Karetnikov M.K. On the content of the concept "Information security of internal affairs bodies" / In collection: "International conference" Informatization of law enforcement systems. " - M .: Academy of Management of the Ministry of Internal Affairs of Russia, 1998.

4 Dvoryankin S.V. Information confrontation in the law enforcement sphere / In collection: "Russia, XXI century - anti-terror." - M .: "BIZON-95ST", 2000.

5 Zhuravlenko N.I., Kadulin V.E., Borzunov K.K .. Fundamentals of information security: a textbook. - M .: MosU of the Ministry of Internal Affairs of Russia. 2007.

6 Zhuravlenko N.I., Kadulin V.E., Borzunov K.K .. Fundamentals of information security: a textbook. - M .: MosU of the Ministry of Internal Affairs of Russia. 2007.

The development of information and telecommunication technologies has led to the fact that modern society is largely dependent on the management of various processes through computer technology, electronic processing, storage, access and transmission of information. According to the Bureau of Special Technical Measures of the Ministry of Internal Affairs of Russia, more than 14 thousand crimes related to high technologies were recorded last year, which is slightly higher than the year before. An analysis of the current situation shows that about 16% of cybercriminals operating in the "computer" area of crime are young people under the age of 18, 58% - from 18 to 25 years old, and about 70% of them have higher or incomplete higher education ...

At the same time, 52% of the identified offenders had special training in the field of information technology, 97% were employees of state institutions and organizations using computers and information technologies in their daily activities, 30% of them were directly related to the operation of computer equipment.

According to unofficial expert estimates, out of 100% of criminal cases initiated, about 30% go to court and only 10-15% of the defendants serve their sentences in prison. Chekalina A. - M .: Hotline - Telecom, 2006. Most cases are re-qualified or terminated due to insufficient evidence. The real state of affairs in the CIS countries is a question from the realm of fantasy. Computer crimes are crimes with high latency, reflecting the existence in the country of a real situation when a certain part of the crime remains unaccounted for.

The increasingly spreading technological terrorism, of which information or cyber terrorism is an integral part, poses a serious threat to the entire world community.

The targets of terrorists are computers and specialized systems created on their basis - banking, stock exchange, archival, research, management, as well as means of communication - from direct television broadcasting and communication satellites to radio telephones and pagers.

The methods of information terrorism are completely different from the traditional ones: not the physical destruction of people (or its threat) and the elimination of material assets, not the destruction of important strategic and economic objects, but a large-scale disruption of the operation of financial and communication networks and systems, partial destruction of the economic infrastructure and the imposition of power structures of your will.

The danger of information terrorism is growing immeasurably in the context of globalization, when telecommunications are acquiring an exclusive role.

In the context of cyber terrorism, a possible model of terrorist impact will have a "three-stage" appearance: the first stage is the advancement of political demands with a threat, if they are not met, to paralyze the entire economic system of the country (at least, that part of it that uses computer technology in its work), the second is to carry out a demonstration attack on the information resources of a sufficiently large economic structure and paralyze its action, and the third is to repeat the demands in a more severe form, relying on the effect of a demonstration of force.

A distinctive feature of information terrorism is its cheapness and complexity of detection. The Internet system, which linked computer networks around the planet, changed the rules for modern weapons. The anonymity provided by the Internet allows a terrorist to become invisible, as a result, practically invulnerable and not risking anything (first of all, his life) during a criminal action.

The situation is aggravated by the fact that crimes in the information sphere, including cyber terrorism, entail significantly less punishment than for the implementation of "traditional" terrorist acts. In accordance with the Criminal Code of the Russian Federation (Art.273), the creation of computer programs or changes to existing programs that knowingly lead to unauthorized destruction, blocking, modification or copying of information, disruption of the operation of computers, computer systems or their networks, as well as the use of or the distribution of such programs or machine media containing such programs is punishable by up to a maximum of seven years' imprisonment. For comparison, in the United States, laws punish unauthorized entry into computer networks with imprisonment for up to 20 years.

The basis for ensuring an effective fight against cyber terrorism is the creation of an effective system of interrelated measures to identify, prevent and suppress such activities. Various anti-terrorist bodies are working to combat terrorism in all its manifestations. The developed countries of the world pay special attention to the fight against terrorism, considering it to be almost the main danger to society.

Threats to the country's information security, the sources of which are modern crime, criminal national and transnational communities, in their totality and scale of impact, covering the entire territory of the country and affecting all spheres of life of society, make it necessary to consider the struggle between organized crime and law enforcement agencies called upon to resist it, first of all , the internal affairs bodies, as an information war, the main form of waging which and its specific content are information warfare using information and computing and radio equipment, radio intelligence, information and telecommunication systems, including space communication channels, geoinformation systems and other information systems, complexes and funds.

In the conditions of the current state of crime, it is impossible to ensure information security in the activities of the internal affairs bodies only on the basis of the use of protective means and mechanisms. In these conditions, it is necessary to conduct active offensive (combat) actions using all types of information weapons and other offensive means in order to ensure superiority over crime in the information sphere Smirnov A. A. Ensuring information security in the context of the virtualization of society. - M .: Unity-Dana, 2012.

The emergence and development of new large-scale phenomena in the life of the country and society, new threats to national security from the criminal world, which has at its disposal modern information weapons, and new conditions for the implementation of operational and service activities of the internal affairs bodies, determined by the needs of waging information war with national and transnational basically organized crime, determine the need for appropriate legislative, state-legal regulation of relations in the field of information security of the state in general and the internal affairs bodies in particular.

The main measures of a state-legal nature to ensure information security, carried out, among other things, by the internal affairs bodies, are proposed to include: the formation of a regime and protection in order to exclude the possibility of secret penetration into the territory where information resources are located; determination of methods of working with employees in the selection and placement of personnel; work with documents and documented information, including the development and use of documents and carriers of confidential information, their accounting, execution, return, storage and destruction; determination of the procedure for using technical means for collecting, processing, accumulating and storing confidential information; creation of a technology for analyzing internal and external threats to confidential information and developing measures to ensure its protection; systematic control over the work of personnel with confidential information, the procedure for accounting, storage and destruction of documents and technical media.

An analysis of the current Russian legislation in the field of information security and the state information protection system allows us to highlight the most important powers of the internal affairs bodies in the field of ensuring the information security of the state: repelling information aggression directed against the country, comprehensive protection of information resources, as well as the information and telecommunications structure of the state; prevention and resolution of international conflicts and incidents in the information sphere; prevention and suppression of crimes and administrative offenses in the information sphere; protection of other important interests of the individual, society and the state from external and internal threats.

Legal protection of information as a resource is recognized at the international and state levels. At the international level, it is determined by interstate treaties, conventions, declarations and implemented by patents, copyright and licenses for their protection. At the state level, legal protection is regulated by state and departmental acts.

The main directions of the development of Russian legislation in order to protect the information of the internal affairs bodies should be:

- legislative consolidation of the mechanism for classifying objects of information infrastructure of internal affairs bodies as critical and ensuring their information security, including the development and adoption of requirements for hardware and software used in the information infrastructure of these objects;
- improvement of the legislation on operational-search activities in terms of creating the necessary conditions for conducting operational-search activities in order to identify, prevent, suppress and disclose computer crimes and crimes in the field of high technology; strengthening control over the collection, storage and use of information about the private life of citizens by the internal affairs bodies, information constituting personal, family, official and commercial secrets; clarification of the composition of operational-search measures;
- strengthening responsibility for crimes in the field of computer information and clarifying the elements of crimes, taking into account the European Convention on Cyber Crime;
- improvement of criminal procedure legislation in order to create conditions for law enforcement agencies, ensuring the organization and implementation of prompt and effective crime prevention, carried out using information and telecommunication technologies to obtain the necessary evidence Rastorguev S.P. Fundamentals of information security - Moscow: Academy, 2009 ...

Organizational and managerial measures are a decisive link in the formation and implementation of comprehensive information protection in the activities of internal affairs bodies.

When processing or storing information, the internal affairs bodies are recommended to carry out the following organizational measures within the framework of protection against unauthorized access: identification of confidential information and its documentation in the form of a list of information to be protected; determination of the procedure for establishing the level of authority of the subject of access, as well as the circle of persons to whom this right is granted; establishment and execution of access control rules, i.e. a set of rules governing the access rights of subjects to protected objects; familiarization of the subject of access with the list of protected information and its level of authority, as well as with organizational, administrative and working documentation that defines the requirements and procedure for processing confidential information; receiving from the access object a receipt on non-disclosure of confidential information entrusted to it.

In accordance with the Law of the Russian Federation "On Police", the competence of the Ministry of Internal Affairs of Russia includes the functions of forming nationwide reference and information funds for operational and forensic accounting. The performance of these functions is carried out by information and technical units of the services of the Ministry of Internal Affairs of Russia in cooperation with units of the criminal police, public security police, penitentiary institutions, other law enforcement agencies, government agencies and organizations in charge of public security issues, as well as law enforcement agencies (police) of other states.

Information interaction in the field of combating crime is carried out within the framework of the laws of the Russian Federation "On operational and investigative activities", "On security", "On accounting and accounting activities in law enforcement agencies", the current criminal and criminal procedural legislation, international agreements of the Ministry of Internal Affairs of Russia in the sphere of information exchange, Regulations on the Ministry of Internal Affairs of Russia, orders of the Minister of Internal Affairs of Russia.

Research has shown that the conceptual provisions for ensuring information security of law enforcement agencies should include requirements for the transition to a unified legal framework governing the use of information in the fight against crime. At the same time, in the system of the Ministry of Internal Affairs, instead of a large group of departmental acts, it is proposed to introduce three groups of normative legal documents on information support: sectoral, general use; branch, by service lines; regulatory and legal documentation of the local level of government on local applied problems of information support of the territorial body of internal affairs.

Thank you for visitinghttp :// Ndki . narod . ru

Egoryshev A.S. The problem of information security in the activities of internal affairs bodies. / Social reform in the Russian Federation and the Republic of Bashkortostan and the problems of the shadow economy and national security (Materials of the Russian scientific conference) - Moscow-Ufa, 1997. - pp. 102 - 106.

Egoryshev A.S.- student of the Ufa Law Institute of the Ministry of Internal Affairs of the Russian Federation

The problem of information security in the activities of internal affairs bodies.

Contemporary Russian crime is becoming more and more professional. As an indicator of the professionalism of the underworld, one can name the emergence of such a form of crime as computer crime, which did not previously have such a widespread distribution in Russia. Its modern scale is such that it requires the most active work to protect information from electronic pirates.

The costs of conversion have led to an outflow of minds from many formerly elite spheres of science and production. For example, Russian electronics engineers are considered the most experienced in the field of computer crime. About 100 thousand people constantly work for computer crime in the republics of the former USSR, and another 3 million people - from time to time. The centers of computer crime are Moscow, St. Petersburg, Ukraine and the Urals. Russian computer crime is a growing concern abroad, because as a result of skilful computer machinations carried out by electronic pirates of Russia, foreign banks are losing large sums of money, disappearing in an unknown direction.

Computer crime has become a real scourge of the economies of developed countries. So, for example, 90% of firms and organizations in the UK have at various times become targets of electronic piracy or are

were under his threat, in the Netherlands 20% of various types of enterprises became victims of computer crime. In the Federal Republic of Germany, 4 billion marks are stolen annually with the use of computers, and 1 billion francs in France. Experts note the high level of latency of this type of crime, because in 85% of cases, the facts of software piracy are not disclosed.

The situation is aggravated by the fact that the law enforcement agencies themselves are also becoming the object of attention of criminals armed with modern computers. Therefore, today the task of protecting their own information has become very urgent for the internal affairs bodies.

Information security is the protection of information and supporting infrastructure from accidental or intentional influences of a natural or artificial nature, fraught with harm to the owners or users of information and supporting infrastructure.

The problem of information security, especially for the internal affairs bodies, is of greatest interest today. Fighting computer crime is one of the most important tasks of law enforcement agencies against the backdrop of the colossal development of information systems, local and global networks.

The problem of ensuring information security is of a complex nature, for the solution of which a combination of legislative, organizational, software and technical measures is required.

Timely and effective improvement of legislation is necessary, since the currently available legal framework in this area lags far behind practical needs.

There is a huge shortage of highly qualified personnel in the police department. This problem, in our opinion, can be solved in the following ways:

in connection with a significant reduction in the personnel of the RF Armed Forces, among whom there are many good specialists in the field of working on computers, it is possible to involve them in work in law enforcement agencies;

the introduction of special courses on initial and professional preparation of work on personal computers, the introduction into the curriculum of the course "Information security and the use of information technologies in the fight against crime", approved by the Main Personnel Directorate of the Ministry of Internal Affairs of Russia on June 1, 1997 in educational institutions of higher professional education specialty Jurisprudence (specialization "Information Security");

it is necessary to improve the financing of organizations and institutions that are part of the Ministry of Internal Affairs of Russia, for the purchase of good equipment and modern software, tk. the material base of the Ministry of Internal Affairs of the Russian Federation in the field of information security is currently at an insufficient level;

it seems possible to raise the question of improving the training process for police officers specializing in work in the field of information security. For this purpose, in our opinion, a differential training system is needed, since solid training in the field of computer science cannot be obtained within the framework of a traditional higher educational institution of the Ministry of Internal Affairs of the Russian Federation;

to create favorable conditions for recruiting highly qualified specialists working in the area of interest to us in the police department. To ensure the appropriate amount of remuneration, since today, from a material point of view, it is much more profitable to work in this specialty in banking structures and private firms.

To maintain the information security regime, software and hardware measures are most important, since it is known that the main threat to computer systems comes from themselves, which can be expressed in software errors, hardware failures, unsatisfactory work of employees, as well as heads of organizations and institutions related to the ATS system.

V.A. Galatenko identifies the following key security mechanisms: identification and authentication, access control, logging and auditing, cryptography and shielding, for the effective use of which proactive analysis of possible threats is required.

Information security cannot be ensured without a strict distribution of functions for users, administrators of local networks and servers, as well as heads of internal affairs agencies.

Moreover, the duties and functions of the listed groups of police officers should be developed and approved in advance, depending on what goals they will be aimed at. There are several typical functions inherent for employees of any department or department of internal affairs bodies:

The heads of departments are responsible for communicating the approved provisions and principles of the security policy to users and administrators of local networks and servers, in the same place for contacts with them informing about the change in the status of each of the subordinates (dismissal from the internal affairs bodies, appointment to another position, etc.)

This function is most important due to the fact that an employee dismissed for any reason may represent the most significant

danger to the department or department where he worked.

The problem of an "offended" employee has always existed and will continue to exist. Knowing the basic principles of the system's functioning, he can, guided by negative motives, try to delete, change, correct any data. Therefore, it is necessary to ensure that upon dismissal of an employee, his access rights to information resources are canceled. Examples of the emergence of this problem are foreign films, the plot of which is based on real events of our days;

Nor can we put on the sidelines the problem of tylerance, i.e. the problem of the ratio of ends and means. Indeed, the cost of acquiring comprehensive protection measures should not exceed the cost of potential damage.

Local network administrators must ensure the smooth functioning of the network, responsible for the implementation of technical measures, the effective application of security measures, thereby ensuring the security policy.

Server administrators are responsible for the servers assigned to them and ensure that the mechanisms used to ensure information confidentiality are in accordance with the general principles of the security policy.

Users are required to work with the local network, guided by the security policy, follow the orders and orders of employees responsible for certain aspects of information security, and immediately report to management about all suspicious situations.

In our opinion, from the point of view of compliance with information security, the status of users of personal computers is of particular interest. The fact is that a significant part of information losses is accounted for by accidental and deliberate mistakes of employees working at the IWT. Due to their possible negligence and negligence, they can enter deliberately incorrect data, miss errors in the software, thereby creating a breach in the security system. All this makes one think that an internal threat emanating directly from users of personal

computers are more significant and more dangerous than external influences.

In conclusion, it is necessary to remind that the observance of information security is not a task of an individual country, but of all mankind, since the highly developed computer crime of our days has long gone to the world level. Therefore, an effective fight against it is possible only with close cooperation of law enforcement agencies from different countries of the world. It is necessary to build a joint set of measures and means, recruit and train highly qualified personnel, develop in detail the basic principles of security policy, without which normal development is impossible.

information communications.

Literature:

4. Selivanov N. Problems of combating computer crime // Legality, 1993. - No. 8. - P. 36.

5. Galatenko V. Information security. // Open systems, 1996. - № 1. - C 38.

6. Federal Law "On Information, Informatization and Information Protection". // Rossiyskaya Gazeta, 1995.22 February.

7. President of the Russian Federation. Decree of April 3, 1995 No. 334 "On measures to comply with the rule of law in the development, production, sale and operation of encryption tools, as well as the provision of services in the field of information encryption." security during the elections in Russia: Sat. articles "Actual Problems modern ...

Information bulletin "Activities of the deputies of the faction" Fair Russia "22 September 28, 2014

Newsletter

The main thing is to bring it as close as possible activity organs internal cases to the population, making it the main ... weapon, providing joint security, problems energy. This is ... Dooms on information politics, information technology and communications ...

Report

Law and administrative activities organs internal cases State legal disciplines Civil law disciplines Information- legal disciplines ...

Newsletter Krasnoyarsk Territory: Local Self-Government No. 16 (104) (October 2013)

Newsletter

... "Today the main problem- lack of federal ... public control over activities organs internal cases... In particular, ... some issues of ensuring security road traffic in ... governments; development information society. For...

Send your good work in the knowledge base is simple. Use the form below

Students, graduate students, young scientists who use the knowledge base in their studies and work will be very grateful to you.

Posted on http://allbest.ru

Introduction

1. The main threats to information security arising in the course of the activities of operational units of internal affairs bodies

2. The concept and goals of conducting special checks of objects of informatization; the main stages of the audit

3. Hardware and software-hardware means of data encryption

Conclusion

Bibliography

Introduction

The Federal Law of the Russian Federation "On Information, Informatization and Protection of Information", adopted on January 25, 1995 by the State Duma, defines that "information is information about persons, objects, facts, events, phenomena and processes, regardless of the form of their presentation." Information has a number of features: it is intangible; information is stored and transmitted using physical media; any material object contains information about itself or about another object.

Rapidly developing computer information technologies are making significant changes in our lives. Information has become a commodity that can be purchased, sold, exchanged. Moreover, the cost of information is often hundreds of times higher than the cost of the computer system in which it is stored.

According to one study, about 58% of those surveyed had suffered from computer hacks in the past year. Approximately 18% of those surveyed say they have lost more than a million dollars in attacks, more than 66% have suffered losses in the amount of 50 thousand dollars. Over 22% of attacks targeted trade secrets or documents of primary interest to competitors.

The well-being, and sometimes the life of many people, depends on the degree of security of information technologies. Such is the price for the complication and widespread distribution of automated information processing systems. A modern information system is a complex system consisting of a large number of components of varying degrees of autonomy, which are interconnected and exchange data. Almost every component can be damaged or damaged.

1. The mainthreatsinformationsecurity,emergingvprocessactivitiesoperationalsubdivisionsorgansinternalcases

According to unofficial expert estimates, out of 100% of criminal cases initiated, about 30% go to court and only 10-15% of the defendants serve their sentences in prison. Chekalina A. - M .: Hot Line - Telecom, 2006. Most cases are re-qualified or terminated due to insufficient evidence. The real state of affairs in the CIS countries is a question from the realm of fantasy. Computer crimes are crimes with high latency, reflecting the existence in the country of a real situation when a certain part of the crime remains unaccounted for.

The increasingly spreading technological terrorism, of which information or cyber terrorism is an integral part, poses a serious threat to the entire world community.

The danger of information terrorism is growing immeasurably in the context of globalization, when telecommunications are acquiring an exclusive role.

The main directions of the development of Russian legislation in order to protect the information of the internal affairs bodies should be:

Legislative consolidation of the mechanism for classifying information infrastructure objects of internal affairs bodies as critical and ensuring their information security, including the development and adoption of requirements for hardware and software used in the information infrastructure of these objects;

Improvement of the legislation on operational-search activity in terms of creating the necessary conditions for conducting operational-search activities in order to identify, prevent, suppress and disclose computer crimes and crimes in the field of high technology; strengthening control over the collection, storage and use of information about the private life of citizens by the internal affairs bodies, information constituting personal, family, official and commercial secrets; clarification of the composition of operational-search measures;

Strengthening responsibility for crimes in the field of computer information and clarifying the elements of crimes, taking into account the European Convention on Cyber Crime;

Improvement of criminal procedural legislation in order to create conditions for law enforcement agencies to ensure the organization and implementation of operational and effective crime prevention, carried out using information and telecommunication technologies to obtain the necessary evidence. Rastorguev S.P.

Organizational and managerial measures are a decisive link in the formation and implementation of comprehensive information protection in the activities of internal affairs bodies.

2. The concept and goals of conducting special checks of objects of informatization; the main stages of the audit

The object of informatization is a set of informatization tools together with the premises in which they are installed, intended for processing and transferring protected information, as well as dedicated premises Partyka T.L., Popov I.I.Information security - M .: Forum, 2012.

Informatization means - means of computer technology and communication, office equipment intended for collecting, accumulating, storing, searching, processing data and issuing information to the consumer.

Computer facilities - electronic computers and complexes, personal electronic computers, including software, peripheral equipment, data teleprocessing devices.

Object of computer technology (VT) - a stationary or mobile object, which is a complex of computer technology, designed to perform certain functions of information processing. Computer facilities include automated systems (AS), automated workstations (AWPs), information computing centers (ICCs) and other complexes of computer technology.

The objects of computer technology can also include individual means of computer technology that perform independent functions of information processing.

Allocated room (VP) - a special room designed for meetings, conferences, conversations and other events of a speech nature on secret or confidential issues.

Activities of a speech nature can be carried out in dedicated rooms with the use of technical means of processing speech information (TSOI) and without them.

Technical means of information processing (ICT) - technical means intended for receiving, storing, searching, transforming, displaying and / or transmitting information through communication channels.

The ICT includes computer facilities, communication facilities and systems for recording, amplifying and reproducing sound, intercom and television devices, means for producing and reproducing documents, cinema projection equipment and other technical means associated with receiving, accumulating, storing, searching, transforming, displaying and / or transmission of information via communication channels.

Automated system (AC) - a set of software and hardware designed to automate various processes associated with human activities. In this case, a person is a link in the system.

A special check is a check of a technical means of information processing carried out with the aim of finding and removing special electronic embedded devices (hardware bookmarks).

Certificate of a protected object - a document issued by a certification body or other specially authorized body confirming the existence of necessary and sufficient conditions at the protected object to fulfill the established requirements and standards of information protection efficiency.

Allocated premises certificate - a document issued by an attestation (certification) body or other specially authorized body confirming the existence of the necessary conditions to ensure reliable acoustic protection of the allocated premises in accordance with the established rules and regulations.

An operating order is a document containing requirements for ensuring the security of a technical means of information processing during its operation.

A certification test program is a mandatory organizational and methodological document that establishes the object and objectives of the test, the types, sequence and scope of experiments conducted, the procedure, conditions, place and timing of tests, provision and reporting on them, as well as responsibility for ensuring and conducting tests.

A certification test procedure is a mandatory organizational methodological document that includes a test method, test means and conditions, sampling, and an algorithm for performing operations. By determining one or several interrelated characteristics of the security of the object of the form of data presentation and assessment of the accuracy, reliability of the results.

Certification test report - a document containing the necessary information about the test object, the methods used, means and test conditions, as well as a conclusion on the test results, drawn up in accordance with the established procedure.

Basic technical means and systems (OTSS) - technical means and systems, as well as their communications, used for the processing, storage and transmission of confidential (secret) information.

OTSS may include means and systems of informatization (computer technology, automated systems of various levels and purposes based on computer technology, including information and computing complexes, networks and systems, means and systems for communication and data transmission), technical means of receiving, transmission and processing of information (telephony, sound recording, sound amplification, sound reproduction, intercom and television devices, means of production, duplication of documents and other technical means of processing speech, graphic video, semantic and alphanumeric information) used for processing confidential (secret) information.

Auxiliary technical means and systems (VTSS) - technical means and systems not intended for transmission, processing and storage of confidential information, installed together with OTSS or in dedicated premises.

These include:

Various types of telephone facilities and systems;

Means and systems for data transmission in a radio communication system;

Security and fire alarm systems and equipment;

Means and systems of warning and signaling;

Control and measuring equipment;

Air conditioning facilities and systems;

Means and systems of a wired radio broadcasting network and reception of radio broadcasting and television programs (subscriber loudspeakers, radio broadcasting systems, televisions and radio receivers, etc.);

Means of electronic office equipment Velichko M.Yu. Information security in the activities of internal affairs bodies. - M .: Publishing house INION RAN, 2007.

Based on the results of certification tests in various areas and components, test reports are drawn up. Based on the protocols, a Conclusion is adopted based on the results of certification with a brief assessment of the compliance of the informatization object with information security requirements, a conclusion about the possibility of issuing a "Certificate of Compliance" and the necessary recommendations. If the object of informatization complies with the established requirements for information security, a Certificate of Conformity is issued for it.

Re-certification of the object of informatization is carried out in the case when changes were made at the recently certified object. These changes may include:

Changing the location of OTSS or VTSS;

Replacement of OTSS or VTSS with others;

Replacement of technical means of information protection;

Changes in the installation and laying of low-current and salt cable lines;

Unauthorized opening of sealed OTSS or VTSS cases;

Repair and construction works in dedicated premises, etc. Partyka T.L., Popov I.I.Information security - M .: Forum, 2012.

If it is necessary to re-certification of the object of informatization, re-certification is carried out, according to a simplified program. The simplifications are that only the elements that have undergone changes are tested.

3. Hardware and software-hardware means of data encryption

Any computer system (CS) uses standard and specialized hardware and software that performs a certain set of functions: user authentication, differentiation of access to information, ensuring the integrity of information and its protection from destruction, encryption and electronic digital signature, etc. information security crypto protection

Integrity and restriction of access to information are provided by specialized system components using cryptographic protection methods. In order for a computer system to be fully trusted, it must be certified, namely:

- define the set of functions performed;

- to prove the finiteness of this set;

- to determine the properties of all functions Gafner V.V. Information security - Rostov on Don: Phoenix, 2010.

Note that in the process of the system functioning, it is impossible for a new function to appear in it, including as a result of performing any combination of functions specified during development. Here we will not dwell on the specific composition of functions, since they are listed in the relevant guidance documents of the Federal Agency for Government Communications and Information (FAPSI) and the State Technical Commission (SCC) of Russia.

When using the system, its functionality should not be violated, in other words, it is necessary to ensure the integrity of the system at the time of its launch and during its operation.

The reliability of information protection in a computer system is determined by:

- a specific list and properties of the functions of the COP;

- methods used in the functions of the CS;

- the way to implement the functions of the COP.

The list of functions used corresponds to the security class assigned by the KC in the certification process, and, in principle, is the same for systems of the same class. Therefore, when considering a specific CS, attention should be paid to the methods used and the way of implementing the most important functions: authentication and system integrity check. Here, preference should be given to cryptographic methods: encryption (GOST 28147-89), electronic digital signature (GOST 34.10-94) and hashing function (GOST 34.11-94), the reliability of which has been confirmed by the relevant government organizations.

Most of the functions of modern CS are implemented in the form of programs, maintaining the integrity of which at system startup and especially during operation is a difficult task. A significant number of users, to one degree or another, have knowledge of programming, are aware of errors in the construction of operating systems. Therefore, there is a fairly high probability that they will use their existing knowledge to "attack" software.

First of all, encryption devices of the pre-computer era should be attributed to hardware cryptographic information security tools to preserve historical justice. This is Aeneas's tablet, Alberti's encryption disk, and, finally, disk encryption machines. The most prominent representative of disk encryption machines was the Enigma encoder from the Second World War. Modern cryptographic information protection tools cannot be strictly classified as hardware, it would be more correct to call them hardware-software, however, since their software part is not controlled by the OS, in the literature they are often called hardware. The main feature of hardware cryptographic information protection tools is the hardware implementation (through the creation and use of specialized processors) of the main cryptographic functions - cryptographic transformations, key management, cryptographic protocols, etc.

Hardware and software for cryptographic information protection combine the flexibility of a software solution with the reliability of a hardware solution Velichko M.Yu. Information security in the activities of internal affairs bodies. - M .: Publishing house INION RAN, 2007. At the same time, due to the flexible software shell, you can quickly change the user interface, the final functions of the product, and make its final settings; and the hardware component makes it possible to protect the algorithm of the cryptographic primitive from modification, to ensure high security of the key material and often a higher speed of operation.

Here are some examples of hardware and software cryptographic information protection tools:

The use of hardware removes the problem of ensuring the integrity of the system. Most modern tamper protection systems use firmware flashing in ROM or a similar microcircuit. Thus, in order to make changes to the software, it is necessary to access the corresponding board and replace the microcircuit. In the case of using a universal processor, the implementation of such actions will require the use of special equipment, which will further complicate the attack. The use of a specialized processor with the implementation of the operation algorithm in the form of an integrated microcircuit completely removes the problem of violation of the integrity of this algorithm.

In practice, the functions of user authentication, integrity checks, and cryptographic functions that form the core of the security system are often implemented in hardware, while all other functions are implemented in software.

Conclusion

Threat - a set of conditions and factors that create a potential or real threat of violation of confidentiality, availability and (or) integrity of information.

If we talk about threats of an information and technical nature, we can distinguish such elements as theft of information, malware, hacker attacks, SPAM, employee negligence, hardware and software failures, financial fraud, and theft of equipment.

According to statistics for these threats, the following data can be cited (based on research conducted in Russia by InfoWath): Information theft - 64%, Malicious software - 60%, Hacker attacks - 48%, Spam - 45%, Employee negligence - 43 %, Hardware and software failures - 21%, Theft of equipment - 6%, Financial fraud - 5%.

As you can see from the above data, theft of information and malware is the most widespread.

Knowledge of the main methods of committing and preventing computer crimes, methods of combating computer viruses, as well as modern methods of protecting information is necessary to develop a set of measures to ensure the protection of automated information systems of internal affairs bodies.

All this will help to improve the efficiency of the internal affairs bodies as a whole.

Listliterature

1. Velichko M.Yu. Information security in the activities of internal affairs bodies. - M .: Publishing house of INION RAN, 2007 .-- 130 p.

2. Gafner V. V. Information security - Rostov on Don: Phoenix, 2010 - 336 p.

3. Gorokhov PK Information security. - M .: Radio and communication, 2012 - 224 p.

4. Comprehensive technical control of the effectiveness of security measures of control systems in the internal affairs bodies // Ed. Chekalina A. - M .: Hot Line - Telecom, 2006 - 528 p.

5. Partyka T. L., Popov I. I. Information security - M .: Forum, 2012 - 432 p.

6. Rastorguev SP Fundamentals of information security - Moscow: Academy, 2009 - 192 p.

7. Smirnov A. A. Ensuring information security in the context of the virtualization of society. - M .: Unity-Dana, 2012 - 160 p.

8. Teplyakov AA, Orlov AV Fundamentals of security and reliability of information systems - Minsk: Academy of Management under the President of the Republic of Belarus, 2010 - 310 p.

Posted on Allbest.ru

...

Information security of internal affairs bodies. Fundamentals of information security Characteristics of information security means in OVD

Introduction

1 Types and content of threats to information security

2 Technical implementation of the ATS information security concept

conclusions

List of used literature

The problem of information security in the activities of internal affairs bodies.

Information bulletin "Activities of the deputies of the faction" Fair Russia "22 September 28, 2014

Newsletter Krasnoyarsk Territory: Local Self-Government No. 16 (104) (October 2013)

Send your good work in the knowledge base is simple. Use the form below

2. The concept and goals of conducting special checks of objects of informatization; the main stages of the audit

The object of informatization is a set of informatization tools together with the premises in which they are installed, intended for processing and transferring protected information, as well as dedicated premises Partyka T.L., Popov I.I.Information security - M .: Forum, 2012.

Informatization means - means of computer technology and communication, office equipment intended for collecting, accumulating, storing, searching, processing data and issuing information to the consumer.

Computer facilities - electronic computers and complexes, personal electronic computers, including software, peripheral equipment, data teleprocessing devices.

The objects of computer technology can also include individual means of computer technology that perform independent functions of information processing.

Allocated room (VP) - a special room designed for meetings, conferences, conversations and other events of a speech nature on secret or confidential issues.

Activities of a speech nature can be carried out in dedicated rooms with the use of technical means of processing speech information (TSOI) and without them.

Technical means of information processing (ICT) - technical means intended for receiving, storing, searching, transforming, displaying and / or transmitting information through communication channels.

Automated system (AC) - a set of software and hardware designed to automate various processes associated with human activities. In this case, a person is a link in the system.

A special check is a check of a technical means of information processing carried out with the aim of finding and removing special electronic embedded devices (hardware bookmarks).

Certificate of a protected object - a document issued by a certification body or other specially authorized body confirming the existence of necessary and sufficient conditions at the protected object to fulfill the established requirements and standards of information protection efficiency.

An operating order is a document containing requirements for ensuring the security of a technical means of information processing during its operation.

Certification test report - a document containing the necessary information about the test object, the methods used, means and test conditions, as well as a conclusion on the test results, drawn up in accordance with the established procedure.

Basic technical means and systems (OTSS) - technical means and systems, as well as their communications, used for the processing, storage and transmission of confidential (secret) information.

Auxiliary technical means and systems (VTSS) - technical means and systems not intended for transmission, processing and storage of confidential information, installed together with OTSS or in dedicated premises.

These include:

3. Hardware and software-hardware means of data encryption

Integrity and restriction of access to information are provided by specialized system components using cryptographic protection methods. In order for a computer system to be fully trusted, it must be certified, namely:

- define the set of functions performed;

- to prove the finiteness of this set;

- to determine the properties of all functions Gafner V.V. Information security - Rostov on Don: Phoenix, 2010.

When using the system, its functionality should not be violated, in other words, it is necessary to ensure the integrity of the system at the time of its launch and during its operation.

The reliability of information protection in a computer system is determined by:

- a specific list and properties of the functions of the COP;

- methods used in the functions of the CS;

- the way to implement the functions of the COP.

Here are some examples of hardware and software cryptographic information protection tools:

In practice, the functions of user authentication, integrity checks, and cryptographic functions that form the core of the security system are often implemented in hardware, while all other functions are implemented in software.

Conclusion

Threat - a set of conditions and factors that create a potential or real threat of violation of confidentiality, availability and (or) integrity of information.

If we talk about threats of an information and technical nature, we can distinguish such elements as theft of information, malware, hacker attacks, SPAM, employee negligence, hardware and software failures, financial fraud, and theft of equipment.

As you can see from the above data, theft of information and malware is the most widespread.

Knowledge of the main methods of committing and preventing computer crimes, methods of combating computer viruses, as well as modern methods of protecting information is necessary to develop a set of measures to ensure the protection of automated information systems of internal affairs bodies.

All this will help to improve the efficiency of the internal affairs bodies as a whole.

Listliterature

Similar documents