Objectives of technical protection of information in the Ministry of Internal Affairs. Fundamentals of Information Security in Internal Affairs Bodies

02.07.2020 Windows 10

Send your good work in the knowledge base is simple. Use the form below

Students, graduate students, young scientists who use the knowledge base in their studies and work will be very grateful to you.

Posted on http://allbest.ru

Introduction

1. The main threats to information security arising in the course of the activities of operational units of internal affairs bodies

2. The concept and goals of conducting special checks of objects of informatization; the main stages of the audit

3. Hardware and software-hardware means of data encryption

Conclusion

Bibliography

Introduction

The Federal Law of the Russian Federation "On Information, Informatization and Protection of Information", adopted on January 25, 1995 by the State Duma, defines that "information is information about persons, objects, facts, events, phenomena and processes, regardless of the form of their presentation." Information has a number of features: it is intangible; information is stored and transmitted using physical media; any material object contains information about itself or about another object.

Rapidly developing computer information technologies are making significant changes in our lives. Information has become a commodity that can be bought, sold, exchanged. Moreover, the cost of information is often hundreds of times higher than the cost of the computer system in which it is stored.

According to one study, about 58% of those surveyed had suffered from computer hacks in the past year. Approximately 18% of those surveyed say they have lost more than a million dollars in attacks, more than 66% have suffered losses in the amount of $ 50 thousand. Over 22% of attacks targeted trade secrets or documents of primary interest to competitors.

The well-being, and sometimes the life of many people, depends on the degree of security of information technologies. Such is the price for the complication and widespread dissemination of automated information processing systems. A modern information system is a complex system consisting of a large number of components of varying degrees of autonomy, which are interconnected and exchange data. Almost every component can be damaged or damaged.

1. The mainthreatsinformationsecurity,emergingvprocessactivitiesoperationalsubdivisionsorgansinternalcases

At the same time, 52% of the identified offenders had special training in the field of information technology, 97% were employees of state institutions and organizations using computers and information technologies in their daily activities, 30% of them were directly related to the operation of computer equipment.

According to unofficial expert estimates, out of 100% of criminal cases initiated, about 30% go to court and only 10-15% of the defendants serve their sentences in prison. Chekalina A. - M .: Hot Line - Telecom, 2006. Most cases are re-qualified or terminated due to insufficient evidence. The real state of affairs in the CIS countries is a question from the realm of fantasy. Computer crimes refer to crimes with high latency, reflecting the existence in the country of that real situation when a certain part of the crime remains unaccounted for.

A serious threat to the entire world community is posed by the increasingly spreading technological terrorism, of which information or cyber terrorism is an integral part.

The targets of terrorists are computers and specialized systems created on their basis - banking, stock exchange, archival, research, management, as well as means of communication - from direct television broadcasting and communication satellites to radio telephones and pagers.

The methods of information terrorism are completely different from the traditional ones: not the physical destruction of people (or its threat) and the elimination of material assets, not the destruction of important strategic and economic objects, but a large-scale disruption of the operation of financial and communication networks and systems, partial destruction of economic infrastructure and the imposition of power structures of your will.

The threat of information terrorism is growing immeasurably in the context of globalization, when telecommunications are acquiring an exclusive role.

In the context of cyber terrorism, a possible model of terrorist impact will have a "three-stage" appearance: the first stage is the advancement of political demands with a threat, if they are not met, to paralyze the entire economic system of the country (at least, that part of it that uses computer technology in its work), the second is to carry out a demonstration attack on the information resources of a sufficiently large economic structure and paralyze its action, and the third is to repeat the demands in a more severe form, relying on the effect of a demonstration of force.

A distinctive feature of information terrorism is its cheapness and complexity of detection. The Internet system, which linked computer networks around the planet, changed the rules for modern weapons. The anonymity provided by the Internet allows a terrorist to become invisible, as a result, practically invulnerable and not risking anything (first of all, his life) during a criminal action.

The situation is aggravated by the fact that crimes in the information sphere, including cyber terrorism, entail significantly less punishment than for the implementation of "traditional" terrorist acts. In accordance with the Criminal Code of the Russian Federation (Art.273), the creation of computer programs or changes to existing programs that knowingly lead to unauthorized destruction, blocking, modification or copying of information, disruption of the operation of a computer, computer system or their network, as well as the use of or distribution of such programs or machine media containing such programs is punishable by up to seven years' imprisonment. For comparison, in the United States, laws punish unauthorized entry into computer networks with imprisonment for up to 20 years.

The basis for ensuring an effective fight against cyber terrorism is the creation of an effective system of interrelated measures to identify, prevent and suppress such activities. Various anti-terrorist bodies are working to combat terrorism in all its manifestations. The developed countries of the world pay special attention to the fight against terrorism, considering it to be almost the main danger to society.

Threats to the country's information security, the sources of which are modern crime, criminal national and transnational communities, in their totality and scale of impact, covering the entire territory of the country and affecting all spheres of life of society, make it necessary to consider the struggle between organized crime and law enforcement agencies called upon to resist it, primarily , the internal affairs bodies, as an information war, the main form of waging which and its specific content are information warfare using information and computing and radio equipment, means of radio intelligence, information and telecommunication systems, including space communication channels, geoinformation systems and other information systems, complexes and funds.

In the conditions of the current state of crime, it is impossible to ensure information security in the activities of the internal affairs bodies only on the basis of the use of protective means and mechanisms. In these conditions, it is necessary to conduct active offensive (combat) actions using all types of information weapons and other offensive means in order to ensure superiority over crime in the information sphere. A. A. Smirnov. Ensuring information security in the context of the virtualization of society. - M .: Unity-Dana, 2012.

The emergence and development of new large-scale phenomena in the life of the country and society, new threats to national security from the criminal world, which has at its disposal modern information weapons, and new conditions for the implementation of operational and service activities of the internal affairs bodies, determined by the needs of waging information war with national and transnational basically organized crime, determine the need for appropriate legislative, state-legal regulation of relations in the field of information security of the state in general and the internal affairs bodies in particular.

The main measures of a state-legal nature to ensure information security, carried out, among other things, by the internal affairs bodies, are proposed to include: the formation of a regime and protection in order to exclude the possibility of secret penetration into the territory where information resources are located; determination of methods of working with employees in the selection and placement of personnel; work with documents and documented information, including the development and use of documents and media of confidential information, their accounting, execution, return, storage and destruction; determination of the procedure for using technical means for collecting, processing, accumulating and storing confidential information; creation of a technology for analyzing internal and external threats to confidential information and developing measures to ensure its protection; systematic control over the work of personnel with confidential information, the procedure for accounting, storage and destruction of documents and technical media.

Analysis of the current Russian legislation in the field of information security and the state information security system allows us to highlight the most important powers of the internal affairs bodies in the field of ensuring the information security of the state: repelling information aggression directed against the country, comprehensive protection of information resources, as well as the information and telecommunications structure of the state; prevention and resolution of international conflicts and incidents in the information sphere; prevention and suppression of crimes and administrative offenses in the information sphere; protection of other important interests of the individual, society and the state from external and internal threats.

Legal protection of information as a resource is recognized at the international and state levels. At the international level, it is determined by interstate treaties, conventions, declarations and is implemented by patents, copyright and licenses for their protection. At the state level, legal protection is regulated by state and departmental acts.

The main directions of the development of Russian legislation in order to protect the information of the internal affairs bodies should be attributed to:

Legislative consolidation of the mechanism for classifying information infrastructure objects of internal affairs bodies as critical and ensuring their information security, including the development and adoption of requirements for hardware and software used in the information infrastructure of these objects;

Improvement of the legislation on operational-search activity in terms of creating the necessary conditions for carrying out operational-search activities in order to identify, prevent, suppress and disclose computer crimes and crimes in the field of high technology; strengthening control over the collection, storage and use of information about the private life of citizens, information constituting personal, family, official and commercial secrets by the internal affairs bodies; clarification of the composition of operational-search measures;

Strengthening responsibility for crimes in the field of computer information and clarifying the elements of crimes, taking into account the European Convention on Cyber Crime;

Improvement of criminal procedural legislation in order to create conditions for law enforcement agencies, ensuring the organization and implementation of operational and effective crime prevention, carried out using information and telecommunication technologies to obtain the necessary evidence Rastorguev S.P. Fundamentals of information security - Moscow: Academy, 2009.

Organizational and managerial measures are a decisive link in the formation and implementation of comprehensive information protection in the activities of internal affairs bodies.

When processing or storing information, the internal affairs bodies, within the framework of protection against unauthorized access, are recommended to carry out the following organizational measures: identification of confidential information and its documentation in the form of a list of information to be protected; determination of the procedure for establishing the level of authority of the subject of access, as well as the circle of persons to whom this right is granted; establishment and execution of access control rules, i.e. a set of rules governing the access rights of subjects to protected objects; familiarization of the subject of access with the list of protected information and its level of authority, as well as with organizational, administrative and working documentation that defines the requirements and procedure for processing confidential information; receiving from the access object a receipt on non-disclosure of confidential information entrusted to it.

In accordance with the Law of the Russian Federation "On the Police", the competence of the Ministry of Internal Affairs of Russia includes the functions of forming nationwide reference and information funds for operational and forensic accounting. The performance of these functions is carried out by the information and technical units of the services of the Ministry of Internal Affairs of Russia in cooperation with units of the criminal police, public security police, penitentiary institutions, other law enforcement agencies, government agencies and organizations in charge of public safety issues, as well as law enforcement agencies (police) of other states.

Information interaction in the field of combating crime is carried out within the framework of the laws of the Russian Federation "On operational and investigative activities", "On security", "On accounting and accounting activities in law enforcement agencies", the current criminal and criminal procedure legislation, international agreements of the Ministry of Internal Affairs of Russia in the sphere of information exchange, Regulations on the Ministry of Internal Affairs of Russia, orders of the Minister of Internal Affairs of Russia.

Research has shown that the conceptual provisions for ensuring information security of law enforcement agencies should include requirements for the transition to a unified legal framework governing the use of information in the fight against crime. At the same time, in the system of the Ministry of Internal Affairs, instead of a large group of departmental acts, it is proposed to introduce three groups of normative legal documents on information support: sectoral, general use; sectoral, along the lines of services; regulatory and legal documentation of the local level of government on local applied problems of information support of the territorial body of internal affairs.

2. The concept and goals of conducting special checks of objects of informatization; the main stages of the audit

The object of informatization is a set of informatization means together with the premises in which they are installed, intended for processing and transferring protected information, as well as dedicated premises Partyka T.L., Popov I.I.Information security - M .: Forum, 2012.

Informatization means - means of computer technology and communication, office equipment intended for collecting, accumulating, storing, searching, processing data and issuing information to the consumer.

Computer facilities - electronic computers and complexes, personal electronic computers, including software, peripheral equipment, data teleprocessing devices.

Object of computer technology (VT) - a stationary or mobile object, which is a complex of computer technology, designed to perform certain functions of information processing. Computer facilities include automated systems (AS), automated workstations (AWPs), information computing centers (ICCs) and other complexes of computer technology.

The objects of computing technology can also include individual means of computing technology that perform independent functions of information processing.

Allocated room (VP) - a special room designed for meetings, conferences, conversations and other events of a speech nature on secret or confidential issues.

Activities of a speech nature can be carried out in dedicated rooms with the use of technical means of processing speech information (TSOI) and without them.

Information processing technical means (ICT) is a technical means intended for receiving, storing, searching, transforming, displaying and / or transmitting information through communication channels.

The ICT includes computer facilities, communication facilities and systems for recording, amplifying and reproducing sound, intercom and television devices, means for making and reproducing documents, cinema projection equipment and other technical means associated with receiving, accumulating, storing, searching, transforming, displaying and / or transmission of information via communication channels.

Automated system (AC) - a set of software and hardware designed to automate various processes associated with human activities. In this case, a person is a link in the system.

A special check is a check of a technical means of information processing carried out with the aim of finding and removing special electronic embedded devices (hardware tabs).

Certificate of a protected object - a document issued by a certification body or other specially authorized body confirming the existence of necessary and sufficient conditions at the protected object to fulfill the established requirements and standards of information protection efficiency.

Allocated premises certificate - a document issued by an attestation (certification) body or other specially authorized body, confirming the existence of the necessary conditions to ensure reliable acoustic protection of the allocated premises in accordance with the established rules and regulations.

A prescription for operation is a document containing requirements for ensuring the security of a technical means of information processing during its operation.

The certification test program is a mandatory organizational and methodological document that establishes the object and objectives of the test, the types, sequence and scope of experiments conducted, the procedure, conditions, place and timing of tests, provision and reporting on them, as well as responsibility for ensuring and conducting tests.

A certification test procedure is a mandatory organizational methodological document that includes a test method, test means and conditions, sampling, and an algorithm for performing operations. By determining one or several interrelated characteristics of the security of the object of the form of data presentation and assessment of the accuracy, reliability of the results.

Certification test report - a document containing the necessary information about the test object, the methods used, means and test conditions, as well as a conclusion on the test results, drawn up in the prescribed manner.

Basic technical means and systems (OTSS) - technical means and systems, as well as their communications, used for processing, storage and transmission of confidential (secret) information.

OTSS may include means and systems of informatization (means of computer technology, automated systems of various levels and purposes based on computer technology, including information and computing complexes, networks and systems, means and systems for communication and data transmission), technical means of receiving, transmission and processing of information (telephony, sound recording, sound amplification, sound reproduction, intercom and television devices, means of production, duplication of documents and other technical means of processing speech, graphic video, semantic and alphanumeric information) used for processing confidential (secret) information.

Auxiliary technical means and systems (ATSS) - technical means and systems not intended for transmission, processing and storage of confidential information, installed together with OTSS or in dedicated premises.

These include:

Various types of telephone facilities and systems;

Means and systems for data transmission in a radio communication system;

Security and fire alarm systems and equipment;

Means and systems of warning and signaling;

Control and measuring equipment;

Air conditioning facilities and systems;

Means and systems of a wired radio broadcasting network and reception of radio broadcasting and television programs (subscriber loudspeakers, radio broadcasting systems, televisions and radio receivers, etc.);

Means of electronic office equipment Velichko M.Yu. Information security in the activities of internal affairs bodies. - M .: Publishing house INION RAN, 2007.

Based on the results of certification tests in various areas and components, test reports are drawn up. On the basis of the protocols, a Conclusion is adopted based on the results of certification with a brief assessment of the compliance of the informatization object with information security requirements, a conclusion about the possibility of issuing a "Certificate of Compliance" and the necessary recommendations. If the object of informatization complies with the established requirements for information security, a Certificate of Conformity is issued for it.

Re-certification of the object of informatization is carried out in the case when changes were made at the recently certified object. These changes may include:

Changing the location of OTSS or VTSS;

Replacement of OTSS or VTSS with others;

Replacement of technical means of information protection;

Changes in the installation and laying of low-current and salt cable lines;

Unauthorized opening of sealed OTSS or VTSS cases;

Repair and construction works in dedicated premises, etc. Partyka T.L., Popov I.I.Information security - M .: Forum, 2012.

If it is necessary to re-certification of an informatization object, re-certification is carried out, according to a simplified program. Simplifications are that only the elements that have undergone changes are tested.

3. Hardware and software-hardware means of data encryption

Any computer system (CS) uses standard and specialized equipment and software that performs a certain set of functions: user authentication, differentiation of access to information, ensuring the integrity of information and its protection from destruction, encryption and electronic digital signature, etc. information security crypto protection

Integrity and restriction of access to information is ensured by specialized system components using cryptographic protection methods. In order for a computer system to be fully trusted, it must be certified, namely:

- define the set of functions performed;

- to prove the finiteness of this set;

- to determine the properties of all functions Gafner V.V. Information security - Rostov on Don: Phoenix, 2010.

Note that during the operation of the system, it is impossible for a new function to appear in it, including as a result of performing any combination of functions specified during development. Here we will not dwell on the specific composition of functions, since they are listed in the corresponding guidance documents of the Federal Agency for Government Communications and Information (FAPSI) and the State Technical Commission (SCC) of Russia.

When using the system, its functionality should not be violated, in other words, it is necessary to ensure the integrity of the system at the time of its launch and during its operation.

The reliability of information protection in a computer system is determined by:

- a specific list and properties of the functions of the COP;

- methods used in the functions of the CS;

- the way to implement the functions of the COP.

The list of functions used corresponds to the security class assigned by the KC during the certification process, and, in principle, is the same for systems of the same class. Therefore, when considering a specific CS, attention should be paid to the methods used and the way of implementing the most important functions: authentication and system integrity check. Here, preference should be given to cryptographic methods: encryption (GOST 28147-89), electronic digital signature (GOST 34.10-94) and hashing function (GOST 34.11-94), the reliability of which has been confirmed by the relevant government organizations.

Most of the functions of modern CS are implemented in the form of programs, maintaining the integrity of which at system startup and especially during operation is a difficult task. A significant number of users, to one degree or another, have knowledge of programming, are aware of errors in the construction of operating systems. Therefore, there is a fairly high probability that they will use their existing knowledge to "attack" software.

First of all, encryption devices of the pre-computer era should be attributed to hardware cryptographic information security tools to preserve historical justice. This is Aeneas's tablet, Alberti's encryption disk, and, finally, disk encryption machines. The most prominent representative of disk encryption machines was the Enigma encoder from the Second World War. Modern cryptographic protection tools cannot be strictly classified as hardware, it would be more correct to call them hardware-software, however, since their software part is not controlled by the OS, in the literature they are often called hardware. The main feature of hardware cryptographic information protection tools is the hardware implementation (through the creation and use of specialized processors) of the main cryptographic functions - cryptographic transformations, key management, cryptographic protocols, etc.

Hardware and software for cryptographic information protection combine the flexibility of a software solution with the reliability of a hardware solution Velichko M.Yu. Information security in the activities of internal affairs bodies. - M .: Publishing house INION RAN, 2007. At the same time, due to the flexible software shell, you can quickly change the user interface, the final functions of the product, and make its final settings; and the hardware component makes it possible to protect the algorithm of the cryptographic primitive from modification, to ensure high security of the key material and often a higher speed of operation.

Here are some examples of hardware-software cryptographic information protection tools:

The use of hardware removes the problem of ensuring the integrity of the system. Most modern tamper protection systems use firmware flashing in ROM or a similar microcircuit. Thus, in order to make changes to the software, it is necessary to access the corresponding board and replace the microcircuit. In the case of using a universal processor, the implementation of such actions will require the use of special equipment, which will further complicate the attack. The use of a specialized processor with the implementation of the operation algorithm in the form of an integrated microcircuit completely removes the problem of violation of the integrity of this algorithm.

In practice, the functions of user authentication, integrity checks, and cryptographic functions that form the core of the security system are often implemented in hardware, while all other functions are implemented in software.

Conclusion

Threat - a set of conditions and factors that create a potential or real threat of violation of confidentiality, availability and (or) integrity of information.

If we talk about threats of an information and technical nature, we can highlight such elements as theft of information, malware, hacker attacks, SPAM, employee negligence, hardware and software failures, financial fraud, and theft of equipment.

According to statistics for these threats, the following data can be cited (based on research conducted in Russia by InfoWath): Information theft - 64%, Malicious software - 60%, Hacker attacks - 48%, Spam - 45%, Employee negligence - 43 %, Hardware and software failures - 21%, Theft of equipment - 6%, Financial fraud - 5%.

As you can see from the above data, theft of information and malware is the most common.

Knowledge of the main methods of committing and preventing computer crimes, methods of combating computer viruses, as well as modern methods of protecting information is necessary to develop a set of measures to ensure the protection of automated information systems of internal affairs bodies.

All this will help to increase the efficiency of the internal affairs bodies as a whole.

Listliterature

1. Velichko M.Yu. Information security in the activities of internal affairs bodies. - M .: Publishing house of INION RAN, 2007 .-- 130 p.

2. Gafner V. V. Information security - Rostov on Don: Phoenix, 2010 - 336 p.

3. Gorokhov PK Information security. - M .: Radio and communication, 2012 - 224 p.

4. Comprehensive technical control of the effectiveness of security measures of control systems in the internal affairs bodies // Ed. Chekalina A. - M .: Hot Line - Telecom, 2006 - 528 p.

5. Partyka T. L., Popov I. I. Information security - M .: Forum, 2012 - 432 p.

6. Rastorguev SP Fundamentals of information security - Moscow: Academy, 2009 - 192 p.

7. Smirnov A. A. Ensuring information security in the context of the virtualization of society. - M .: Unity-Dana, 2012 - 160 p.

8. Teplyakov AA, Orlov AV Fundamentals of security and reliability of information systems - Minsk: Academy of Management under the President of the Republic of Belarus, 2010 - 310 p.

Posted on Allbest.ru

...

Information security in the national security system: nature, essence, place in the categorical apparatus of the general theory of law

Modern realities require a new approach to issues of ensuring national security, in which information security is beginning to play an increasingly important role. Such trends have been developing since the 80s of the last century and are caused by scientific and technological progress in the field of information technology, global telecommunication systems, and communications.

The basic concepts in the field of information security include: "information", "information sphere" and "information security" 1.

Here are just two approaches to defining the concept of "information". The first approach boils down to the following. In the philosophical literature, “information” is revealed as “one of the most general concepts of science, denoting some information, a set of any data, knowledge, etc.” 2. At the same time, it is noted that the very concept of "information" usually presupposes the presence of at least three objects: a source of information, a consumer of information and a transmission medium.

Information cannot be transmitted, received or stored in its pure form. The information carrier is the message. It follows that the concept of "information" includes two main elements: information and messages. The whole set of information accumulated by a person can be presented in the form of a certain "knowledge base", which contains images that arise as a result of awareness of received messages, feelings caused by these images, emotional and pragmatic assessments of these images. Certain associative relationships can be established between the objects of the "base". The totality of images, sensations, assessments that persist in a person with established associative relationships between them forms knowledge4.

The amount of information available to a person in the form of information can be measured by the amount of accumulated sensations, images, assessments and associative relationships between them. The more of these sensations, images and assessments, the more information a person has. Accordingly, the amount of information that comes to a person through a message can be measured by the number of new objects of the “base” (sensations, images, assessments, relationships between the elements of the “base”) that appear as a result of understanding the message.

The value of information, manifested in the form of information, is determined by the subjective importance of the task for the solution of which this information can be used, as well as by the influence that the information had on the solution of the problem. This influence can be expressed in a change in the conceptual model of the problem, the priorities between the possible options for its solution, in the assessment of the feasibility of solving the problem in general.

Information that comes to a person in the form of information has a number of properties: ideality - existence only in the person's consciousness and, as a result, the impossibility of perception by the senses; subjectivity - the dependence of the amount and value of information on the information model of the subject receiving the information; informational iewiichtozhalyusty - the impossibility of destroying information by other information obtained by a person; dynamism - the ability to change the value of existing information and knowledge under the influence of time and other incoming information; and the accumulation of peaks - the possibility of practically unlimited accumulation of information in the information model of a person5.

The ability to receive, accumulate and use information in the form of information to support life is a property of all living objects, however, the volume and content of the functions performed with their use for different classes of these objects differ significantly. So, we can assume that only a person performs the function of goal-setting.

The concept of "message" is often defined as "a coded equivalent of an event, recorded by a source of information and expressed using a sequence of conventional physical symbols (alphabet) that form a certain ordered set."

From the point of view of interest to us, messages are used primarily to convey information to other people and constitute the essence of the representative side of information or its representative form. Information in the form of a message appears as a realization of a person's ability to describe information in a certain language, which is a set of vocabulary and grammar.

A person, forming a message, selects a part of his information model that he wants to convey, establishes a relationship between its elements and concepts known to him. With the help of language in a certain alphabet, he encodes concepts, resulting in a systematized set of signs that can be transmitted to other people, that is, the content side of information is objectified and the corresponding information becomes available for perception by the senses, as it were "

Perceiving a message, a person establishes relations between the set of letters and signs that make up it and the concepts known to him, and then - images, sensations, assessments, associative relationships, that is, transforms the representative form of information into its meaningful form7 "

Based on this, a message can be represented as a set of a set of transmitted information and the order (algorithms) of their encoding into a set of message characters and decoding into information. Without an encoding algorithm, the message becomes just a set of characters.

A person as a source of information can exchange messages with a technical system only if it contains a certain algorithm for decoding the transmitted set of characters, their subsequent processing, as well as an encoding algorithm for transmitting a response message to a human consumer.

The transformation of information from information into messages and from messages into information constitutes the essence of the general law of information circulation.

Information in the form of a message has a number of properties, which include: materiality - the ability to influence the senses; measurability - the ability to quantify the parameters of the message (the number of characters that make up the message); complexity - the presence of a set of characters and algorithms for their encoding and decoding; problem orientation - the content of information related to one of the tasks of human activity8. Information in the form of messages is most often examined from a technical, semantic and pragmatic point of view. From a technical point of view, messages are of interest as an object of transmission over communication channels. At the same time, the issues of reliability, stability, efficiency, range, noise immunity of message transmission, in some cases - transmission secrecy, as well as principles and methods of designing message transmission systems, their means of protecting them from unauthorized access are studied.

Computer and telecommunications crime

The development of information and telecommunication technologies has led to the fact that modern society is highly dependent on the management of various processes through computer technology, electronic processing, storage, access and transmission of information. According to the Bureau of Special Technical Measures (BSTM) of the Ministry of Internal Affairs of Russia, more than 14 thousand crimes related to high technologies were recorded in Russia last year, which is slightly higher than the year before last. The structure of cyber crime also did not undergo major changes: it was mainly associated with illegal access to computer information. An analysis of the current situation shows that about 16% of cybercriminals operating in the "computer" area of crime are young people under the age of 18, 58% - from 18 to 25 years old, and about 70% of them have higher or incomplete higher education ... Research conducted by the Computer Crime Research Center showed that 33% of cybercriminals were under 20 years old at the time of the crime; 54% - from 20 to 40 years old; 13% were over 40 years old. Crimes related to illegal access to computers are 5 times more likely to be committed by males. Most of the subjects of such crimes have higher or incomplete higher technical education (53.7%), as well as other higher or incomplete higher education (19.2%). But recently, the proportion of women among them has been constantly increasing. This is due to the vocational guidance of some specialties and jobs aimed at women (secretary, accountant, economist, manager, cashier, controller, etc.), equipped with computers and having access to the Internet1.

Research has shown that 52% of identified offenders have had specialized training in information technology; 97% were employees of government agencies and organizations using computers and information technology in their daily activities; 30% of them were directly related to the operation of computer equipment.

According to Russian law, acts provided for in Article 272 of the Criminal Code are punishable by a fine in the amount of two hundred to five hundred times the minimum wage; or in the amount of wages; or any other income of the convicted person for a period of two to five months; or correctional labor for a period from six months to one year; or imprisonment for up to two years. The same act, with aggravating consequences, is punishable by restraint of liberty for a term of up to five years. According to unofficial expert estimates, out of 100% of criminal cases initiated, about 30% go to court, and only 10-15% of the defendants serve their sentences in prison. Most cases are re-qualified or terminated due to insufficient evidence. The real state of affairs in the CIS countries is a question from the realm of fantasy. Computer crimes are considered high latency crimes. Latency is a sign that reflects the existence in the country of that real situation when a certain part of crime remains unaccounted for. In all states, actual crime exceeds the number of crimes registered by 59 law enforcement agencies. In this regard, practice shows that information based on statistical display is distorted and does not always correspond to reality. Latent (hidden) crime, the so-called "dark figure" of crime, remains outside the boundaries of accounting. The presence of latent crime can cause serious, far-reaching negative consequences. The main reasons for the artificial latency of computer crime, first of all, include the unwillingness of the injured party (enterprises, institutions, organizations or individual citizens) to report to law enforcement agencies about criminal encroachments on their computer systems3.

Given the still weak judicial practice in cases of computer crimes, one can only guess about the level of special training of the majority of judges, who, being good lawyers, are poorly versed in the intricacies of information technology and for whom, for example, a computer system or computer information is something incomprehensible and distant. Evidence related to computer crimes and seized from the scene can be easily changed both as a result of errors during their seizure, and in the process of the investigation itself. The presentation of such evidence in a judicial proceeding requires special knowledge and appropriate training. Of course, both the prosecution and the defense must have special knowledge.

The most punishable composition of computer crimes is Art, 272 of the Criminal Code of the Russian Federation. As an example, we will cite the case of the St. Petersburg international criminal group that hacked the websites of Western bookmakers and demanded significant sums from their owners to stop attacks. The suspects managed to get hundreds of thousands of dollars in this way. In parallel with the St. Petersburg operatives, a number of arrests of hackers were carried out by the internal affairs bodies of Saratov and Stavropol. The alleged criminals with "colleagues" abroad followed the same pattern. Shortly before the start of important sporting events, when the bookmaker's offices were most active in accepting bets on wins and losses, "black" computer scientists hacked into the servers. The greatest losses were incurred by British companies, their sites were idle offline from several hours to several days. Then system administrators received letters demanding to transfer certain amounts to hackers - up to $ 40,000 in exchange for stopping the attacks. English bookmakers contacted Interpol. The first 10 malefactors were detained in Riga. Further, through their testimony and with the help of financial structures participating in the transfer of money, it was possible to detain the Russian members of the group. Law enforcement agencies of Russia, Great Britain, Australia, USA, Canada and the Baltic republics took part in a joint operation to develop an organized criminal group.

Not so long ago in Moscow, employees of the "K" Department of the Ministry of Internal Affairs of Russia completely suppressed the activities of a large organized criminal group, which for several years was engaged in the manufacture and sale of special technical devices designed to secretly obtain information from technical telecommunication channels, including computer information circulating in computer system.

The main problem is not that the Criminal Code of the Russian Federation is flawed, but that more often the defense turns out to be more prepared than the accusation, that the law enforcement agencies at the initial stage of the investigation, while inspecting the scene of the incident, still make many investigative mistakes, information and, ultimately, the criminal case, without reaching the court, simply "crumbles".

There are very few trials in criminal cases related to computer crimes, as a result of which there is no court practice yet, therefore judges do not have the necessary training. But this is yesterday and while today, tomorrow the situation will change.

State legal regulation in the field of combating computer crimes

An important area of ensuring information security is the determination of the system of bodies and officials responsible for ensuring information security in the country. The basis for the creation of a state system of organizational law in ensuring the protection of information is the currently created state system for the protection of information, which is understood as a set of federal and other governing bodies and interrelated legal, organizational and technical measures carried out at various levels of management and implementation of information relations. and aimed at ensuring the security of information resources.

The interests of the state in the information sphere are to create conditions for the harmonious development of the Russian information infrastructure, for the implementation of constitutional rights and freedoms of man and citizen in the field of obtaining information and using it in order to ensure the inviolability of the constitutional order, sovereignty and territorial integrity of Russia, political, economic and social stability, in the unconditional provision of law and order, the development of equal and mutually beneficial one international cooperation.

The main body coordinating the actions of state structures on information protection issues is the Interdepartmental

97 Commission for the Protection of State Secrets, established by Decree of the President of the Russian Federation of November 8, 1995 No. 11082. It operates within the framework of the State System for the Protection of Information from Leakage through Technical Channels, the Regulation on which was put into effect by the Decree of the Government of the Russian Federation of September 15, 1993 . No. 912-513. This Resolution defines the structure, tasks and functions, as well as the organization of work on the protection of information in relation to information constituting a state secret.The main task of the State Information Protection System is to conduct a unified technical policy, organize and coordinate work on the protection of information in defense, economic, political , scientific and technical and other spheres of the country's activity.

The general organization and coordination of work in the country on the protection of information processed by technical means is carried out by the Federal Service for Technical and Export Control (FSTEC of Russia), which is the federal executive body that implements state policy, organizes interdepartmental coordination and interaction, special and control functions in the field of state security on the following issues in the field of information security:. ensuring the security of information in the systems of information and telecommunications infrastructure, which have a significant impact on the security of the state in the information sphere; # counteraction to foreign technical intelligence services on the territory of the Russian Federation; ensuring the protection (by non-cryptographic methods) of information containing information constituting a state secret, other information with limited access, preventing its leakage through 98 technical channels, unauthorized access to it, special influences on information (information carriers) in order to obtain, destroy, distort and blocking access to it on the territory of the Russian Federation; information protection during the development, production, operation and disposal of non-information emitting complexes, systems and devices. The main tasks in the field of information security for FSTEC of Russia are: implementation, within its competence, of the state policy in the field of information security in key information infrastructure systems, countering technical intelligence and technical protection of information; implementation of state scientific and technical policy in the field of information protection in the development, production, operation and disposal of non-information emitting complexes, systems and devices; - organization of the activities of the state system for countering technical intelligence and technical protection of information at the federal, interregional, regional, sectoral and facility levels, as well as management of the specified state system; implementation of independent legal regulation of issues: ensuring the security of information in key systems of information infrastructure; countering technical intelligence; technical protection of information; placement and use of foreign technical means of observation and control during the implementation of international treaties of the Russian Federation, other programs and projects on the territory of the Russian Federation, on the continental shelf and in the exclusive economic zone of the Russian Federation; coordination of the activities of 99 public authorities on the preparation of detailed lists of information to be classified, as well as methodological guidance of this activity; ensuring, within its competence, information security in key systems of information infrastructure, countering technical intelligence and technical protection of information in the offices of federal state authorities and state authorities of the constituent entities of the Russian Federation, in federal executive authorities, executive authorities of the constituent entities of the Russian Federation, local governments and organizations ; prosthetics of the development of forces, means and capabilities of technical intelligence, identification of yjpo: s information security; counteraction to the extraction of information by technical means of reconnaissance, technical protection of information;

Improving the legal framework for the protection of information of internal affairs bodies

Legal protection of information as a resource is recognized at the international, state level and is determined by interstate treaties, conventions, declarations and is implemented by patents, copyright and licenses for their protection. At the state level, legal protection is regulated by state and departmental acts.

In our country, such rules (acts, norms) are the Constitution and laws of the Russian Federation, civil, administrative, criminal law, set out in the relevant codes.

For failure to provide information to citizens, the chambers of the Federal Assembly of the Russian Federation and the Accounts Chamber of the Russian Federation (Articles 140 and 287), as well as for hiding information about circumstances that pose a threat to the life or health of people (Article 237), the Criminal Code of the Russian Federation provides for liability24.

Responsibility in the current legislation is stipulated in the event of unlawful classification, violation of the requirements for the composition of the information provided, non-publication of information, violation of the right of citizens to receive information free of charge, concealment (non-provision) of information about circumstances that pose a threat to life or health of people, untimely provision of information, concealment of information , communication of false (unreliable) information, restriction of the right to provide information, distortion of information, violation of free international information exchange25.

Protection of the right to access information can be carried out: in a form outside the jurisdiction (self-defense of one's rights and legitimate interests); in a jurisdictional form (in an administrative or judicial procedure), In an administrative procedure - through the filing of a complaint by a person whose rights have been violated against an official (body) to a higher instance, a special body - the Judicial Chamber for Information Disputes under the President of the Russian Federation. In court - a person can choose any method of protecting violated rights through filing a claim (complaint) for consideration in civil, administrative or criminal proceedings.

When considering a claim in civil proceedings, the victim has the right to use the main methods of protecting civil rights provided for in Art. 12 of the Civil Code of the Russian Federation, including to require: recognition of rights; cessation of actions that violate the right or create a threat of its violation; invalidation of an act of a state body or local self-government body; restoration of rights; compensation for losses; compensation for moral damage.

Cases of possible administrative liability in violation of the right to access objective information are quite numerous. Thus, the Code of Administrative Offenses of the Russian Federation27 provides for administrative liability for: violation of the right of citizens to familiarize themselves with the voter list (Article 5L); production or distribution of anonymous campaign materials (Art, 5.12); deliberate destruction, damage of propaganda printed materials (Article 5L4); lsubmission or non-publication of reports on the expenditure of funds for the preparation and conduct of elections (referendum) (Article 5.17); failure to provide or non-publication of information on voting results or election results (Article 5.25); failure to comply with the obligation to register operations with harmful substances and mixtures in the ship's documents (Article 8.16); manufacturing or operation of technical equipment that does not meet state standards or norms for permissible levels of radio interference (Article 13.8); failure to provide information to the federal antimonopoly authority (Art. 19.8); failure to provide information for drawing up the lists of jurors (Art, 17.6); failure to comply with the legal requirements of the prosecutor (including the provision of information) (Art. 17.7); failure to report information about citizens who are or are obliged to be on the military register (Article 21.4): - violation of the procedure and terms for providing information about minors in need of foster care (Article 536); violation of the procedure for providing a legal copy of documents (Article 13.23); refusal to provide information to a citizen (Article 5.39); abuse of freedom of the media (Art, 13.15); obstruction of the distribution of mass media products (Article 13.16); obstruction of the reception of radio and television programs (Article 13.18); violation of the rules for the distribution of mandatory messages (Art. 13.17).

Criminal liability] a guest in this area is provided for in the Criminal Code of the Russian Federation28 in the following articles: 140 (refusal to provide information to a citizen), 237 (concealment of information about circumstances that pose a threat to the life or health of people), 287 (refusal to provide information to the Federal Assembly of the Russian Federation or the Accounts Chamber of the Russian Federation).

Taking into account the established practice of ensuring information security, the following areas of information protection are distinguished: legal - these are special laws, other regulations, rules, procedures and measures that ensure the protection of information on a legal basis; organizational - this is the regulation of production activities and the relationship of performers on a legal basis, excluding or weakening the infliction of any damage to performers; engineering and technical is the use of various technical means that prevent damage to commercial activities-9.

240 RUB | UAH 75 | $ 3.75 ", MOUSEOFF, FGCOLOR," #FFFFCC ", BGCOLOR," # 393939 ");" onMouseOut = "return nd ();"> Abstract - 240 rubles, delivery 1-3 hours, from 10-19 (Moscow time), except Sunday

Fisun Yulia Alexandrovna. State and legal foundations of information security in the internal affairs bodies: Dis. ... Cand. jurid. Sciences: 12.00.02: Moscow, 2001 213 p. RSL OD, 61: 01-12 / 635-2

Introduction

Chapter I. The concept and legal basis of information security . 14

1. Concept and essence of information security 14

2. The main directions of the state's activities to ensure information security 35

3. The main directions of the formation of legislation in the field of information security 55

Chapter II. Organizational foundations of information security in internal affairs bodies 89

1. Organization of activities of internal affairs bodies to ensure information security 89

2. Forms and methods of ensuring information security in the internal affairs bodies

Conclusion 161

References 166

Applications 192

Introduction to work

Relevance of the research topic. The informatization of the law enforcement sphere, based on the rapid development of information systems, is accompanied by a significant increase in attacks on information both by foreign states and by criminal structures and citizens. One of the features of the informatization process is the formation and use of information resources with the appropriate properties of reliability, timeliness, relevance, among which their safety is of great importance. This, in turn, presupposes the development of secure information technologies, which should proceed from the priority nature of solving information security problems. It should be noted that the lag in solving these problems can significantly reduce the pace of informatization of the law enforcement sphere.

Thus, one of the primary tasks facing the internal affairs bodies is to resolve the contradictions between the actual and necessary quality of protection of their information interests (needs), i.e., ensuring their information security.

The problem of ensuring information security in the internal affairs bodies is inextricably linked with the activities of the state in the information sphere, including the sphere of information security. Over the last period, a large number of regulatory legal acts on information legislation have been adopted. Only a few of them relate to the field of information security and at the same time relate only to general provisions for ensuring security (for example, the RF Law "On Security"). The very definition of "information security" first appeared in the Federal Law "On Participation in International Information Exchange". Information protection is also referred to in the Federal Law "On Information, Informatization and Information Protection", but without defining the concept of information protection. Due to the lack of concepts of types of information, it is not entirely clear what information should be protected.

The new version of the Concept of National Security, the priority task of which is not only the solution of state security issues, but also its components, is focused primarily on the fight against terrorism. Unfortunately, issues related to information security only affect threats in the information sphere. Nothing is said at all about the role of the Ministry of Internal Affairs as a subject of security.

The relevance of the chosen topic is emphasized by the act of adopting the Doctrine of Information Security of the Russian Federation (RF), which for the first time introduced the definition of information security of the Russian Federation, threats to information security, methods of ensuring information security of the Russian Federation, etc.

As for the issues of information security in the internal affairs bodies, in the legal literature they are mainly reduced to general provisions: the threats to security are listed and some methods of ensuring it that are characteristic of the entire law enforcement sphere are named. The organizational and legal aspects of ensuring the information security of the internal affairs bodies within the framework of the proposed concept of information security are considered incompletely.

Taking into account the above, it is proposed to introduce the concept of information security of internal affairs bodies. Information security of internal affairs bodies is a state of protection of the information environment corresponding to the interests of internal affairs bodies, in which their formation, use and development opportunities are ensured regardless of the impact of internal and external information threats. At the same time, taking into account the well-known definitions of a threat, an information threat will be understood as a set of conditions and factors that create a threat to the information environment and the interests of the internal affairs bodies.

Thus, the relevance of the legal regulation of information security in the activities of the internal affairs bodies is beyond doubt. To achieve the proper level of normative and legal support for information security, it is required to determine its subject areas, to regulate relations between the subjects of support, taking into account the characteristics of the main objects of information security. Therefore, according to the dissertation candidate, it is necessary to conduct a comprehensive study of not only the legal regulation of information security at the level of ministries and departments, but also a study of the state and development of the regulatory legal framework in the field of information security.

The degree of elaboration of the research topic. The author's analysis of the research results of scientists allows us to state that the problems of legal regulation of information relations, ensuring information security and its components are relevant for legal science and practice and require further development. " the field of information security, information security, which presupposes its protection against theft, loss, unauthorized access, copying, modification, blocking, etc., considered within the framework of the legal institution of secrecy being formed. A. B. Agapov, V. I. Bulavin, Yu. M. Baturin, S. A. Volkov, V. A. Gerasimenko, V. Yu. Gaikovich, I. N. Glebov, G. V. Grachev, S. N. Grinyaev, G. V. Emelyanov, V. A. Kopylov, A. P. Kurilo, V. N. Lopatin, A. A. Malyuk, A. S. Prudnikov, S. V. Rybak, A. A. Streltsov, A. A. Fatyanov, A. P. Fisun, V. D. Tsigankov, D. S. Chereshkin, A. A. Shiversky and others1.

In the course of the dissertation research, the latest achievements of natural, socio-economic and technical sciences, historical and modern experience in ensuring information security of an individual, society and state were widely used; materials of various scientific periodicals, scientific, scientific and practical conferences and seminars, works of scientists in the field of the theory of law and state, monographic studies in the field of law, information legislation, comprehensive information protection and information security.

Object and subject of research. The object of the research is the current and emerging system of public relations that have developed in the information sphere and the sphere of information security.

The subject of the research is international legal acts, the content of the Constitution of the Russian Federation, the norms of domestic legislation regulating relations in the field of ensuring information security of the individual, society and the state, as well as the content of legal norms regulating the activities of internal affairs bodies to ensure information security.

Goals and objectives of the study. Based on the analysis and systematization of the current legislation in the information sphere, information security, the dissertation student developed the foundations and introduced scientific and methodological recommendations on the use of legal and organizational tools for ensuring information security both in the activities of the internal affairs bodies and in the educational process.

Within the framework of achieving this goal, the following theoretical and scientific-practical tasks were set and solved: basic concepts, types, content of information as an object of ensuring information security and legal relations were analyzed and refined;

2) systematized the existing directions and proposals for the formation of the legal and organizational foundations of information security, identified and clarified the directions for improving the legal framework in the field of information security, including in the internal affairs bodies;

3) normative legal acts have been systematized and the structure of the current legislation in the information sphere has been formed;

4) the content of the organizational foundations of the activities of the internal affairs bodies to ensure information security has been determined;

5) identified the organizational and legal aspects of the information security system and its structure in the activities of the internal affairs bodies;

6) analyzed and selected the forms and methods of ensuring information security in the internal affairs bodies within the framework of the legal regulation of their application and development.

The methodological basis of the dissertation research is formed by general philosophical methods and principles of materialist dialectics; general scientific methods of comparison, generalization, induction; private scientific methods: system-structural, system-activity, formal-legal, comparative-legal and other research methods.

The normative base of the study is the Constitution of the Russian Federation, normative legal acts of the Russian Federation, including international legislation, norms of various branches of law, departmental regulations.

The scientific novelty of dissertation research is:

In the study of the problem of the development of the legal and organizational foundations for ensuring information security in the internal affairs bodies from the standpoint of the advanced development of the needs of practice and the formation of the information sphere in the context of the widespread introduction of new information technologies and the increase in information threats;

Comprehension of the place and role of constitutional law in the life of Russian society, as well as the further prospects for its development, within the framework of the state policy of ensuring information security;

Clarification of the system of state legislation in the field of information security;

Implementation of the systematization of regulatory legal acts in the field of information security and the formation of the structure of legislation in the field of information security of the individual, society, state, including internal affairs bodies;

Development of proposals for improving legislation in the field of information security;

Development of organizational and legal components of the information security system in the internal affairs bodies;

Development of scientific and methodological recommendations on the use of legal and organizational training tools for information security in internal affairs bodies and in the educational process when training specialists on the legal basis of information security.

The main provisions for the defense:

1. Definition of the conceptual apparatus on the legal basis of the current legislation in the field of information security, including the concept of information security, which makes it possible to form an idea of information as an object of ensuring information security and legal relations, as well as to formulate security threats.

Information security of internal affairs bodies is a state of security of the information environment, corresponding to the interests of internal affairs bodies, in which their formation, use and development opportunities are ensured, regardless of the impact of internal and external threats.

2. The problem of ensuring information security at the state level presupposes a deeper theoretical and practical understanding of the place and role of constitutional law in the life of Russian society, as well as the further prospects for its development in the following areas:

Improvement of the constitutional legislation "On state states and regimes", in particular in the field of information security, and on this basis the improvement of the legislation of the constituent entities of the Russian Federation in this area;

Priority implementation of the constitutional rights of citizens in the information sphere;

Implementation of a unified state policy in the field of information security, which ensures an optimal balance of interests of subjects in the information sphere and eliminates gaps in constitutional legislation.

3. Proposals to clarify the main directions of the state's activities on the formation of legislation in the information sphere, including the sphere of information security, which are ways to improve the regulatory framework of information legislation and allow to determine the legal basis for the activities of internal affairs bodies in the field of information security. They proceed from the totality of balanced interests of the individual, society and the state in the field of economics, social, internal political, international, informational and other spheres. The following areas are highlighted as priorities:

Compliance with the interests of the individual in the information sphere;

Improvement of legal mechanisms for regulating public relations in the information sphere;

Protection of national spiritual values, moral norms and public morality.

4. It is proposed to improve the structure of legislation in the field of information security, which is a system of interrelated elements, including a set of normative and departmental acts, allowing to visualize a variety of relations in the information sphere and the sphere of information security, the complexity of their regulation.

5. Organizational and legal components of the information security system in the internal affairs bodies, including the content of the organization of their activities (from the standpoint of its legal regulation), represented by the structure of necessary and interrelated elements and including:

Security entities of the Russian Federation;

Objects of information security of internal affairs bodies;

Organization of the activities of the internal affairs bodies;

Forms, methods and means of ensuring information security.

6. The content of the organization of the activities of internal affairs bodies to ensure information security (from the standpoint of its legal regulation), which is a purposeful continuous process in terms of analysis, development, implementation of legal, organizational, technical and other measures related to the field of information security, and also ensuring the rights and legitimate interests of citizens.

The practical significance of the dissertation research is:

In the use of proposals in the development of new normative acts and the improvement of the current legislation in the information sphere of the activities of state authorities of the constituent entities of the Russian Federation, departments, ministries;

Increasing the efficiency of the activities of internal affairs bodies to ensure information security;

Improving the training of specialists in the system of higher professional education, improving the qualifications of specialists in the field of comprehensive information protection and legal regulation of information security in the interests of various ministries and departments on the basis of developing a variant of educational and methodological support;

Development of scientific and methodological recommendations on the use of legal and organizational training tools for information security in the educational process, allowing to ensure the required level of training of specialists in the legal framework of information security.

Approbation, implementation of research results and publications.

The theoretical provisions, conclusions, proposals and practical recommendations outlined in this study were reported and discussed at the 8th and 9th International conferences at the Academy of Management of the Ministry of Internal Affairs

Russia "Informatization of law enforcement systems" (Moscow, 1999-2000), Interuniversity regional conference "Universal Declaration of Human Rights: Problems of Improving Russian Legislation and Practice of Its Application" at the Academy of Management of the Ministry of Internal Affairs of Russia (Moscow, 1999) , scientific seminar "Problems of federalism in the development of Russian statehood" and the International scientific-practical conference "Law enforcement in transport: results and prospects", held on the basis of the Oryol Law Institute of the Ministry of Internal Affairs of Russia (Orel, 1999). According to the results of the study, eight scientific papers with a total volume of 8 printed sheets were published.

The structure and volume of the thesis are determined by the logic of the research and consist of an introduction, two chapters, a conclusion of a list of references and an appendix.

The concept and essence of information security

An integral part of the subject of science and scientific research, including the developing scientific direction of information protection and legal regulation of information security, is its conceptual apparatus. Naturally, one of the central concepts in this subject area is the concept of "information" 1, which can be attributed to abstract categories and primary concepts. An analysis of the above concept gives an idea of its understanding in the system-wide, philosophical sense (information is a reflection of the material world) And to the narrowest, technocratic and pragmatic sense (information is all information that is an object of storage, transmission and transformation).

In a number of works, information is understood as certain properties of matter perceived by the control system both from the surrounding external material world and from the processes taking place in the system itself. There is a view of the identifying concepts of "information" and "message", in which information is defined as an essential part of the message for the recipient, and the message is defined as a material carrier of information, one of the specific elements of a finite or infinite set, transmitted through the communication channel and perceived at the receiving end of the system communication with some recipient.

You can to some extent refer to the well-known content of the concept of "information", defined by R. Shannon, where information is called the amount of unpredictable contained in a message. Quantity is a measure of the new that a given message brings into the sphere surrounding the recipient.

The Federal Law "On Information, Informatization and Protection of Information" provides a fairly generalized definition of this concept and its derivatives. So, information is presented as information about objects, objects, phenomena, processes, regardless of the form of their presentation. This generic concept of information is also used to form its derivative definitions used in other regulatory legal acts1. Let's consider some of them in more detail.

Documented information (documents) - information recorded on a material carrier with details that allow it to be identified.

Confidential information - documented information, access to which is limited in accordance with the law.

Mass information - printed, audio messages, audiovisual and other messages and materials intended for an unlimited circle of persons.

Information resources - individual documents and individual arrays of documents, documents and arrays of documents in information systems (libraries, archives, funds, databanks, other types of information systems).

Information products (products) - documented information prepared in accordance with the needs of users and intended or used to meet the needs of users.

State secrets - information protected by the state in the field of its military, foreign policy, economic, intelligence, counterintelligence and operational-search activities, the dissemination of which may harm the security of the Russian Federation.

Computer information - information on a machine medium, in a computer, a computer system or their network. "

Article 128 of the Civil Code defines information as an object of civil legal relations. Analyzing information from these positions, it is necessary to pay attention to the aspect related to the legal protection of information as an object of property rights5. This approach to information is explained by the fact that, on the one hand, the historical and traditional object of property rights is a material object, on the other hand, information, not being a material object of the surrounding world, is inextricably linked with a material carrier: it is a human brain or material carriers alienated from a person. (book, diskette, etc.)

Considering information as a reflection of reality by an object of the surrounding world, we can talk about information as an abstract substance that exists by itself, but for us, neither storage nor transmission of information is possible without a material medium. It is known that information, on the one hand, as an object of ownership is copied (replicated) at the expense of a material carrier1, on the other hand, as an object of ownership it easily moves from one to the next subject of ownership without an obvious (noticeable) violation of ownership of information. But the movement of the material object of the property right is inevitable and, as a rule, entails the loss of this object by the original subject of the property right. At the same time, a violation of his property rights is obvious. It should be noted that a violation of this right takes place only in the case of illegal movement of a particular material object1. The danger of copying and moving information is aggravated by the fact that it is usually alienated from the owner, that is, it is stored and processed in the availability of a large number of subjects who are not subjects of ownership of this information. This includes, for example, automated systems, including networks. A complex system of relationships between the subjects of property rights arises, which determines the ways of their implementation, and, consequently, the directions of the formation of a system of legal protection, which ensure the prevention of violations of property rights to information.

After analyzing the features of information as an object of property rights, we can conclude that the rest of the information is no different from traditional objects of property rights. The analysis of the content of information, including as an object of law, made it possible to identify its main types subject to legal protection (Appendix 1): - information classified as a state secret by authorized bodies on the basis of the RF Law "On state secrets"; - Confidential documented information - the owner of information resources or an authorized person on the basis of the Federal Law "On Information, Informatization and Information Protection"; - personal data.

The main directions of the state's activities to ensure information security

The tendencies of constitutional development are such that they focus on the problem of the nature of constitutional legislation. Along with the currently topical issues of the priority of human rights and freedoms of civil society, the government and its organization, the problem of "state regimes and states" - security (information security as an integral part), defense, state of emergency, etc., comes to the fore. one

The need for constitutional regulation of information security is obvious. After all, the information security of an individual is nothing more than the protection of constitutional human rights and freedoms. And one of the directions of state policy in the field of information security is the observance and implementation of constitutional human and civil rights in this area. First, according to the RF Law "On Security", security is achieved by pursuing a unified state policy in the field of security. Obviously, information security is also achieved through the implementation of the state policy in the field of information security in the Russian Federation. The named policy, in turn, determines the main directions of the state's activities in the area under discussion and deserves some attention.

Secondly, the relevance of the study of the main directions of the state's activities in the area under consideration is due to the following: - the need to develop and improve constitutional legislation that provides an optimal combination of priorities of the interests of the individual, departments and the state as a whole within one of the areas of information security; - improving the activities of the state to implement its functions of ensuring the security of all subjects of information relations; - the need of citizens to protect their interests in the information sphere; - the need to form a unified legal field in the field of information relations. The development of state policy in the field of information security is reflected in the consistent development and development of the National Security Concept of the Russian Federation. Its features are the following provisions: - not a single sphere of life of modern society can function without a developed information structure; - the national information resource is currently one of the main sources of economic and military power of the state; - penetrating into all spheres of state activity, information acquires specific political, material and value expressions; - the issues of ensuring the information security of the Russian Federation as an integral element of its national security are becoming more and more urgent, and the protection of information is turning into one of the priority state tasks; - the system of national interests of Russia in the field of economics, social, domestic political, international, information spheres, in the field of military, border and environmental security is determined by the totality of balanced interests of the individual, society and the state; - the state policy of ensuring the information security of the Russian Federation determines the main directions of the activities of the federal bodies of state power and bodies of state power of the constituent entities of the Russian Federation in this area. The Concept also defines the national interests of Russia in the information sphere1, which are aimed at concentrating the efforts of society and the state in solving the following tasks: - observance of constitutional rights and freedoms of citizens in the field of obtaining information and exchanging it; - protection of national spiritual values, promotion of national cultural heritage, morality and public ethics; - ensuring the right of citizens to receive reliable information; - development of modern telecommunication technologies.

The planned activities of the state to implement these tasks will allow the Russian Federation to become one of the centers of world development and the formation of an information society that meets the needs of the individual, society, the state in the information sphere, including their protection from the destructive effects of information to manipulate the mass consciousness, as well as the necessary protection state information resource from the leakage of important political, economic, scientific, technical and military information.

Taking into account the listed provisions, the following principles can be distinguished on which the state policy of ensuring information security of the Russian Federation should be based:

Compliance with the Constitution of the Russian Federation, the legislation of the Russian Federation, generally recognized norms of international law in the implementation of activities to ensure the information security of the country;

Legal equality of all participants in the information interaction process, regardless of their political, social and economic status, based on the constitutional right of citizens to freely search, receive, transfer, produce and disseminate information in any legal way;

Openness, providing for the implementation of the functions of federal bodies of state power and bodies of state power of the constituent entities of the Russian Federation, public associations, including informing the public about their activities, taking into account the restrictions established by the legislation of the Russian Federation;

The priority of the development of domestic modern information and telecommunication technologies, the production of hardware and software that can ensure the improvement of national telecommunication networks, their connection to global information networks in order to comply with the vital interests of the Russian Federation.

Organization of activities of internal affairs bodies to ensure information security

To ensure information security, it is necessary to have appropriate bodies, organizations, departments and ensure their effective functioning. The combination of these bodies constitutes a security system. To identify the features of the organization and activities of internal affairs bodies to ensure information security, we will consider the security system as a whole.

According to the Law of the Russian Federation "On Security", the security system, and therefore information security, is formed by: - legislative, executive and judicial authorities; state, public and other organizations and associations; citizens taking part in ensuring security; - legislation regulating relations in the field of security. The specified law fixes only the organizational structure of the security system. The security system itself is much broader. Its consideration is not possible, since it goes beyond the scope of the dissertation research. Therefore, we will only consider the organizational structure of the security system. The analysis of the current normative legal acts made it possible to single out the following components as subjects of security, representing the organizational structure of the information security system1: - federal government bodies; state authorities of the constituent entities of the Russian Federation; local government bodies solving problems in the field of information security within their competence; - state and interdepartmental commissions and councils specializing in solving information security problems; - structural and intersectoral divisions for the protection of confidential information of state authorities of the Russian Federation, as well as structural divisions of enterprises that carry out work using information classified as state secrets, or specialize in work in the field of information protection; - research, design and engineering organizations performing work to ensure information security; - educational institutions that train and retrain personnel to work in the information security system; - citizens, public and other organizations that have the rights and obligations to ensure information security in the manner prescribed by law;

The main functions of the considered information security system of the Russian Federation are1: - development and implementation of an information security strategy; - creation of conditions for the realization of the rights of citizens and organizations to legally permitted activities in the information sphere; - assessment of the state of information security in the country; identification of sources of internal and external threats to information security; determination of priority directions of prevention, parrying and neutralization of these threats; - coordination and control of the information security system; - organization of the development of federal and departmental programs for information security and coordination of work on their implementation; - pursuing a unified technical policy in the field of information security; - organization of fundamental, search and applied scientific research in the field of information security; - ensuring control over the creation and use of information security means through compulsory licensing of activities in the field of information security and certification of information security means; - implementation of international cooperation in the field of information security, representation of the interests of the Russian Federation in the relevant international organizations.

Analysis of the structure and functions of the information security system, taking into account the existing system of separation of powers, revealed the following: 1) the main purpose of the information security system is to protect the constitutional rights and freedoms of citizens; 2) the state is the main and main subject of information security; 3) the general management of the subjects of information security within the framework of certain powers is carried out by the President of the Russian Federation. Its powers in the field of information security include: - exercising leadership and interaction between government bodies; - control and coordination of the activities of information security bodies; - determination of the vital interests of the Russian Federation in the information sphere; - identification of internal and external threats to these interests; - determination of the main directions of the information security strategy. 4) The Federal Assembly of the Russian Federation forms, on the basis of the Constitution of the Russian Federation, a legislative framework in the field of information security; 5) The Government of the Russian Federation, within the limits of its powers, provides guidance to state bodies for ensuring information security, organizes and controls the development and implementation of measures to ensure information security by ministries and other bodies subordinate to it; 6) judicial authorities are also subjects of information security. They provide judicial protection to citizens whose rights have been violated in connection with information security activities, administer justice in cases of crimes in the information sphere; 7) a special role in ensuring the security of the state, including information security, belongs to the Security Council of the Russian Federation. It is a constitutional body that does not have the status of a federal executive body, but is endowed with sufficient powers in the field of ensuring security. The Security Council is the only advisory body under the President of the Russian Federation, the creation of which is provided for by the current Constitution.

Forms and methods of ensuring information security in internal affairs bodies

The issues of the organization of the protection system considered in the previous paragraph, including the directions of ensuring information security, imply the clarification of the content of the tasks of ensuring information security, methods, means and forms of their solution.

Forms, methods and means are considered through the prism of legal regulation of information security activities, which is inextricably linked with them, and therefore requires clarification and definition of the legal boundaries of their use. In addition, the solution of any theoretical or practical problem is impossible without certain methods - methods and means.

The choice of appropriate methods and means of ensuring information security is proposed to be undertaken within the framework of creating such a system for protecting information that would guarantee the recognition and protection of the fundamental rights and freedoms of citizens; formation and development of the rule of law, political, economic, social stability of society; preservation of national values and traditions.

At the same time, such a system should ensure the protection of information, including information constituting state, commercial, official and other secrets protected by law, taking into account the peculiarities of the protected information in the field of regulation, organization and implementation of protection. Within the framework of this variety of types of protected information, according to the author, the following most general features of the protection of any type of protected information can be distinguished1: - information protection is organized and carried out by the owner or owner of information or persons authorized by him (legal or physical); - the organization of effective protection of information allows the owner to protect their rights to own and dispose of information, to strive to protect it from illegal possession and use to the detriment of his interests; - information protection is carried out by carrying out a set of measures to restrict access to protected information and create conditions that exclude or significantly impede unauthorized, illegal access to protected information and its carriers.

To exclude access to the protected information by unauthorized persons, the owner of the information who protects it, including its classification, establishes a certain regime, rules for its protection, determines the forms and methods of protection. Thus, the protection of information is the proper provision of the circulation of the protected information in a special area limited by regime measures. This is confirmed by a number of approaches of well-known scientists2, who consider information protection as "the regular use of means and methods, the adoption of measures and the implementation of measures in order to systematically ensure the required reliability of information

Taking into account the content of this definition, as well as other definitions of the concept of information protection and the main objectives of information protection highlighted in them, including the prevention of destruction or distortion of information; prevention of unauthorized receipt and reproduction of information, it is possible to highlight the main task of protecting information in the internal affairs bodies. This is the preservation of the secrecy of the protected information.

In the system of complex information protection, the solution to this problem is carried out in relation to the levels of protection and destabilizing factors. And the formation of a relatively complete set of tasks for these groups is carried out on the basis of an analysis of the objective possibilities for the implementation of the set protection goals, which ensure the required degree of information security. Taking into account the considered provisions, the tasks can be divided into two main groups:

1) timely and complete satisfaction of information needs arising in the process of management and other activities, that is, provision of confidential information to specialists of internal affairs bodies;

2) protection of classified information from unauthorized access to it by other subjects.

When solving the first group of tasks - providing specialists with information - it is necessary to take into account that specialists can use both open and confidential information. The provision of open information is not limited by anything other than its actual availability. When providing secret information, there are restrictions that provide for the availability of access to information of the appropriate degree of secrecy and permission to access specific information. An analysis of the current practice and regulatory legal acts that determine the procedure for a specialist's access to relevant information made it possible to identify a number of contradictions. On the one hand, the maximum restriction of access to classified information reduces the likelihood of leakage of this information, on the other hand, for a reasonable and effective solution of official tasks, it is necessary to fully satisfy the needs of a specialist in information. Under normal, non-regime conditions, a specialist has the opportunity to use a variety of information in order to solve the problem facing him. When providing him with classified information, the possibilities of access to it are limited by two factors: his official position and the problem being solved by the specialist at the present time.

The second group of tasks involves the protection of confidential information from unauthorized access to it by unauthorized persons. It is common both for the internal affairs bodies and for all government bodies and includes:

1) protection of the country's information sovereignty and expanding the state's ability to strengthen its power through the formation and management of the development of its information potential;

2) creation of conditions for the effective use of information resources of society and the state;

3) ensuring the security of protected information: preventing theft, loss, unauthorized destruction, modification, blocking of information;

4) maintaining the confidentiality of information in accordance with the established rules for its protection, including preventing leakage and unauthorized access to its media, preventing its copying, modification, etc .;

5) preservation of the completeness, reliability, integrity of information and its arrays and processing programs established by the owner of the information or persons authorized by him.

D.V. Peregudov,

Department of Internal Affairs for the Lipetsk region

LEGAL ASPECTS OF INFORMATION PROTECTION IN THE ACTIVITIES OF ECONOMIC SECURITY UNITS OF THE INTERNAL AFFAIRS

Ensuring information security within the system of internal affairs bodies is an organizational combination of forces and means, mechanisms, methods and methods, functioning under the control of strict observance of the current regulatory legal acts in the field of information protection. At the same time, the problem of ensuring information security is closely connected not only with the solution of scientific and technical problems, but also with the issues of legal regulation of informatization relations, the development of the legislative base. In this regard, it can be concluded that information protection is a complex of legal, organizational and engineering-technical measures (measures) aimed at preventing leakage of protected information, unauthorized access to it. In turn, the legal aspects of information protection are of paramount importance in the block of protection measures. This is due to the fact that the legal regulation of relations in the field of economic security predetermines the existence of all other measures as a fundamental basis dividing the behavior of subjects (users, owners and other persons) of information relations into “possible (permitted)” and “prohibited” in relation to the object - information. Organizational and technical measures are only streamlined and legalized by the legal framework.

In the internal affairs bodies, the legal support of information security is based on the federal legislation of the Russian Federation. The legal framework at the departmental level is the successor to the Law of the Russian Federation "On State Secrets", the Law of the Russian Federation "On Information, Information Technologies and the Protection of Information", Decree of the President of the Russian Federation dated 03.04.1995 No. the development, production, sale and operation of information tools, as well as the provision of services in the field of information encryption ", decrees of the Government of the Russian Federation dated April 15, 1995 No. 333" On licensing the activities of enterprises and organizations for carrying out work related to the use of information constituting state secrets, the creation of information protection means, as well as with the implementation of measures and (or) the provision of services for the protection of state secrets ", from

06/26/1995 No. 608 "On the certification of information security means", dated 09/15/1993, No. 912-51 "On the state system of information protection of the Russian Federation from foreign intelligence services and from its leakage through technical channels", dated 01/05/2004 No. 3-1 "On approval of the Instruction on ensuring secrecy in the Russian Federation", as well as on the basis of "Special requirements and recommendations for the protection of information constituting a state secret from leakage through technical channels", approved by the Decision of the State Technical Commission of Russia dated 23.05.1997 No. 55, Decision of the State Technical Commission of Russia dated 03.10.1995, No. 42 "On standard requirements for the content and procedure for developing guidelines for protecting information from technical intelligence and from its leakage through technical channels at the facility", dated 16.07.1996, No. 49 "Model of foreign technical intelligence for the period up to 2010" ("Model ITR-2010") and other

their legislative and other regulatory legal acts in the field of information security, regulating the procedure and rules for the technical protection of information in the Russian Federation.

The peculiarity of information support in the internal affairs bodies, in particular in the economic security divisions, is that the employees of these divisions carry out their activities within the framework of the work and handling of information constituting a state secret.

State secrets are information protected by the state in the field of its military, foreign policy, economic, intelligence, counterintelligence and operational-search activities, the dissemination of which may harm the security of the Russian Federation. Subdivisions of the economic security of the internal affairs bodies work with information in the field of operational investigative activities, ie, based on the Law of the Russian Federation of 12.08.1995, No. 144-FZ "On operational and investigative activities." The classification of information constituting a state secret is carried out in accordance with the List of information classified as a state secret, approved by the Decree of the President of the Russian Federation dated

30.11.1995, No. 1203, and in accordance with the rules for classifying information constituting a state secret to various degrees of secrecy, approved by the Government of the Russian Federation dated 04.09.1995, No. 870, as well as on the basis of the list of information to be classified in the system Ministry of Internal Affairs of Russia, determined by the Minister of Internal Affairs of the Russian Federation. At the same time, the admission of persons to information constituting a state secret is carried out in accordance with the instructions on the procedure for admitting officials and citizens of the Russian Federation to state secrets, approved by the Government of the Russian Federation dated October 28, 1995, No. 1050. In the internal affairs bodies, by order of the Ministry of Internal Affairs of Russia dated 03/02/2002 No. 200 for DSP stipulates a detailed list of information to be classified.

In turn, the BEP units also work with information constituting an official secret. These include information of limited distribution, access to which is limited by state authorities in order to avoid damage to both the internal affairs bodies and the security of the state authorities of the Russian Federation. The classification of information as official information of limited distribution is made on the basis of the Approximate list of official information of limited distribution and documents containing them, generated in the course of the activities of the internal affairs bodies, determined by the Minister of Internal Affairs of the Russian Federation. In accordance with the Decree of the President of the Russian Federation of 06.03.1997 No. 188 "On Approval of the List of Confidential Information", official information of limited distribution circulating in the BEP divisions refers to information of a confidential nature (confidential information).

The fundamental departmental regulations in the activities of units for combating economic crimes in the field of information security are the order of the Ministry of Internal Affairs of Russia dated 05.07.2001 No. 029 "On approval of the Temporary Manual on the technical protection of information in the internal affairs bodies of the Russian Federation and the internal troops of the Ministry of Internal Affairs Of the Russian Federation "and the order of the Ministry of Internal Affairs of Russia dated March 15, 2005 No. 015" On approval of the Instruction on ensuring secrecy in the internal affairs bodies ". The first regulatory document characterizes the requirements of an organizational and technical plan for the protection of legally protected information in the activities of BEP units, in particular, it defines uniform technical and mathematical protection measures

information in all divisions of the internal affairs bodies, carrying out their work with information classified as state and official secrets. Order of the Ministry of Internal Affairs of Russia No. 029:

Defines objects of technical protection of information, possible threats to these objects;

Establishes a unified and integral (mandatory) procedure for the implementation of measures for the technical protection of information;

Establishes a uniform form of documents drawn up for an information protection object, on the basis of which a technical protection regime is established during their processing;

Determines the procedure for monitoring technical protection and licensing in this area.

Despite the fact that this normative document was developed back in 2001, at present in the economic security units of the Internal Affairs Directorate for the Lipetsk region at the district level, the conditions for information activities do not fully comply with the requirements of this order. First of all, this concerns the material support of the objects at which information processing is carried out (electronic computers, technical means of receiving, transmitting and processing information: sound recording, sound reproduction, intercom and television devices, means of duplicating documents, and others), in accordance with the established norms of provision ... Even if such facilities are available in the BEP subdivisions, they are in single copies and in moral and technical terms lag behind modern and advanced tools and technologies in this area. In turn, as a shortcoming, it should also be noted about the weak knowledge of the employees of the BEP units operating objects of technical protection of information, regulatory legislation on the technical protection of information upon taking office and during the entire period of performance of their official functional tasks. At the same time, the constant turnover of personnel in these divisions also affects.

The order of the Ministry of Internal Affairs of Russia No. 029-2001 is mainly related to the technical support of information protection facilities, which includes:

Establishing their compliance with the technical protection requirements and documenting the technical measures taken to protect information, categorizing objects;

Drawing up technical passports for these objects;

Development of instructions for ensuring organizational (security) and

technical measures to protect information;

Conducting special studies, special checks and examinations of these objects;

Registration of a prescription for the operation of the facility;

Attestation of the facility and measures to control the technical

information protection.

As practice shows, in the regional departments of internal affairs, due to the small number of information protection objects, the work on the technical protection of protected information is carried out formally and is reduced only to the execution of monotonous documents, the semantic meaning of which the employees operating the objects in respect of which the technical information protection measures in accordance with the order of the Ministry of Internal Affairs of Russia No. 029-2001

A more substantive and responsible step in the legal field was the development of Order No. 015-2005, which included organizational and technical measures of information protection. The requirements set forth in this order are

The protection of information constituting a state secret and secret service information relating to the current activities of subdivisions of the internal affairs body are eliminated. This departmental act establishes a clear and strict procedure for handling and using objects of information protection - a regime that is mandatory for all subjects of information relations under the threat of the onset of liability provided for by the current legislation. Order of the Ministry of Internal Affairs of Russia No. 015-2005 regulates relations related to the reception, processing, storage, use, transmission of significant and legally protected information in the BEP divisions, monitoring compliance with the prescribed norms, determining the measures of responsibility for their violation, establishes a unified procedure in relations with subjects of other internal affairs bodies - external subjects. Thus, the legal protection of information protection objects is the basis for the development and definition of organizational and technical measures to protect information in the BEP divisions.

An important direction in the field of information security legislation in the internal affairs bodies is the determination of legal responsibility for committing an unlawful act in relation to the object of protection.

In legal science and current legislation, legal liability can appear in four variations:

Civil;

Administrative;

Disciplinary;

Criminal.

Considering that the BEP employees working with information constituting a state secret are officials of the executive authority, they bear the burden of strict responsibility for the disclosure of this information or its loss. In such cases, there can be only two types of liability:

1) disciplinary;

2) criminal.

Their differentiation depends only on the nature of the offense committed, and the difference lies in the specific penalties and the special procedure for their application.

Disciplinary responsibility consists in imposing a disciplinary sanction on a BEP employee by the powers of the head of the internal affairs body. Disciplinary punishments are: warning, reprimand, severe reprimand, dismissal from the internal affairs bodies. However, the internal affairs bodies provide for strict disciplinary liability for violation of the order of the Ministry of Internal Affairs of Russia No. 015-2005, which is expressed in the imposition of the last three of the above types of penalties on an employee.

Disciplinary liability can be applied to an economic security employee in case of negligence in the performance of his official duties, expressed in violation of the secrecy regime, the rules for handling information related to official secrets - confidential information, without any illegal intent.

The most severe measures of influence are characterized by criminal liability, which is applied in court to a person guilty of a crime, i.e. a guilty, socially dangerous act provided for by the Criminal Code of the Russian Federation. The main types of crimes in the field of information security are shown in the table.

Types of crimes in the field of information protection

Article of the Criminal Code of the Russian Federation

Disposition of the article of the Criminal Code of the Russian Federation

Penalty (sanction)

Article 272. Unlawful access to computer information 1. Unlawful access to legally protected computer information, that is, information on a machine carrier, in an electronic computing machine (computer), a computer system or their network, if this act entailed the destruction, blocking, modification or copying of information , malfunction of a computer, computer system or their network; Shall be punished with a fine in the amount of up to two hundred thousand rubles or in the amount of the salary or other income of the convicted person for a period of up to eighteen months, or correctional labor for a term of six months to one year, or imprisonment for a term of up to two years;

The same act committed by a group of persons by prior conspiracy or by an organized group or by a person using his official position, as well as having access to a computer, a computer system or their network is punishable by a fine in the amount of one hundred thousand to three hundred thousand rubles or in the amount of wages, or other income of the convicted person for a period of one to two years, or correctional labor for a term of one to two years, or arrest for a term of three to six months, or imprisonment for a term of up to five years

Article 273. Creation, use and distribution of malicious programs for computers 1. Creation of computer programs or making changes to existing programs, knowingly leading to unauthorized destruction, blocking, modification or copying of information, disruption of the operation of computers, computer systems or their networks, as well as use or distribution of such programs or machine media with such programs; Shall be punishable by imprisonment for a term of up to three years with a fine in the amount of up to two hundred thousand rubles or in the amount of the wages or other income of the convicted person for a period of up to eighteen months;

the same acts that negligently entailed grave consequences are punishable by imprisonment for a term of three to seven years

Article 274. Violation of the rules of operation of a computer, a computer system or their network 1. A violation of the rules of operation of a computer, a computer system or their network by a person who has access to a computer, a computer system or their network, resulting in the destruction, blocking or modification of legally protected computer information, if the act caused substantial harm; Shall be punishable by deprivation of the right to hold certain positions or engage in certain activities for a period of up to five years, or compulsory labor for a period of one hundred and eighty to two hundred and forty hours, or restraint of liberty for a period of up to two years;

the same act, which negligently entailed grave consequences, is punishable by deprivation of liberty for a term of up to four years

Article 275. State treason High treason, that is, espionage, issuance of state secrets or other assistance to a foreign state, foreign organization or their representatives in carrying out hostile activities to the detriment of the external security of the Russian Federation, committed by a citizen of the Russian Federation. Punished with imprisonment for a term of twelve up to twenty years with or without a fine in the amount of up to five hundred thousand rubles or in the amount of the wages or other income of the convicted person for a period of up to three years.

Article 276. Espionage Transfer, as well as collection, theft or storage for the purpose of transferring to a foreign state, foreign organization or their representatives information constituting a state secret, as well as transfer or collection of other information on behalf of foreign intelligence for their use to the detriment of the external security of the Russian Federation if these acts were committed by a foreign citizen or stateless person Punished with imprisonment for a term of ten to twenty years

Article 283. Disclosure of state secrets 1. Disclosure of information constituting a state secret by a person to whom it was entrusted or became known in service or work, if this information became the property of other persons, in the absence of signs of high treason; Shall be punishable by arrest for a term of four to six months, or imprisonment for a term of up to four years, with or without the deprivation of the right to hold certain positions or engage in certain activities for a term of up to three years;

The same act that negligently entailed grave consequences is punishable by imprisonment for a term of three to seven years with the deprivation of the right to hold certain positions or engage in certain activities for a term of up to three years

Article 284. Loss of documents containing state secrets Violation by a person who has access to state secrets of the established rules for handling documents containing state secrets, as well as with items, information about which constitutes a state secret. term from four to six months, or imprisonment for up to three years with imprisonment

state secrets, if this entailed by negligence their loss and the onset of grave consequences

the right to hold certain positions or engage in certain activities for up to three years or without

From the analysis of the table it can be seen that acts related to violation of the procedure for using information constituting a state secret can be recognized as a crime. In the internal affairs bodies, such facts can take place only in case of violation of the secrecy regime. And for each fact of such misconduct, an official check is carried out.

A violation of the secrecy regime in the internal affairs bodies is the disclosure of information constituting a state secret, that is, the disclosure of information by the employee to whom this information was entrusted in the service, as a result of which it became the property of unauthorized persons; or the loss of information carriers that constitute a state secret, that is, the release (including temporary) of information carriers from the possession of the employee to whom they were entrusted in the service, as a result of which they became or could become the property of unauthorized persons.

If these facts are revealed, the head of the department of internal affairs is obliged to inform the higher management, the security body (a subdivision of the FSB) and organize an official check and search for carriers of information constituting a state secret, as well as take all measures to localize possible damage. To conduct an official audit, the head must create a commission, which, within a month, must:

1) establish the circumstances of the disclosure of information constituting a state secret, or the loss of media containing such information;

2) search for lost media;

3) identify the persons guilty of disclosing this information or losing media;

4) establish the reasons and conditions that contributed to the disclosure of information constituting a state secret, leakage of media containing such information, and develop recommendations for their elimination.

Based on the results of the work of this commission, the conclusion of an official audit is drawn up with the adoption of specific measures against persons guilty of violating the secrecy regime.

As practical experience shows, cases of crimes related to disclosure of state secrets committed by operational officers are extremely rare. Most often, there are cases of disciplinary offenses committed by employees in the negligent and improper performance of their official duties to comply with the requirements of the secrecy regime.

Thus, analyzing the legal framework designed to ensure legal protection of the legally protected interests of the state, society, legal entities and individuals in the field of information relations, we can conclude that it is extremely weak in the internal affairs bodies. In its semantic presentation, there is no substantive approach to the acute and serious problem of protecting state and official secrets, although there are requirements for mandatory compliance with regime information protection measures, however, in practical terms, especially in regional divisions, control over the implementation of the binding instructions of departmental regulations of the Ministry of Internal Affairs of Russia , there are practically no territorial internal affairs bodies, work on the technical security of information protection objects is carried out formally without taking into account the specific characteristics of the object, material support with technical means of protection

information does not meet the needs and conditions of the BEP operational units. 95% of all violations related to non-compliance with regulations on information protection in internal affairs bodies are detected during inspections by higher authorities.

The foregoing allows us to conclude that it is necessary to improve the legal support for the protection of information in the activities of both the internal affairs bodies in general, and their units of economic security in particular.

Information Security Fundamentals

Introduction

National security is the state of protection of the vital interests of the individual, society and the state from internal and external threats.

Vital interests are a set of needs, the satisfaction of which reliably ensures the existence and opportunities for the progressive development of the individual, society and the state.

Security threat - a set of conditions and factors that create a threat to the vital interests of the individual, society and the state.

Ensuring security is a unified state policy, a system of measures of an economic, political, law-making (other) nature, adequate to the threats to the vital interests of the individual, society and the state.

Security protection - direct impact on the object of protection.

Security protection - a set of ensuring and protecting security measures.

Information security is the state of protection of the country's national interests (the country's national interests are vital interests based on a balanced basis) in the information sphere from internal and external threats.

That is why information security issues are relevant especially recently.

The purpose and objectives of the work is a detailed study of individual aspects of information security.

1 Types and content of threats to information security

Sources of threats to the information security of the Russian Federation are divided into external and internal. External sources include:

activities of foreign political, economic, military, intelligence and information structures directed against the interests of the Russian Federation in the information sphere;
the desire of a number of countries to dominate and infringe on Russia's interests in the global information space, to oust it from the external and internal information markets;
aggravation of international competition for the possession of information technologies and resources;
activities of international terrorist organizations;
increasing the technological gap between the world's leading powers and building up their capabilities to counter the creation of competitive Russian information technologies;
activities of space, air, sea and ground technical and other means (types) of reconnaissance of foreign states;
the development by a number of states of concepts of information wars, providing for the creation of means of dangerous impact on the information spheres of other countries of the world, disruption of the normal functioning of information and telecommunication systems, the safety of information resources, obtaining unauthorized access to them 1 .

Internal sources include:

the critical state of domestic industries;
an unfavorable crime situation, accompanied by tendencies for the merging of state and criminal structures in the information sphere, for criminal structures to gain access to confidential information, increase the influence of organized crime on the life of society, reduce the degree of protection of the legitimate interests of citizens, society and the state in the information sphere;
insufficient coordination of the activities of federal state authorities, state authorities of the constituent entities of the Russian Federation in the formation and implementation of a unified state policy in the field of ensuring information security of the Russian Federation;
insufficient elaboration of the regulatory legal framework governing relations in the information sphere, as well as insufficient law enforcement practice;
underdevelopment of civil society institutions and insufficient state control over the development of the information market in Russia;
insufficient funding of measures to ensure information security of the Russian Federation;
insufficient economic power of the state;
decrease in the efficiency of the education and training system, insufficient number of qualified personnel in the field of information security;
insufficient activity of federal bodies of state power, bodies of state power of the constituent entities of the Russian Federation in informing society about their activities, in explaining decisions made, in the formation of open state resources and the development of a system of citizens' access to them;
Russia's lag behind the leading countries in the world in terms of informatization of federal government bodies, government bodies of constituent entities of the Russian Federation and local governments, credit and finance, industry, agriculture, education, healthcare, services and everyday life of citizens 2 .

2 Technical implementation of the ATS information security concept

The information used in the internal affairs bodies contains information about the state of crime and public order in the serviced territory, about the bodies and divisions themselves, their forces and means. In the duty units, operatives, district police inspectors, investigators, employees of forensic departments, passport and visa apparatuses, and other divisions, on primary registration documents, in accounting books and on other media, arrays of data for operational search and operational reference purposes are accumulated, which contain information:

about offenders and criminals;
about the owners of motor vehicles;
about the owners of firearms;
about events and facts of a criminal character, offenses;
about stolen and confiscated things, antiques;
as well as other information to be stored.

Services and divisions of the internal affairs bodies are characterized by the data:

about the forces and means at the disposal of the body;
on the results of their activities.

The above information is used when organizing the work of units and taking practical measures to combat crime and delinquency.

In the information support of the internal affairs bodies, the central place is occupied by the accounts, which are used to register primary information about crimes and the persons who committed them.

Accounting Is a system for registering and storing information about persons who have committed crimes, about the crimes themselves and related facts and objects.

Accounting for crimes subordinate to the Ministry of Internal Affairs of Russia covers 95% of criminal manifestations and gives a fairly complete picture of the operational situation in the country and its regions.

In Russia as a whole, in recent years, with the help of the information contained in the records, from 19 to 23% of crimes committed, or almost every fourth of the total, have been disclosed through the criminal investigation.

In the USSR, in 1961, the Instructions for registration in the internal affairs bodies were introduced. Under the USSR Ministry of Internal Affairs in 1971, the Main Scientific Information Center for Information Management (GNITSUI) was created, later renamed into the Main Information Center (GIC), and information centers (IC) were created in the Ministry of Internal Affairs and the Internal Affairs Directorate.

The main information center is the largest bank of operational reference and search information in the system of the Ministry of Internal Affairs of Russia. It is entrusted with the task of providing bodies and institutions of internal affairs with various information - statistical, search, operational reference, forensic, production and economic, scientific and technical, archival. These are unique, multidisciplinary centralized arrays of information, with a total of about 50 million accounting documents.

In the surname operational reference card file for convicted persons, over 25 million accounting documents are concentrated, and in the fingerprint card index - 17 million GIC has a unique database on computer media containing statistical reports of the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate, the Internal Affairs Directorate for 50 forms for the period from 1981 to 1992 and in retrospect until 1974 3 .

Information centers of the Ministry of Internal Affairs, ATC are the most important link in the information support system of the internal affairs bodies of the Russian Federation. They bear the main burden in providing information support to the internal affairs bodies in the disclosure and investigation of crimes, and the search for criminals.

Information centers are the head units in the system of the Ministry of Internal Affairs, the Internal Affairs Directorate, the Internal Affairs Directorate in the field of informatization: providing statistical, operational reference, operational investigative, forensic, archival and other information, as well as computerization and construction of regional information and computer networks and integrated data banks. Information centers carry out their duties in close cooperation with the departments of the Ministry of Internal Affairs, the Internal Affairs Directorate, the Department of Internal Affairs and the city railing authorities, as well as the Main Information Center of the Ministry of Internal Affairs of Russia.

With the help of the accounts, information is obtained that helps in the disclosure, investigation and prevention of crimes, the search for criminals, the identification of unknown citizens and the ownership of the seized property. They are formed in the municipal authorities, the IC of the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate according to the territorial (regional) principle and form the federal records of the Main Information Center of the Ministry of Internal Affairs of Russia. In addition, registrations are available in passport machines.

Along with the records in the internal affairs bodies, forensic centralized collections and card indexes are kept, which are created and stored in the forensic centers (ECC) of the Ministry of Internal Affairs of Russia (federal) and forensic departments (ECU) of the Ministry of Internal Affairs, GUVD, ATC (regional). The EKU and EKC collections and filing cabinets are focused primarily on ensuring the detection and investigation of crimes.

The operational reference, search and forensic information accumulated in records, collections and card files is called criminal information.

Accounting is classified according to functional and object characteristics.

Functionally, the accounts are divided into three groups: operational reference, search, forensic.

On the basis of the object, the accounts are divided into persons, crimes (offenses), objects.

The main operational reference and search information is formed in the city railing authorities. Part of it settles on the spot, and the other is sent to the IC and GIC to form a single data bank.

The information base of the Ministry of Internal Affairs system is built on the principle of centralized accounting. It is made up of operational reference, search and forensic records and card indexes, concentrated in the Main Information Center of the Ministry of Internal Affairs of Russia and the Information Center of the Ministry of Internal Affairs, ATC, UVDT, and local records of city railing authorities. In general, their arrays are estimated at about 250-300 million accounting documents.

Centralized operational reference, forensic and search records have the following information about Russian citizens, foreigners and stateless persons:

conviction, place and time of serving the sentence, date and grounds for release;
movement of convicts;
death in places of imprisonment, change of sentence, amnesty, number of the criminal case;
place of residence and place of work prior to conviction;
detention for vagrancy;
blood group and fingerprint formula of convicts.

Fingerprint registration makes it possible to establish the identity of criminals, arrested, detained, as well as unknown sick and unidentified corpses. Fingerprint card indexes have 18 million fingerprint cards. They receive over 600 thousand requests, for which about 100 thousand recommendations are issued. The information in the files contributed to the disclosure of crimes or the identification of a person in 10 thousand cases. Currently, these are mainly hand-held filing cabinets. 4 .

The accounts of the internal affairs bodies, depending on the method of information processing, are divided into three types: manual, mechanized, automated.

Automated records consist of a number of automated information retrieval systems (AIPS). The accumulation and processing of criminal information with the help of AIPS is carried out in regional banks of criminal information (RBKI).

In accordance with the new tasks, the GIC of the Ministry of Internal Affairs of Russia in November 2004 was transformed into the Main Information and Analytical Center of the Ministry of Internal Affairs of Russia. In the system of internal affairs bodies, the Main Information and Analytical Center (GIAC) of the Ministry of Internal Affairs of Russia is the head organization in the following areas:

information support with statistical, operational reference, investigative, forensic, archival and scientific and technical information;
operational-analytical and information support of operational-search activity, as well as information interaction for the exchange of operational information with other subjects of operational-search activity;
planning, coordination and control of the processes of creation, implementation, use, development in the system of the Ministry of Internal Affairs of Russia of modern information technologies, automated information systems of general use and operational-investigative nature, integrated public data banks, computer equipment and system software for them;
maintenance and development of the Unified system of classification and coding of technical, economic and social information.

The main tasks of the GIAC of the Ministry of Internal Affairs of Russia are:

providing the leadership of the Ministry, subdivisions of the system of the Ministry of Internal Affairs of Russia, government bodies of the Russian Federation, law enforcement agencies of other states with statistical information on the state of crime and the results of operational and service activities of internal affairs bodies, as well as operational reference, search, forensic, archival, scientific technical and other information;
the formation in the internal affairs bodies of a unified system of statistical, operational reference, investigative, forensic accounting, automated data banks of centralized accounting, all-Russian and industry classifiers of technical, economic and social information;
creation, implementation and development of modern information technologies in the system of the Ministry of Internal Affairs of Russia in order to increase the efficiency of using the accounts by the internal affairs bodies;
control over the activities of the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate of the constituent entities of the Russian Federation, UVDT in terms of the timeliness of the submission, completeness and reliability of informationin statistical, operational reference, search, forensic, operational and other records, the maintenance of which is attributed to the competence of information departments of the internal affairs bodies;
pursuing a unified scientific and technical policy within the framework of the development of the information and computing system of the Ministry of Internal Affairs of Russia;
coordination and support of activities for the implementation in the internal affairs bodies and internal troops of the Ministry of Internal Affairs of Russia of the legislation of the Russian Federation on archival affairs and on the rehabilitation of citizens subjected to political repression in the administrative order;
organizational and methodological guidance and provision of practical assistance to subdivisions of the system of the Ministry of Internal Affairs of Russia, the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate of the constituent entities of the Russian Federation on issues related to the competence of the GIAC.

To implement the assigned tasks, the GIAC of the Ministry of Internal Affairs of Russia carries out:

formation and maintenance of centralized operational reference, investigative and forensic records, automated data banks of centralized records, the Interstate Information Bank - within the framework of agreements concluded between law enforcement agencies; databases of statistical information on the state of crime and the results of the fight against it;
collection, accounting and analysis of operational information; information and analytical support of the operational-search activities of the operational divisions of the Ministry of Internal Affairs of Russia. Providing operational and analytical materials to the leadership of the Ministry and operational units of the Ministry of Internal Affairs of Russia;
formation and maintenance of records of persons declared on the federal and interstate wanted list, preparation and distribution to the internal affairs bodies of the Russian Federation and other states in accordance with the established procedure of materials on the announcement and termination of the search, bulletins of operational-search information and collections of orientations;
establishing, at the request of the NCB of Interpol under the Ministry of Internal Affairs of Russia, the Ministry of Foreign Affairs of Russia, the Central Committee of the Russian Red Cross Society, the location (fate) of foreign citizens (subjects) and stateless persons arrested and convicted on the territory of Russia and the states of the former USSR;
formation and maintenance of a data bank of the system of scientific and technical information of the Ministry of Internal Affairs of Russia on the experience of the internal affairs bodies of the Russian Federation and law enforcement agencies of other states; issuance of this information in accordance with the established procedure at the request of subdivisions of the system of the Ministry of Internal Affairs of Russia;
the formation and maintenance of a fund of all-Russian classifiers of technical and economic information in the part related to the Ministry of Internal Affairs of Russia, the development and registration of sectoral and intra-system classifiers operating in the internal affairs bodies;
reception, registration, preservation and use in the prescribed manner of archival documents of units of the Ministry of Internal Affairs of Russia and internal affairs bodies;
analysis of the processes of formation and use of statistical, operational reference, investigative, forensic records of internal affairs bodies, the creation, implementation, development of modern information technologies in the system of the Ministry of Internal Affairs of Russia, provision of information and analytical materials to the leadership of the Ministry and divisions of the Ministry of Internal Affairs of Russia.

The structure of the Main Information and Analytical Center of the Ministry of Internal Affairs of Russia includes:

Center for Statistical Information;
Criminal Information Center;
Operational information center;
Center for Operational Investigative Information;
Center for Information Technologies and Systems of Internal Affairs;
Computing Center;
Center for Rehabilitation of Victims of Political Repression and Archival Information;
Department of Scientific and Technical Information;
Department of Documentation and Security Regime;
Organizational and Methodological Department;
Human Resources Department;
Financial and economic department;
Second department (special communications);
Fifth department (information interaction with the CIS FSO of Russia);
Logistics Department;
Legal group.

All operational and preventive measures and the overwhelming majority of operational and search activities carried out in the internal affairs bodies are provided with information support carried out by the GIAC and the IC.

The role of information departments increases from year to year, as evidenced by the following facts. If in 1976 with the help of our records 4% of the total number of solved crimes were solved, in 1996 - 25%, in 1999 - 43%, in 2002 - 60%, then in 2009 - over 70% 5 .

Today, GIAC carries out fully automated collection and generalization of statistical information. The information is summarized as a whole for Russia, for federal districts and subjects of the Russian Federation. The automated database of statistical indicators of the GIAC contains information since 1970.

Public data banks have been deployed in the GIAC and information centers of the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate, and a standard integrated data bank of the regional level has been introduced.

At the regional and federal levels, a set of measures was carried out to equip all information centers of the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate and the State Information and Analytical Center with standard software and hardware complexes.

The centralized equipping of the regions with modern information processing complexes made it possible to purposefully carry out measures to integrate open information resources at the regional and federal levels.

Completed work on the creation of an integrated data bank of the federal level. It combined the resources of 9 existing systems ("Kartoteka", "ABD-Center", "ASV-RIF" and "Crime-Foreigners", "Antiques", "FR-Notification", "Weapons", "Autosearch" and "Dossier- scammer"). This made it possible, upon a single request from operational workers, investigators and interrogators, to receive the information available in the automated records of the GIAC in the form of a "dossier" and to increase the effectiveness of assistance in solving crimes.

The integrated bank of the federal level systematizes information about issued, lost, stolen passports (passport blanks) of citizens of the Russian Federation; about foreign citizens staying and residing (temporarily and permanently) in the Russian Federation; about registered vehicles.

A step-by-step interaction of the Federal Automated Fingerprint System "AFIS-GIC" with similar interregional systems of federal districts, regional systems of information centers and NCB of Interpol is being carried out. The possibility of obtaining fingerprint information in electronic form allows in the shortest possible time to identify the identity of suspects, to increase the efficiency of disclosing and investigating crimes.

On the basis of the GIAC of the Ministry of Internal Affairs of Russia, an interdepartmental automated system for maintaining the Register of the Federal Integrated Information Fund was created, providing for the integration of information resources and information interaction between ministries and departments (Ministry of Internal Affairs, FSB, Ministry of Finance, Ministry of Justice, Prosecutor General's Office, Supreme Court of the Russian Federation, etc.).

Using the mode of direct access to the data bank (within 7-10 minutes without breaking the communication line) and the mode of deferred request (within 1 hour using e-mail) will greatly facilitate the work of employees of operational services, investigation and inquiry units, and other law enforcement agencies.

The total number of users who are provided with access to automated centralized accounting of the vertical "Main information and analytical center - information centers of the Ministry of Internal Affairs, Central Internal Affairs Directorate, ATC", is more than 30 thousand. More than a third of them are users of the GROVD level and police departments (divisions).

To provide information support for the operational activities of bodies, divisions and institutions of internal affairs, the educational process and scientific activities of research and higher educational institutions of the Ministry of Internal Affairs of Russia, the Databank of the Scientific and Technical Information System (DB SNTI) of the Ministry of Internal Affairs of Russia was created at the GIAC. DB STTI contains materials about the experience of the internal affairs bodies of Russia, the activities of law enforcement agencies of foreign countries, as well as information about the results of research and development work and dissertation research carried out in the system of the Ministry of Internal Affairs of Russia.

The most effective means of increasing the availability and ease of obtaining information, bringing it to the consumer is the data bank of the scientific and technical information system (DB STTI) of the Ministry of Internal Affairs of Russia.

The data bank of STTI of the Ministry of Internal Affairs of the Russian Federation is designed to provide information to employees of bodies and institutions of the Ministry of Internal Affairs of Russia with information about the experience of the internal affairs bodies of Russia, the activities of law enforcement agencies of foreign countries and the results of scientific research carried out in the system of the Ministry of Internal Affairs of Russia.

Structurally, the databank consists of three sections:

domestic experience - express information, bulletins, guidelines, analytical reviews, criminological forecasts;
foreign experience - information publications, translations of articles from foreign magazines, reports on foreign business trips and other materials on the activities of law enforcement agencies of foreign countries;
scientific research - reporting documents on research and development work, abstracts of defended theses prepared by employees of research and higher educational institutions of the Ministry of Internal Affairs of Russia.

As of January 1, 2010, the STTI database contains over 5 thousand materials, of which 30% are about the experience of the Russian Internal Affairs Department, 38% of foreign law enforcement activities, and 32% of scientific research.

The databank is installed on the communication node of the GIAC as part of the data transmission backbone (MRTD) of the Ministry of Internal Affairs of Russia. All employees of the Ministry of Internal Affairs of Russia, the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate of the constituent entities of the Russian Federation, UVDT, research and educational institutions, who are subscribers of the GIAC node, can directly contact the DB STTI.

It also provides an opportunity to select materials in the deferred request mode for all subscribers of the MRTD of the Ministry of Internal Affairs of Russia.

Along with the growth in the use of the SNTI DB at the GIAC communication node in 65 regions of the Russian Federation, regional data banks of scientific and technical information have been created and are being formed on the basis of information arrays of the SNTI DB. 6 .

Access to regional data banks of NTI is provided by services, divisions and city district agencies. In a number of regions (the Republic of Sakha (Yakutia), Krasnodar Territory, Magadan Region, etc.), which occupy a significant territory, subregional STI data banks are organized in remote cities. Information arrays for them are regularly replicated and sent out on CD-ROMs.

The creation and development of regional data banks NTI is one of the promising ways to solve the problem of bringing information to the practitioners of the territorial bodies of internal affairs.

Together with the interested departments and divisions of the Ministry of Internal Affairs of Russia, work is underway to create a Central Data Bank for registering foreign citizens and stateless persons temporarily staying and residing in the Russian Federation.

conclusions

The main directions of protection of the information sphere.

1. Protection of the interests of the individual, society and the state from the effects of harmful, poor-quality information. Such protection is provided by institutions: mass media, documented and other information.

2. Protection of information, information resources and information system from unlawful influence in various situations. Such protection is provided by:

Institute of State Secrets;

Personal data.

3. Protection of information rights and freedoms (Institute of Intellectual Property).

The main task of information security is to balance the interests of society, the state and the individual. This balance must be adequate to the security objectives of the country as a whole. Ensuring information security should be focused on the specifics of the information environment, determined by the social structure.

The focus of information security should be on the information environment of public authorities.

In the context of the globalization process, it is necessary to ensure a constant analysis of changes in policies and legislation in other countries.

The last task is to take into account the fulfillment of factors in the process of expanding the legal attention of the Russian Federation in the peaceful information space, including cooperation within the CIS, and the practice of using the Internet.

List of used literature

Constitution of the Russian Federation. - 1993

The concept of national security of the Russian Federation (as amended by the Decree of the President of the Russian Federation of January 10, 2000 No. 24).

Information security doctrine of the Russian Federation (approved by the President of the Russian Federation on September 9, 2000, No. Pr-1895).

Law of the Russian Federation of July 27, 2006 No. 149-FZ "On Information, Information Technologies and Information Protection".

Bot E., Sichert K .. Windows Security. - SPb .: Peter, 2006.

Dvoryankin S.V. Information confrontation in the law enforcement sphere / In collection: "Russia, XXI century - anti-terror ". - M .: "BIZON-95ST", 2000.

Karetnikov M.K. On the content of the concept "Information security of internal affairs bodies" / In collection: "International conference" Informatization of law enforcement systems ". - M .: Academy of Management of the Ministry of Internal Affairs of Russia, 1998.

Nikiforov S.V. An introduction to networking technologies. - M .: Finance and statistics, 2005 .-- 224c.

A.A. Torokin Engineering and technical information security: Textbook. - M .: "Helios ARV", 2005.

1 Beloglazov E.G. and other Fundamentals of information security of internal affairs bodies: Textbook. - M .: MosU of the Ministry of Internal Affairs of Russia, 2005.

2 V.I. Yarochkin Information Security: A Textbook for University Students. - M .: Academic Project; Gaudeamus, 2007.

3 Karetnikov M.K. On the content of the concept "Information security of internal affairs bodies" / In collection: "International conference" Informatization of law enforcement systems ". - M .: Academy of Management of the Ministry of Internal Affairs of Russia, 1998.

4 Dvoryankin S.V. Information confrontation in the law enforcement sphere / In collection: "Russia, XXI century - anti-terror." - M .: "BIZON-95ST", 2000.

5 Zhuravlenko N.I., Kadulin V.E., Borzunov K.K .. Fundamentals of information security: a textbook. - M .: MosU of the Ministry of Internal Affairs of Russia. 2007.

6 Zhuravlenko N.I., Kadulin V.E., Borzunov K.K .. Fundamentals of information security: a textbook. - M .: MosU of the Ministry of Internal Affairs of Russia. 2007.

Objectives of technical protection of information in the Ministry of Internal Affairs. Fundamentals of Information Security in Internal Affairs Bodies

Send your good work in the knowledge base is simple. Use the form below

2. The concept and goals of conducting special checks of objects of informatization; the main stages of the audit

The object of informatization is a set of informatization means together with the premises in which they are installed, intended for processing and transferring protected information, as well as dedicated premises Partyka T.L., Popov I.I.Information security - M .: Forum, 2012.

Informatization means - means of computer technology and communication, office equipment intended for collecting, accumulating, storing, searching, processing data and issuing information to the consumer.

Computer facilities - electronic computers and complexes, personal electronic computers, including software, peripheral equipment, data teleprocessing devices.

The objects of computing technology can also include individual means of computing technology that perform independent functions of information processing.

Allocated room (VP) - a special room designed for meetings, conferences, conversations and other events of a speech nature on secret or confidential issues.

Activities of a speech nature can be carried out in dedicated rooms with the use of technical means of processing speech information (TSOI) and without them.

Information processing technical means (ICT) is a technical means intended for receiving, storing, searching, transforming, displaying and / or transmitting information through communication channels.

Automated system (AC) - a set of software and hardware designed to automate various processes associated with human activities. In this case, a person is a link in the system.

A special check is a check of a technical means of information processing carried out with the aim of finding and removing special electronic embedded devices (hardware tabs).

Certificate of a protected object - a document issued by a certification body or other specially authorized body confirming the existence of necessary and sufficient conditions at the protected object to fulfill the established requirements and standards of information protection efficiency.

A prescription for operation is a document containing requirements for ensuring the security of a technical means of information processing during its operation.

Certification test report - a document containing the necessary information about the test object, the methods used, means and test conditions, as well as a conclusion on the test results, drawn up in the prescribed manner.

Basic technical means and systems (OTSS) - technical means and systems, as well as their communications, used for processing, storage and transmission of confidential (secret) information.

Auxiliary technical means and systems (ATSS) - technical means and systems not intended for transmission, processing and storage of confidential information, installed together with OTSS or in dedicated premises.

These include:

3. Hardware and software-hardware means of data encryption

Integrity and restriction of access to information is ensured by specialized system components using cryptographic protection methods. In order for a computer system to be fully trusted, it must be certified, namely:

- define the set of functions performed;

- to prove the finiteness of this set;

- to determine the properties of all functions Gafner V.V. Information security - Rostov on Don: Phoenix, 2010.

When using the system, its functionality should not be violated, in other words, it is necessary to ensure the integrity of the system at the time of its launch and during its operation.

The reliability of information protection in a computer system is determined by:

- a specific list and properties of the functions of the COP;

- methods used in the functions of the CS;

- the way to implement the functions of the COP.

Here are some examples of hardware-software cryptographic information protection tools:

In practice, the functions of user authentication, integrity checks, and cryptographic functions that form the core of the security system are often implemented in hardware, while all other functions are implemented in software.

Conclusion

Threat - a set of conditions and factors that create a potential or real threat of violation of confidentiality, availability and (or) integrity of information.

If we talk about threats of an information and technical nature, we can highlight such elements as theft of information, malware, hacker attacks, SPAM, employee negligence, hardware and software failures, financial fraud, and theft of equipment.

As you can see from the above data, theft of information and malware is the most common.

Knowledge of the main methods of committing and preventing computer crimes, methods of combating computer viruses, as well as modern methods of protecting information is necessary to develop a set of measures to ensure the protection of automated information systems of internal affairs bodies.

All this will help to increase the efficiency of the internal affairs bodies as a whole.

Listliterature

Similar documents

Information security in the national security system: nature, essence, place in the categorical apparatus of the general theory of law

Computer and telecommunications crime

State legal regulation in the field of combating computer crimes

Improving the legal framework for the protection of information of internal affairs bodies

The concept and essence of information security

The main directions of the state's activities to ensure information security

Organization of activities of internal affairs bodies to ensure information security

Forms and methods of ensuring information security in internal affairs bodies

Introduction

1 Types and content of threats to information security

2 Technical implementation of the ATS information security concept

conclusions

List of used literature

Top related articles