Let's move on to the immediate topic of the article - the protection of the object.

Let's say a client contacts you next problem: There is a suspicion that confidential information is becoming available to competitors.

The client is the owner of a small business with a multi-room office. The enterprise has an accounting department, production areas, a director's office, a reception room, and a rest room. The company has its own security service. Office space is located inside a multi-storey building, neighboring premises are also occupied by offices.

Where to start protective measures? At first glance, it is necessary to protect the premises of the enterprise with the closure of all typical channels of information leakage. But this is a lot of money.

At the first stage, it is necessary to ask which of the competitors the client suspects of stealing information. If there are definite suspicions, it is advisable to find out how expensive the outgoing information is, what are the financial and technical capabilities intruders, i.e. how much they can afford to collect information.

It is necessary to find out which group of personnel has access to outgoing information. With this information, we move on.

Information security measures can be divided into two main groups: organizational measures and technical measures.

We will not dwell on organizational measures, for this there is an enterprise security service. But some advice can be given.

It is necessary to delimit access to premises and information among the personnel of the enterprise, according to their activities and hierarchy. By doing this, we significantly narrow the circle of people who have access to confidential information.

It is necessary to control the established daily routine of the enterprise.

Explanatory work is needed with the staff about the undesirable discussion of some aspects of their work outside the enterprise.

If the information is available to a wide range of people, for example, there are five employees in the accounting department, then protective technical measures will help little. In this case, for example, instead of installing protection systems telephone conversations in accounting, it is better to install a system for documenting telephone conversations, for example, Sprut. In this case, the security service will be able to easily identify the person responsible for the disclosure confidential information. Constant use other protection systems in such a room is also impossible, since it either creates an uncomfortable environment for work, or initially a medical certificate for a protection device limits the duration of its operation, and finally, the operation of devices can adversely affect the operation of office equipment.

Thus, measures to protect information in the main areas of the enterprise are best ensured with the help of organizational measures and technical means of control permitted for use - registrars and raters of telephone conversations, video and audio surveillance systems, access control systems, etc.

What to protect at the enterprise with the help of technology? It is best to allocate a special room for negotiations (usually a rest room), provide limited access into it, if there is a need to conduct confidential negotiations by telephone, allocate a separate telephone city line (without switching it with an office mini-automatic telephone exchange) and bring it into a protected room. If there is a need to use a personal computer, it is better to remove it from the local network of the enterprise. If it is necessary to conduct confidential negotiations in the director's office, then he is also subject to technical protection.

Now that we have decided on a specific room, let's move on to technical protection measures.

First of all, let's determine the performance characteristics of the premises. The room has one window, one central heating battery, two electrical sockets and lighting connected to two different electrical phases, one urban telephone line, there is always a personal computer in the room, which is not included in the local network enterprises.

The walls of the room are reinforced concrete. Room dimensions: 4m x 5m x 2.7m.

The floor plan is shown in Figure 1.

Measures for the technical protection of information can be divided into three areas: passive, active and combined.

Passive protection involves the detection and localization of sources and channels of information leakage.

Active - the creation of interference that prevents the removal of information.

Combined - combines the use of the two previous directions and is the most reliable.

However, passive and active protection vulnerable in a way. For example, when using only passive protection, it is necessary to conduct round-the-clock monitoring, since it is not known when the means of removal are turned on, or the ability to use detection equipment during a business meeting is lost.

Active protection can make life very difficult for people who are watching you, and you can use it in vain, not knowing for sure if there is surveillance.

Combined protection eliminates these shortcomings.

Model of protecting information from leakage through technical channels from the protected object

Table 9

	Installation location	Positional installation location of information retrieval devices	Type (index) of the data pickup device	Mode of application	Technical channel closing the leak of information
			Noise generator "Thunder ZI - 4"	Constantly	Radioelectronic
	PC office №3		Noise generator "GSh-K-1000M"	Constantly	Radioelectronic
			Noise generator "Kupol-W-DU"	Constantly	Radioelectronic
	Socket 220 V. Office of the head of the protected object		Noise generator	By decision of management	Radioelectronic
Table continuation
			Noise generator "SI-8001"	Constantly	Radioelectronic
	Socket 220 V. Cabinet No. 2		Noise generator "SI-8001"	By decision of management	Radioelectronic
			Noise generator "Wave 4 M"	By decision of management	Radioelectronic
	Office of the head of the object of protection		Noise generator "SELSP-21B1"	By decision of management	Radioelectronic
	Office of the head of the object of protection		Power filter "FSP-1F-7A"	Constantly	Radioelectronic
	The window of the office of the head of the object of protection		Vibroacoustic system "VGSh-103"	Constantly	Acoustic
	Window of the secret compartment		Vibroacoustic noise generator "ANG-2000"	By decision of management	Acoustic

Tactical and technical characteristics of protective equipment

Table 10

	Installation location	Type (index) of information security device	Specifications
	Desk of the head of the object of protection	Grom ZI-4	Frequency range - 20 - 1000 MHz Power supply - network 220 V Signal voltage - in the frequency range 100 kHz - 1 MHz - 60 dB
	Office of the head of the object of protection		Frequency range - 100 kHz - 1000 MHz Power supply - +12 V, from the computer bus Radiated Power Levels noise - 30 - 45 dB
Table continuation
	Secret office room	Dome-W-DU	Action radius - 5 - 10 m Operating frequency range - 100 kHz - 1800 MHz Power - 220 V radiation power - 15 W Noise quality factor - no worse than 0.6
	Socket 220 V. Office of the head of the protected object		Interference spectrum width - 30 kHz - 30 MHz Power - 220 V Noise signal level - 75 - 35 dB / μV
	Socket 220 V. Premises of the secret department		Power consumption< 15ВА Power-220 V Interference level -30 - 80 dB
	Socket 220 V. Cabinet No. 2		Interference spectrum width - 5 kHz - 10 MHz Power-220 V Interference level -30 - 80 dB
	Office of the head of the object of protection		Frequency range - 0.5...1000 MHz Power - 20 W Food - 220 V Noise amplitude - at least 3 V
	Office of the head of the object of protection		Power - 12 V Frequency range - 5 MHz ... 1 GHz Output signal level - 45 dB Consumption current - 350 mA
	Office of the head of the object of protection		Operating frequency range - 0.15-1000 MHz Attenuation amount -60 dB Permissible load current-7 A
	The window of the office of the head of the object of protection		Range -40 dB in the frequency range 175 - 5600 Hz Radius - 5 m
	Window of the secret compartment		Interference spectrum width - 250 Hz - 5 kHz Power-220 V Power consumption - 24 W Output voltage -1 - 12 V Resistance > 0.5 ohm

Methods for protecting information from emergencies

The protection of information from emergencies consists in the creation of means of warning, control and organizational measures to exclude unauthorized access at the complex of automation tools in the conditions of failures of its functioning, failures of the information protection system, life support systems for people at the accommodation facility and in the event of natural disasters.

Practice shows that although an emergency is a rare event (the probability of its occurrence depends on many reasons, including those beyond human control, and these reasons can be interrelated), protection from it is necessary, since the consequences as a result of its impact, as a rule, , can be very heavy, and the losses - irretrievable. The costs of protection from emergencies can be relatively small, but the effect in the event of an accident can be large.

The failure of the functioning of the AIS may lead to the failure of the information security system, access to its media may be opened, which may lead to deliberate destruction, theft or substitution of the media. Unauthorized access to the internal wiring of the equipment may lead to the connection of foreign equipment, destruction or change of the circuit diagram.

Failure of the life support system can lead to the incapacitation of maintenance and monitoring personnel. Natural disasters - fire, flood, earthquake, lightning strikes, etc. - can also lead to the above consequences. Emergency situation may have been created intentionally. Then organizational measures apply.

In the event of failure of the functioning of the automated control system, the subsystem for monitoring the opening of the equipment is supplied with an autonomous power source. To avoid irretrievable loss of information, storage media are duplicated and stored in a separate remote and safe place. To protect against leakage, information must be stored in a closed in a cryptographic way form. In order to take timely measures to protect the life support system, appropriate sensors are installed, the signals from which are sent to centralized systems, control and signaling.

Fire is a common hazard. It can occur due to the fault of service personnel, in case of equipment failure, as well as as a result of a natural disaster.

Organizational measures for the protection of information in the ASOG consist in the development and implementation of administrative and organizational technical measures during the preparation and operation of the system.

Organizational measures, according to foreign experts, despite the constant improvement of technical measures, constitute a significant part of the protection system. They are used when computing system cannot directly control the use of information. In addition, in some critical cases, in order to increase the effectiveness of protection, it is useful to duplicate technical measures with organizational ones.

Organizational measures for the protection of systems in the process of their preparation and operation cover the decisions and procedures taken by the management of the user of the system. Although some of them may be defined external factors such as laws or government regulations, most problems are resolved within the organization under control conditions.

In most studies devoted to the problems of information security, and in existing foreign publications, the main attention was paid to either legal aspect and related social and legislative problems, or techniques solutions specific problems protection. Compared with them, organizational issues lacked the clear formulation that is inherent in technical problems, and the emotional coloring that is characteristic of legal issues.

Integral part any action plan should have a clear indication of goals, distribution of responsibilities and a list of organizational protection measures. The distribution of responsibilities and functions for implementing security from organization to organization may vary, but careful planning and precise assignment of responsibilities are necessary conditions creating an effective viable protection system.

Organizational measures for the protection of information in ASOI should cover the stages of design, development, manufacture, testing, preparation for operation and operation of the system.

As required terms of reference in the design organization, along with technical means, organizational measures are developed and implemented to protect information at the stage of creating the system. The creation phase refers to the design, development, manufacture and testing of the system. At the same time, it is necessary to distinguish between information protection measures taken by the design organization, developer and manufacturer in the process of creating a system and designed to protect against information leakage in this organization, and measures laid down in the project and developed documentation for the system, which relate to the principles of organization of protection in the system itself and from which follow the organizational measures recommended in the operational documentation by the development organization for the period of commissioning and operation of the system. The implementation of these recommendations is a certain guarantee of information protection in the ASIO.

Organizational measures to protect information in the process of creating a system include:

Organization of the development, implementation and use of funds;

Management of personnel access to the territory, buildings, and premises;

Introduction to the necessary areas of work with a secrecy regime;

Development job descriptions to ensure secrecy in accordance with the instructions and regulations in force in the country;

If necessary, the allocation of separate rooms with burglar alarm and throughput system;

Separation of tasks by performers and release of documentation;

Assignment of a secrecy stamp to materials, documentation, equipment and their storage under protection in separate rooms, taking into account and controlling the access of performers;

Constant monitoring of compliance by the performers with the regime and relevant instructions;

Establishment and distribution of responsible persons for information leakage.

Organizational measures laid down in the operating instructions for the system and recommended to the consumer organization should be provided for during the periods of preparation and operation of the system.

These measures as a method of information protection involve a system of organizational measures that complement and combine the above technical measures in single system information security

6. State policy in the field of information security. Definition and tasks of information security. Components of the national interests of the Russian Federation in the information sphere.

7.Protection of information. Types and content of events.

8. Information protection. Types and content of events.

10.Technical means, etc. Types of modern computers.

11. Personal computer: purpose, functions. The main devices of the PC, appointments, functions, characteristics.

12. Units of measurement of information. Information storage devices.

13. Types and classification of software.

14. Operating systems: purpose, functions. The role and place of wasps in computer software.

15. Characteristics and features of the Windows operating system.

16. Organization of information storage. The structure of the file system. The concept of disk, file, folder. File types.

17. Basic operations with files and folders. Tools for working with folders and files: shortcut, system folder Recycle Bin, clipboard.

18. Maintenance of external memory devices using OS utilities

19. Basic controls of the Windows user interface.

20.Setting up the user interface. Customize Main Menu, Desktop

21 . Text editors as a means of preparing legal documents: basic and additional features and functionsMs word.

26. Spelling and stylistic control, error correction (msWord).

27. Page parameters and ways to set them msWord.

28.Page numbering. ColumnNumber Options (msWord)

29 Using custom tabs to style msWord structured paragraphs.

31 . Preparing and formatting tables.

32 . Footnotes: means of creation and design.

33 . The concept of a document template and design style: their use.

34 . The concept of footer: means of creation and design.

35 . Automated creation of a structured document table of contents.

36. Tools for creating multi-column text msWord.

37. Spreadsheets: purpose, basic and additional functions of ms Excel.

38. The concept of a book, sheet, spreadsheet cell. Absolute and relative cell reference.

39. Entering and editing data in spreadsheets.

40. Row, column, spreadsheet cell formats and their setting. Basic data formats: numeric, percentage, datetime ms Excel.

41. Organization of calculations in a spreadsheet: entering and copying a formula.

43. Creating charts and graphs in a spreadsheet: building steps ms excel.

45 Performing analytical processing of data in the list: sorting, selection of data by criterion; summing up (ms Excel).

46 Protecting data in a spreadsheet (ms Excel)

Question 48. Subd database management systems: purpose and functions.

fifty . DB creation. Field description: type, size, format and other properties of the ms Access field.

51. Key field, its purpose and use.

52 - 53. Database structure in Access. Relationship between tablesAccess tools for establishing relationships between tables.

54 . Forms: purpose, means of creation, use of ms Access.

55 . Sorting screen entries: using a filter

56 . Request types. The order of formation of the request.

57. Sample request. MS Access.

58 . The calculation in the query. Grouping methods, group functions.

59 . Calculation on data in the database: generating an update requestMs Access

Question 60. Requests with ms Access parameters.

61. Reports: purpose, creation tools, use of ms Access.

62. The concept and types of computer networks.

63 . The Internet as an information environment. Website concept.

Question 64. The logical and physical structure of the Internet. tcpip protocol.

65 . Hypertext technology www. html language. Web page.

66 . Internet addressing, domain name system.

67. Microsoft Internet Explorer. Characteristics, setting methods and use.

68. Access to the Internet. Internet Services. Ways to find information on the Internet.

69 . Major search engines. Query language.

70. Email.

71. The concept and types of electronic presentations.

72. Planning and organizing an electronic presentation.

Question 73-74 Electronic Presentation Slide Structure. Create and manage presentation slides.

Question 76. Animation of objects on a presentation slide.

76. Animation of objects on a presentation slide.

77. The structure of the information array in the reference legal system.

78. Types of search in reference legal systems.

79. Details of documents in the reference legal system, their use for search.

80 Contextual search in the texts of documents of reference legal systems

81 Search by subject classifiers in reference legal systems

82. Keyword search in reference legal systems: assignment to use.

7.Protection of information. Types and content of events.

information protection is a set of measures taken by the owner of information to protect their rights to own and dispose of information, create conditions that limit its dissemination and exclude access to classified information and its carriers.

Therefore, information security should also be understood as ensuring the security of information and the media in which the protected information is accumulated, processed and stored.

Thus, the protection of information is the activity of the owner of information or persons authorized by him to:

> ensuring their rights to own, dispose and manage protected information;

> prevention of leakage and loss of information;

maintaining the completeness, reliability, integrity of the protected information, its arrays and processing programs;

> maintaining the confidentiality or secrecy of protected information in accordance with the rules established by laws and regulations.

The main organizational and technical measures that are carried out by the state information security system should be considered:

state licensing of enterprises in the field of information security;

certification of information objects according to information security requirements, designed to assess the readiness of systems and means of informatization and communication for processing information containing state, official or commercial secrets;

certification of information security systems;

To the organizational and technical measures carried out state system information security also includes:

introduction of territorial, frequency, energy, spatial and temporal restrictions in the modes of operation of technical means to be protected;

creation and application of information and automated systems protected control;

development and implementation technical solutions and elements of information protection in the creation of weapons and military equipment and in the design, construction and operation of informatization objects, systems and means of automation and communication.

8. Information protection. Types and content of events.

1.Technical means of protecting information, including means of monitoring the effectiveness measures taken information protection:

1.1. Means of protecting information from the interception of optical signals of images in the visible, infrared and ultraviolet wavelengths.

1.2. Means of protecting information from the interception of acoustic signals propagating in air, water, solid media.

2. Protected technical means and systems, including:

2.1. Means of scrambling, masking or encryption

telematic information transmitted via communication channels.

2.2. Equipment for transmitting video information over an optical channel.

3. Technical means of protecting special operational and technical measures of special technical means intended for secretly obtaining information.

4. Technical means of protecting information from unauthorized access NSD:

4.2. Special funds protection against forgery of documents based on optical-chemical technologies, including:

Means of protecting documents from photocopying

Means of protecting documents from counterfeit substitution using chemical identification preparations

Means of protecting information with the help of cryptography.

5. Software tools for protecting information from unauthorized access and software bookmarks:

5.1. Programs that provide differentiation of access to information.

5.3. Programs for checking the functioning of the information security system and monitoring the integrity of the means of protection against unauthorized access.

5.4. Protection programs for various auxiliary purposes, including anti-virus programs.

6. Protected software information processing:

6.1. Packages application programs automated workstations.

6.2. Databases of computer networks.

7. Software- technical means information protection:

7.1 Software and hardware to protect information from unauthorized copying,

7.2. Software and hardware for cryptographic and verbatim protection of information, including means for masking information during its storage on data carriers and during transmission over communication channels.

7.3. Software and hardware means of interrupting the operation of the user's program in case of violation of access rules, including:

Forced termination of the program

Computer lock.

7.4. Software and hardware for erasing data, including:

8. Special means of protection against identification

9. Software and hardware protection against unauthorized:

8.1. Means of protection against phonographic examination of speech signals.

8.2. Means of protection against dactyloscopic examination. bathroom access to systems of operational-search activities SORM on communication lines:

9.1. in wired communication systems.

9.2. AT cellular systems connections.

9. Basic provisions of information protection legislation .

Legal protection of information

Legal protection of computer programs and databases for the first time in in full introduced in Russian Federation Law of the Russian Federation On the legal protection of programs for electronic computers and databases, which came into force in 1992.

The legal protection granted by this law extends to all types of computer programs, including operating systems and software complexes, which can be expressed in any language and in any form, including source text in programming language and machine code. However, legal protection does not extend to the ideas and principles underlying the computer program. Including on the ideas and principles of organizing the interface and algorithm.

For notification with their rights, the developer of the program can. From the first release of the program, use the copyright notice, which consists of three elements:

The letters C in a circle or parentheses c

Names of the copyright holder

The year the program was first published.

c Microsoft Corporation, 1993-1997.

An organization or a user who legally owns a copy of the program and has purchased a license to use it, has the right, without obtaining additional permission the developer to carry out any actions related to the operation of the program, including its recording and storage in the computer memory. Recording and storage in the computer memory is allowed in relation to one computer or one user in the network, unless otherwise provided by the contract with the developer.

You must know and comply with existing laws that prohibit illegal copying and use of licensed software. In relation to organizations or users that infringe copyright, the developer may seek damages and compensation from the infringer in an amount determined at the discretion of the court from 5,000 times to 50,000 times the minimum monthly wage.

Federal Law No. 149-FZ of July 27, 2006 On Information, Information Technologies and Information Protection

Article 16. Protection of information

1. Information security is the adoption of legal, organizational and technical measures aimed at:

1 ensuring the protection of information from unauthorized access, destruction, modification, blocking, copying, provision, distribution, as well as from other misconduct regarding such information

2 maintaining the confidentiality of restricted information,

3 realization of the right to access to information.

2. State regulation relations in the field of information protection is carried out by establishing requirements for the protection of information, as well as liability for violation of the legislation of the Russian

Federation of Information, Information Technology and Information Protection.

3. Requirements for the protection of public information may be established only to achieve the goals specified in clauses 1 and 3 of part 1 of this article.

4. The owner of information, the operator of the information system, in cases established by the legislation of the Russian Federation, are obliged to ensure:

1 prevention of unauthorized access to information and or its transfer to persons not entitled to access to information

2 timely detection of facts of unauthorized access to information

3 prevention of the possibility of adverse consequences of violation of the order of access to information

4 prevention of impact on the technical means of information processing, as a result of which ....

According to Federal Law No. 149 "On information, information technologies and information protection", "information protection is the adoption of legal, organizational and technical measures aimed at:

• 1) ensuring the protection of information from unauthorized access, destruction, modification, blocking, copying, provision, distribution, as well as from other illegal actions in relation to such information;
• 2) observance of confidentiality of information of limited access;
• 3) realization of the right to access to information. Federal Law No. 149 “On Information, Information Technologies and Information Protection”

Based on this definition, all measures to ensure information security can be divided into three categories:

• 1) organizational
• 2)technical
• 3) legal

Organizational measures are administrative and procedural in nature and regulate the processes of functioning of the data information system and the actions of personnel. Consequently, organizational arrangements can be divided into administrative and procedural measures

Administrative measures

The main purpose of administrative measures is to create a program of work on the topic "information security" and ensure its implementation. The program is based on a security policy. A security policy is a set of documented decisions taken by the management of an organization and aimed at achieving top level information security. A security policy can be thought of as an organization's information security strategy.

In order to develop a detailed strategy and implement it in a real enterprise, it is necessary to first agree on the various political decisions of top management. Based on this security policy, a security program is developed. It is worth noting that this policy provides special rules, instructions and regulations that directly relate to the personnel of the enterprise. It is advisable to consider the security policy at three levels of detail:

• Upper level
• Average level
• Lower level

Let's look at these levels in detail:

Upper level.

The top level includes decisions that affect the organization as a whole. They are of a general nature and usually come from the management of the organization.

Average level

To given level security issues include issues that relate to important aspects of information security for various systems in the enterprise.

Here it is worth answering the following questions:

• should employees be allowed to transfer data from home computers to work computers?
• Should employees be allowed to transfer data from work computers to home computers?

Lower level.

Security Policy lower level can be attributed to specific information services, various systems that function separately or to data processing subsystems.

After formulating a separate security policy, you can begin to draw up a security program, that is, the development of specific measures to implement the security policy.

Typically, a security program is divided into two levels:

• the top, or central level, which encompasses the entire organization.
• lower, or service, relating to individual services or groups of homogeneous services.

This program is led by a person who is responsible for the information security of the organization. Program top level must occupy a strictly defined place in the activities of the organization, it must be officially supported and accepted by the management, as well as have a certain staff and budget.

In this work, the main goals and objectives of the upper level were identified:

• “risk management, including risk assessment and selection effective means protection.
• coordination of activities in the field of information security, replenishment and distribution of resources.
• strategic planning. Within the framework of the upper level program are accepted strategic decisions to ensure security, technological innovations in ensuring information security are evaluated. Information Technology are evolving very quickly, and it is necessary to have a clear policy for tracking and implementing new tools.
• control of activities in the field of information security. This control is two-way. First, it is necessary to ensure that the organization's actions do not violate the law. Secondly, you need to constantly monitor the security situation within the organization, respond to incidents of violations and refine protective measures as the situation changes. ” Makarenko S.I. Information Security: Study Guide

Lower Level Program

The purpose of the lower-level program is to provide reliable and cost-effective protection for a particular service or group of services. At this level, a decision is made on the use of protection mechanisms; procurement and installation of technical equipment; day-to-day administration is performed; Weaknesses are monitored.

procedural measures

Procedural security measures are focused on people, not on technical means. It is people who form the information security regime, and they also turn out to be main threat. That's why " human factor' deserves special attention.

At the procedural level, the following classes of measures can be distinguished:

• 1. "Personnel management
• 2. Physical protection
• 3. Maintaining the health of the system
• 4. Responding to Security Violations
• 5. Planning of restoration work "Gatchin Yu.A., Sukhostat V.V. Information Security Theory and Information Protection Methodology: Textbook

Let's describe some of them in more detail:

Personnel management begins even before a new employee is hired - with the preparation of a job description. In doing so, two general principles when defining computer privileges:

• 1. “The principle of segregation of duties dictates that roles and responsibilities be distributed in such a way that one person cannot disrupt a process that is critical to the organization.
• 2. The principle of least privilege requires that users be given only those rights that they need to perform their duties. Ibid

Physical protection. The security of an information system depends on the environment in which it operates. Measures must be taken to protect buildings and the surrounding area, supporting infrastructure, computer science, information carriers.

To maintain performance information systems it is necessary to carry out a number of routine activities:

• 1. User support, i.e. advice and assistance in solving various problems; at the same time, it is important to identify problems related to information security
• 2. Software support is primarily about keeping track of what software is installed on computers. Software support also includes control over the absence of unauthorized changes to the program.
• 3. Backup necessary to restore programs and data after disasters.
• 4. Media management involves the protection of storage media, both from unauthorized access and from harmful effects environment
• 5. Documentation is an integral part of information security. Almost everything is documented - from the security policy to the media inventory log. At the same time, it is important that the documentation reflects the current state of affairs, so that it can be easily found if necessary, and also that it is protected from unauthorized access.
• 6. Maintenance work (for example, repair) is a very serious security threat, since during their implementation unauthorized employees gain access to the system. The qualifications and conscientiousness of these employees are very important here.

The response to security breaches has the following objectives:

• 1. Incident containment and damage mitigation
• 2. Identification of the offender
• 3. Prevention of repeat violations

If a security breach is detected, action must be taken immediately, so it is important that the sequence of actions be planned in advance and documented. All employees must know how to act and whom to contact if a particular security breach is detected, and they must also know what consequences await them if they violate information security rules.

Recovery planning allows you to prepare for accidents, reduce damage from them and maintain the ability to function at least to a minimum extent. The recovery planning process can be divided into the following steps:

• 1. Revealing the most important functions organizations.
• 2. Determining the resources needed to perform critical functions.
• 3. Determining the list of possible accidents. At the same time, it is important to develop a “scenario” of an accident, to understand what consequences they will lead to.
• 4. Development of a recovery strategy. The recovery strategy should be based on available resources and should not be too costly for the organization; should provide not only work to eliminate accidents, but also a return to normal functioning.
• 5. Preparation for the implementation of the chosen strategy, that is, the development of an action plan in the event of an accident, as well as measures to ensure additional resources necessary in the event of an accident.
• 6. Verification of the strategy, which consists in the analysis of the prepared plan, taken and planned measures.