Information security - relevance and methods

Information security - relevance and methods

Business Hits: 245

Recently information security which is meant as a complex of the actions directed to an exception of stealing of important data became especially relevant. The task consists in maintenance of integrity, availability and confidentiality of information. There are certain principles of protection and a technique for realization of conceived.

Principles of information security

For performance of an objective the legal, organizational and technical framework is necessary thanks to what it is possible to exclude illegal access, maintaining confidentiality and realization of the right for permission. The organization of information security is based on three basic principles, and violation at least of one of them demonstrates leak or distortion.

  1. The person having concrete information should not give her to other people without the consent of its owner. At the same time it is worth noticing that confidentiality is not property.
  2. Integrity. Means an exception of any unauthorized changes, and, it concerns both accidental, and deliberate adjustments.
  3. Reliability. This certain guarantee that information was obtained from a reliable or reliable source.

Requirements to information security

To realize the principles given above, the system has to answer a number of requirements:

  1. Centrality. Management process always is centralized, and the system used for its realization has to approach under structure of an object which needs to be preserved.
  2. Planned character. The system of information security has to be based on interaction of all divisions directed to realization of the accepted security policy.
  3. Specifics and focus. Concrete information resources which can be interesting to competitors have to be protected.
  4. Activity. Information security has to be organized with persistence therefore means of forecasting are important, expert a system and other tools directed to realization of the principle to find and eliminate.
  5. Reliability and universality. The system has to apply different methods and means to prevention of leak.
  6. Openness. At any time there has to be an opportunity to change or add security measures.
  7. Economic effect. It is important that costs of protection were not more than the size of possible damage.

Information security levels

To achieve good results, it is necessary to apply an integrated approach, so, it is recommended to combine measures of legislative, administrative, procedural and program and technical character. Organizational information protection measures at any enterprise can be divided into three levels relating to a workplace, division and to all enterprise. At each stage more difficult mechanisms are used.

Law on information security

There is a special state law directed to regulation of legal relations on data protection which are in a system. At the same time the property rights of people have to be observed. Legal protection of information at the legislative level is of great importance, so, two groups are applied:

  1. The ways helping to organize and support with society negative reaction towards violators of the law.
  2. The ways helping to direct and coordinate measures, directed to increase in education of society in the field of information security.

Means of information protection

For saving information there are many different ways which can be divided into certain groups.

  1. Technical. Hardware methods of information security close access to data, for example, by means of masking. Here the noise generator, the surge protector and so on belongs. Carry to advantages of this way: reliability, independence of subjective factors and the increased resistance to modification. Rank insufficient flexibility, large volume and weight as minuses, and still high cost.
  2. Program. Here the programs used for identification of users, and even for control of access, enciphering and so on are included. Refer universality, flexibility, reliability, simplicity to advantages of this group of means installation and a possibility of modification and development. Minuses of this information security – limited functionality, hypersensibility to changes and possible dependence on type of computers.
  3. Mixed. Here the hardware-software methods possessing the same functions as well as two previous options enter, but still they have also intermediate properties.
  4. Here organizational and technical and organizational and legal means enter. Carry to pluses that they solve many different problems, it is easy to realize them, and still these methods quickly react to danger. Refer high dependence on influence of subjective factors to negative sides.

Information security on the Internet

Not only state institutions, banks and the popular websites therefore it is important to protect information which is on any computer become subjects to the attacks of hackers. There are several ways:

  1. Reliable passwords. Experts recommend to use combinations from capital and small Latin letters, figures and symbols. They have to be remembered easily, but not bear semantic loading.
  2. Enciphering of data. In the corporate and professional version of Windows there is a BitLocker tool. This mechanism will help to encrypt data on one or several sections of the hard drive. For safety of separate files it is possible to use the encrypted archives.
  3. Antivirus software. Burglars apply the auxiliary software to obtaining information. Viruses are engaged in interception of data. Anti-virus protection is in this case necessary for information security, and there has to be current version.
  4. Installation of the password on BIOS. By means of this protection the loading of the personal computer from the built-in and external carrier is made impossible. It will be useful to install the password on the hard drive which becomes useless in the malefactor's hands.

Information security at the enterprise

To receive protection, it is necessary to pass several stages: to analyze and choose security policy, to introduce suitable means, to develop and take organizational measures.

  1. At the enterprise not only the technical information security, but also standard and legal documents is important.
  2. Later it is necessary to define potential threats and to assess damages in relation to each of them.
  3. When all necessary information is collected, the special division on safety is created. It works in several directions: protects data, prevents unauthorized penetration, provides integrity of information and so on.
  4. Information security assumes application of such methods: electronic signature, cryptographic way of enciphering, passwords, system of audit and recording, electronic keys and so on.

Protection of personal information

Carry passport data, passwords of access to different services and e-wallets, the phone number and other data by means of which it is possible to obtain some important information to personal information. On the Internet of people has to solve whether provide the data or not. Protection of confidential information is carried out taking into account such councils:

  1. Do not download and do not activate e programs which are doubtful.
  2. Do not write down important information in readily available places.
  3. Do not enter passwords in unusual an authorization form.
  4. Do not ignore prevention in the browser of problems with certificates and registration of the website.
  5. In operating time on someone else's computers do not keep the passwords and you always leave the websites.
  6. Use an antivirus and check all downloaded files.

Protection of data carriers

In this case several techniques which can be divided into three groups are used: program, hardware and combined. It is important to understand that absolutely reliable protection does not exist. Carry to the most popular ways:

  1. For all removable carriers the physical protection, for example, closing in the safe is admissible.
  2. Suitable means of protection from information leakage on the carriers which are built in the personal computer mean hindrance to inclusion of food.
  3. Program closing of access to defined carriers or completely to all personal computer. As an example it is possible to cite the password CMOS.
  4. The hardware-software method with application of electronic keys which are often inserted into personal computer SOM port can be used. If the device does not receive the necessary answer, then the program will not be started.

Information security development

Development of ways of protection took place three stages and the last began in the 80th and lasts till today. The task consists in analytico-synthetic data processing and formation of scientific and methodological basis of a protective system. Experts work on that ways of information security had strictly scientific basis. Now theories which actively use worldwide are already submitted. One more characteristic of development – broader representation of a problem of information security.

Author: «MirrorInfo» Dream Team

Print