LEGAL PROBLEMS OF THE USE OF COMPUTER TECHNOLOGIES AND IMPROVEMENT OF LEGISLATION
IMPROVING THE INSTITUTIONAL MECHANISM FOR ENSURING INFORMATION SECURITY OF THE RUSSIAN FEDERATION
IMPROVING THE INSTITUTIONAL MECHANISM FOR ENSURING THE INFORMATION SECURITY OF THE RUSSIAN FEDERATION
© Yulia Alexandrovna Koblova
Yuliya A. Koblova
Candidate of Economic Sciences, Associate Professor of the Department of Institutional Economics and Economic Security, Saratov Socio-Economic Institute (branch) G.V. Plekhanov"
Cand. Sc. (Economics), associate professor at the department of institutional economics, Saratov socio-economic institute (branch) of Plekhanov Russian University of Economics
e-mail: [email protected]
The article examines the institutional aspects of ensuring the information security of the state. The essence and role of the institutional mechanism in ensuring the information security of the state is revealed. An assessment is made of the institutional provision of information security in Russia. Problems are identified and a system of measures to improve the institutional mechanism for ensuring the information security of the country is proposed.
Key words: institutions, institutional mechanism, information security, Internet space.
The paper examines the institutional aspects of ensuring information security of the state. The author reveals the essence and role of institutional mechanism in ensuring state information security, evaluates the institutional mechanism of ensuring information security in Russia, highlights major challenges, and suggests a system of measures to improve the institutional mechanism to ensure information security.
Keywords: institutions, institutional mechanisms, information security, internet space.
Ensuring the information security of the state is a fairly new state function with the volume and content of methods and tools that have not yet been established.
cops. Its formation is due to the need to protect society and the state from information threats associated with the development of the latest information and communication technologies.
technology. The scale of the negative consequences of these threats for states, organizations, people is already recognized by the world community, therefore the most important task of the state is to develop a system of measures to prevent and neutralize them. An important role in achieving the information security of the state is played by the institutional mechanism for its provision. The effectiveness of the institutional system that implements public interests is the key to their harmonization in order to ensure the highest state interests, including national and information security.
Recall that institutions are the rules of interactions (“rules of the game”) in society generated by human consciousness and experience, the limitations and prerequisites for development in politics, the social sphere and the economy. The institutions that support long-term economic growth are laws and rules that form incentives and mechanisms. Institutions set a system of positive and negative incentives, reduce uncertainty and make the social environment more predictable. The institutions that guarantee information security are known: the rule of law, an independent and competent court, the absence of corruption, etc.
The institutional mechanism for ensuring information security is a special structural component of the economic mechanism that ensures the creation of norms and rules governing the interaction of various economic entities in the information sphere to prevent threats to information security. The institutional mechanism sets in motion institutions (formal and informal), structures the interactions of subjects, exercises control over compliance with established norms and rules.
The essence of the institutional mechanism is manifested through its functions. O.V. Inshakov and N.N. Lebedev believe that the institutional mechanism performs the following functions, which are also applicable to the information security mechanism:
1) integration of agents into one institution in order to carry out joint activities within the framework of common statuses and norms;
2) differentiation of norms and statuses, as well as subjects and agents of different institutions into requirements that separate and ignore them; regulation of interaction between the
ta and its agents in accordance with the established requirements;
3) implementation of the translation of new requirements into actual practice;
4) ensuring the reproduction of routine innovations;
5) subordination and coordination of relations between entities that belong to different institutions;
6) informing subjects about new norms and about opportunistic behavior;
7) regulation of the activities of entities that share and reject the requirements defined by the institute;
8) control over the implementation of norms, rules and agreements.
Thus, the institutional mechanism for ensuring information security includes the legislative framework and the institutional structures that ensure it. The improvement of this mechanism includes the reorganization of the legislative framework for information security and the institutional structures for countering information security threats.
The institutional mechanism for ensuring information security includes: the adoption of new laws that would take into account the interests of all subjects of the information sphere; observance of the balance of the creative and restrictive functions of laws in the information sphere; Russia's integration into the global legal space; taking into account the state of the sphere of domestic information technologies.
To date, Russia has formed a legislative framework in the field of information security, including:
1. Laws of the Russian Federation: Constitution of the Russian Federation, "On Security"; “On Bodies of the Federal Security Service in the Russian Federation”, “On State Secrets”, “On Foreign Intelligence”, “On Participation in International Information Exchange”, “On Information, Information Technologies and Information Protection”, “On Digital Signature " and etc.
2. Regulatory legal acts of the President of the Russian Federation: Doctrine of information security of the Russian Federation; The National Security Strategy of the Russian Federation until 2020, "On the Fundamentals of State Policy in the Sphere of Informatization", "On the List of Information Classified as State Secrets", etc.
3. Normative legal acts of the Government of the Russian Federation: "On certification
means of information protection”, “On licensing the activities of enterprises, institutions and organizations for carrying out work related to the use of information constituting a state secret, the creation of means of protecting information, as well as the implementation of measures and (or) the provision of services for the protection of state secrets”, “On licensing of certain types of activities”, etc.
4. Civil Code of the Russian Federation (part four).
5. Criminal Code of the Russian Federation.
In recent years, Russia has implemented
a set of measures to improve its information security. Measures have been implemented to ensure information security in federal government bodies, government bodies of the constituent entities of the Russian Federation, at enterprises, institutions and organizations, regardless of the form of ownership. Work is underway to protect special information and telecommunication systems. The state system of information protection, the system of protection of state secrets and certification systems of information security tools contribute to the effective solution of information security problems in the Russian Federation.
The State Technical Commission under the President of the Russian Federation pursues a unified technical policy and coordinates work in the field of information security, is at the head of the state system for protecting information from technical intelligence and ensures the protection of information from leakage through technical channels in Russia, monitors the effectiveness of the protection measures taken.
An important role in the information security system of the country is played by state and public organizations: they exercise control over state and non-state mass media.
At the same time, the level of information security in Russia does not fully meet the needs of society and the state. In the conditions of the information society, the contradictions between the public need for the expansion and freedom of information exchange, on the one hand, and the need to maintain certain regulated restrictions on its dissemination, are exacerbated.
Currently, there is no institutional support for the rights of citizens enshrined in the Constitution of the Russian Federation in the information sphere (to privacy, personal secrecy, secrecy of correspondence, etc.). Rest-
The protection of personal data that is collected by federal authorities leaves much to be desired.
There is no clarity in the implementation of the state policy in the sphere of the formation of the information space of the Russian Federation, the media, international information exchange and Russia's integration into the world information space.
Improving the institutional mechanism of information security of the state, in our opinion, should be aimed at solving the following important problems.
The weak practical orientation of modern Russian legislation in the information sphere creates problems of a legal and methodological nature. Opinions are expressed that the Doctrine of Information Security of the Russian Federation has no applied value, contains many inaccuracies and methodological errors. Thus, the objects of information security in the Doctrine are recognized as interests, the individual, society, the state - concepts that are not comparable with each other. Many scientists have paid attention to the inadmissibility of accepting the protection of interests as an object of information security, and not their carriers.
The use of these categories, the content of which is vague, is not entirely inappropriate in a legislative document. For example, subjects of law are legal and natural persons, organizations, stateless persons, executive authorities. The category "state" includes the territory of the country, its population (nations), political power, constitutional system.
The Information Security Doctrine of the Russian Federation recognizes as sources of threats to information security:
Activities of foreign structures;
Development of concepts of information wars by a number of states;
The desire of a number of countries to dominate, etc.
According to G. Atamanov, the source can be an object or subject that takes part in the information process or is able to influence it to one degree or another. For example, in US law, sources of information infrastructure threats include: hackers opposed to the US; terrorist groups; states against which an anti-terrorist operation may be directed;
hackers, curious or self-assertive.
Shortcomings and framework character of the Doctrine reduce efficiency and limit the scope of its application, set the wrong direction for the development of legislation in the information sphere and increasingly confuse it.
To properly ensure information security, it is necessary to create an appropriate system of legal relations, which, in turn, is impossible without revising the categorical apparatus, the doctrinal and conceptual foundation of legislation in the information sphere.
2. Gap between legislation and practice in the information sphere.
A huge gap between legislation and practice in the information sphere objectively exists due to the rapidity and scale of the development of information technologies and the Internet, which instantly give rise to new threats. The legislative process, on the contrary, is long and thorny. Therefore, in modern conditions, mechanisms are needed to harmonize the development of laws with the realities of the development of information technologies and the information society. It is important that the backlog is not too large, as this is fraught with a decrease or loss of information security.
Bridging the gap between practice and legislation in the information sphere is necessary to reduce and neutralize the threats to information security arising from outstripping the development of information technologies and the emergence of a vacuum in legislation.
3. Lack of supranational institutions that guarantee information security.
It is impossible to counter the crimes committed on the Internet by the forces of one country. Prohibitive measures introduced at the national level will not be effective, as violators may be located abroad. To combat them, it is necessary to consolidate efforts at the international level and adopt international rules of conduct in the Internet space. Similar attempts have been made. Thus, the Budapest Convention of the Council of Europe allowed the prosecution of violators in the territory of another state without warning its authorities. That is why many countries found it unacceptable to ratify this document.
Model law "On the basics of Internet regulation", approved at the plenary
meeting of the Interparliamentary Assembly of the CIS Member States, establishes the procedure for state support and regulation of the Internet, as well as the rules for determining the place and time of legally significant actions on the network. In addition, the law regulates the activities and responsibilities of service operators.
It is necessary to note the ratification of the document allowing the exchange of confidential information on the territory of Russia, Belarus and Kazakhstan. This is a protocol that determines the procedure for providing information containing confidential information for investigations prior to the introduction of special protective, anti-dumping and countervailing measures in relation to third countries. This is a very important agreement between the member states of the Customs Union, which makes it possible to jointly develop and build up protective anti-dumping and countervailing measures. Thus, today a solid regulatory framework has been organized, which creates a fundamentally new supranational body authorized not only to conduct investigations, collect evidence, but also protect it from leaks, determining the procedure for providing it.
The formation of supranational institutions in the information sphere will make it possible to overcome the limitations of national legislation in the fight against information crimes.
4. Lack of institutions of the Internet space.
At present, such new institutions should appear in international law that regulate the interaction of subjects in the Internet space, such as "electronic border", "electronic sovereignty", "electronic taxation" and others. This will help overcome the latent nature of cybercrime, i.e. increase in detection of cybercrimes.
5. Development of public-private partnership in the information sphere.
An interesting dilemma arises in connection with the desire of government organizations to publish reports on the state of their information security system. On the one hand, these publications reflect the efforts of the state to maintain the cybersecurity system at the proper level. It would seem that such a result should lead to a more efficient structure of spending on cybersecurity. But, on the other hand, the publication of information about the shortcomings of the cybersecurity system
Scientific and practical journal. ISSN 1995-5731
The security of government organizations is more likely to make them vulnerable to attacks by hackers, which entails the need for more resources to fend off and prevent them.
The biggest problem in ensuring cooperation and information exchange related to security between government agencies and corporations Gordon and Loeb consider the problem of "free-riding" (//tee-^et). It would seem that since the security of computer networks depends on the actions of each participant, such cooperation is the best way to increase the effectiveness of funds spent on ensuring cybersecurity. A successful exchange of information and experience in the field of cybersecurity could make it possible to coordinate such activities at the national and international levels. But in reality, the firm's fear of losing competitive advantages by participating in such network cooperation and providing complete information about itself leads to
nenii from providing complete information. Only the development of public-private partnerships based on the introduction of sufficiently significant economic incentives can change the situation here.
Thus, the institutional mechanism for ensuring the information security of the state involves the formation of legislative foundations and institutional structures that ensure it. To improve the institutional mechanism and form a new architecture of economic security in the conditions of the information economy, a system of measures has been proposed, including: overcoming the declarative nature of legislation and narrowing the gap between legislation and practice in the information sphere, the formation of supranational legislation in the information sphere, the creation of new institutions that determine the framework for interaction and rules of conduct in the Internet space.
Bibliographic list (References)
1. Inshakov O.V., Lebedeva N.N. Economic and institutional mechanisms: correlation and interaction in the conditions of social and market transformation of the Russian economy // Bulletin of St. Petersburg. state unta. Ser. 5. 2008. Issue. 4 (No. 16).
2. Dzliev M.I., Romanovich A.L., Ursul A.D. Safety issues: theoretical and methodological aspects. M., 2001.
3. Atamanov G. A. Information security in modern Russian society (social and philosophical aspect): dis. ... cand. philosophy Sciences. Volgograd, 2006.
4. Kononov A. A., Smolyan G. L. Information Society: Total Risk Society or Guaranteed Security Society? // Information society. 2002. No. 1.
1. Inshakov O.V., Lebedeva N.N. (2008) Khozyaystvennyy i institutsional "nyy mekhaniz-my: sootnosheniye i vzaimodeystviye v usloviyakh sotsial" no-rynochnoy transformatsii rossiyskoy ekonomiki // Vestnik S.-Peterb. gos. unta. Ser. 5. Vyp. 4 (No. 16).
2. Dzliyev M.I., Romanovich A.L., Ursul A.D. (2001) Problemy safety: teoretiko-metodologicheskiye aspekty. M.
3. Atamanov G.A. (2006) Informatsionnaya bezopasnost" v sovremennom rossiyskom ob-shchestve (sotsial" no-filosofskiy aspekt) . Volgograd.
4. Kononov A.A., Smolyan G.L. (2002) In-formatsionnoye obshchestvo: obshchestvo total "nogo riska or obshchestvo garantirovannoy bezopasnosti? // Informat-sionnoye obshchestvo. No. 1.
COURSE PROJECT
on the topic: "Improvement of the information security system at the enterprise LLC" Management Company "Ashatli""
Introduction
The topic of developing an information security policy at enterprises, firms and organizations is relevant in the modern world. Information security (at the level of enterprises and organizations) is the protection of information and supporting infrastructure from accidental or intentional impacts of a natural or artificial nature that can cause unacceptable damage to the subjects of information relations.
The company has a modern local area network and installed the necessary software, as well as access to the Internet. With the existence of such a large number of information resources, it is also necessary to have an information security policy. At this enterprise, it is necessary to improve the information security policy to minimize information security threats, which is the goal for this course project. An information security threat is a real or potential action aimed at violating information security, leading to material and moral damage.
1. Information security analysis of Ashatli Management Company LLC
General information about the organization
Agroholding "Ashatli" is a dynamically developing, vertically and horizontally integrated group of agricultural companies, a participant in the "Buy Perm!" project.
Agroholding "Ashatli" was established in 2007 and today has the following areas of activity: dairy farming, dairy processing, crop production, growing vegetables, salads and herbs in greenhouses, hydroponics floriculture, as well as land and meat retail.
One of the advantages, as a dynamically developing holding, is a flexible approach to the specifics of work and the wishes of customers. The company's specialists are able to perform work of almost any volume and complexity. Versatile work experience and professionalism of employees allows us to guarantee the fulfillment of any tasks within the contractual period.
Location LLC “Management company “Ashatli”
614010, Russia, Perm region, Perm, Komsomolsky prospect, 70a
1.2 Characteristics of the information resources of the enterprise
According to the Federal Law “On Information, Information Technologies and Information Protection”, publicly available information includes well-known information and other information, access to which is not limited. Publicly available information can be used by any person at their discretion, subject to the restrictions established by federal laws regarding the dissemination of such information.
At Ashatli Management Company LLC, public information is available on the company's website or can be provided by campaign managers. Such information includes:
information contained in the charter of the organization.
Financial statements;
Composition of the leadership, etc.;
Information about the awards and tenders of the campaign;
Information about vacancies and information about the number and composition of employees, about their working conditions, about the wage system;
Contact details of campaign managers;
The organization also has information, the use and dissemination of which is restricted by their owner, i.e. organization. Such information is called protected. It includes information relating to the personal life of employees of the organization.
The next type of information is information that is a trade secret. According to the Federal Law “On Information, Information Technologies and Information Protection”, information constituting a trade secret (production secret) is information of any nature (production, technical, economic, organizational and others), including the results of intellectual activity in scientific and technical sphere, as well as information about the methods of carrying out professional activities that have actual or potential commercial value due to their unknown to third parties, to which third parties do not have free access on a legal basis, in respect of which the owner of such information has introduced a trade secret regime (p. 2 as amended by Federal Law No. 231-FZ of December 18, 2006)
The following information is classified as a commercial secret in Ashatli Management Company LLC:
Information about the identity of workers, home addresses.
Information about clients, their contact and personal data.
Information about the projects, terms and conditions of contracts.
The company's information resources include documents and acts on paper, a local area network.
1.3 Information security threats specific to this enterprise
Under the threat of information security is understood the potential possibility of violation of the basic qualities or properties of information - availability, integrity and confidentiality. The main type of information security threat for this company can be considered unauthorized access to information related to trade secrets.
According to the ways of influencing information security objects, threats relevant to society are subject to the following classification: informational, software, physical, organizational and legal.
Information threats include:
unauthorized access to information resources;
theft of information from archives and databases;
illegal collection and use of information;
Software threats include:
computer viruses and malware;
Physical threats include:
destruction or destruction of information processing and communication facilities;
theft of storage media;
impact on staff;
Organizational and legal threats include:
procurement of imperfect or outdated information technologies and informatization tools;
The enterprise LLC “UK “Ashatli” may be exposed to such information threats, such as
Hacking databases or unauthorized use of commercial information in order to transfer data to competitors of the enterprise, which may adversely affect the activities of the enterprise and, in extreme cases, lead to its ruin, liquidation.
Disclosure of confidential information by employees, its use for selfish purposes for profit, since many employees have access to the 1C Trade Management database.
Employees of the enterprise can intentionally or accidentally influence the dissemination of information, for example, by e-mail,ICQand other digital means of communication, which can negatively affect the reputation of the enterprise, since they have access to the information of the organization.
One of the most common threats to information security is failures and failures of software, technical means of the company, since the equipment often fails even the newest, and the company may also be supplied with technically low-quality equipment.
A situation of unauthorized physical access to technical means that are sources of information, as well as theft of a medium with important information (flash drive, external hard drive, etc.) or only data, may occur at Ashatli Management Company LLC. In fact, this is the theft of intellectual property through the network or the physical theft of media.
One of the most important information threats is the errors of the organization's personnel. Omissions in the work of managers, dishonest performance of their duties by consultants can lead to a violation of the integrity of information, and conflicts with clients may also arise.
Software threats include various malware, loss of passwords, insecurity of the software used, as well as the lack of a backup system.
1.4 Measures, methods and means of information protection used at the enterprise
The legislative level of protection is a set of legislative acts in the field of information and information technology. This level includes: the Constitution of the Russian Federation, the Civil Code of the Russian Federation, the Criminal Code of the Russian Federation, the Federal Law “On Information, Information Technologies and Information Protection”, etc.
The administrative level of information protection is reflected in the IS program. The basis of the program is the information security policy - a published document (set of documents), which is accepted by the management of the organization and is aimed at protecting the information resources of this organization. This organization has not developed an information security policy and this level of information protection is not presented.
The measures used at the procedural level to protect information in Ashatli Management Company LLC include the fact that the passage in the building is carried out only by prior arrangement, and an alarm system is installed in the building. Same witha contract for the protection of premises with non-departmental security was concluded.
Consider the information security tools used in the enterprise. There are four of them in total (hardware, software, mixed, organizational).
Using an antivirus program on all computers (ESET NOD32 Business Edition NOD Antivirus 32)
Using the built-in Windows tools to authorize a computer user.
The use of special logins / passwords for authorization in the 1C Trade Management database.
Security hardware - locks, window bars, security alarms, surge protectors, CCTV cameras.
Software protections: operating system tools such as protection, password, accounts are used.
Organizational means of protection: preparation of premises with computers.
At the hardware and software level, the following measures are taken to protect information:
2. Improving the information security system
2.1 Weaknesses in the information security system
Some of the threats to information security, such as unauthorized access from outside, incorrect operation of software or technical failures, are quite successfully neutralized by competent network configuration and administration, but there are no measures to prevent internal threats.
In the process of analyzing the existing information security system in Ashatli Management Company LLC, the following shortcomings were identified:
Not full use of the functionality of 1C. Access rights to data in the database are not completely separated, as well as passwords do not meet the complexity requirements, or some employees simply do not use them.
There are no restrictions on the formats and sizes of data transmitted via the Internet (*.mp3,*. avi,*. rar) for certain employees.
Some employees store confidential information in public folders simply because of their own inattention, and also store login / password from information systems that require authorization in easily accessible places on the desktop.
Information on paper is practically not protected, with the exception of the most important. (Loan agreements, rent agreements, audit results, etc.)
2.2 Goals and objectives of the formation of the information security system in the enterprise
Thus, we can conclude that there is a high need to improve the existing information security system. It is also necessary to carefully protect the client base of the campaign, since this is very important information that is not subject to disclosure to outsiders.
Campaign employees often do not realize that the speed of the company's activity and, consequently, its competitiveness, and hence the level of their wages, directly depend on the proper organization of the integrity of databases and documents, maintaining them in an orderly form.
The biggest threat to the functionality of electronic accounting is represented by various viruses that enter computers on the network via the Internet, as well as the possibility of access to electronic directories and documents by unauthorized persons.
Information security goals:
– prevention of threats to the security of the enterprise due to unauthorized actions to destroy, modify, distort, copy, block information or other forms of illegal interference in information resources and information systems;
– preservation of commercial secrets processed using computer technology;
– protection of the constitutional rights of citizens to maintain personal secrecy and confidentiality of personal data available in information systems.
The tasks of forming an information security system in an organization are: the integrity of information, the reliability of information and its confidentiality. When the tasks are completed, the goal will be realized.
2.3 Proposed measures to improve the information security system at the legislative, administrative, procedural and software and hardware levels
To eliminate the identified shortcomings in the information security system of Ashatli Management Company LLC, it is proposed to introduce the following measures:
At the legislative level, no changes are planned to introduce new measures to ensure information security.
It is necessary to introduce administrative level measures in the firm's security policy. At the administrative level, it is proposed:
Create a set of information security instructions within the company for certain categories of employees (change and store passwords in inaccessible places, prohibit visiting third-party resources, etc.).
Provide for a number of motivational activities for the interest of employees in compliance with the security policy, as well as punishment for gross violation of the company's security policy. (bonuses and penalties)
To improve the security system at the procedural level, the following series of measures are proposed:
Restrict access of unauthorized people to certain departments of the company.
Conduct a series of consultations with employees of the organization on information security issues and instructions on compliance with the security policy.
At the hardware and software level, it is proposed to introduce the following measures:
Oblige all employees to use passwords to access the 1C database and more carefully restrict access to certain database data (directories, documents and reports) of all employees.
It is necessary to change all standard logins and passwords for access toADSL-Router, it is necessary that the passwords correspond to the level of complexity.
Introduce restrictions on file formats and file sizes transmitted over the Internet to individual employees by creating filters inESETNOD32 businessEdition
Thus, we have decided on changes in the existing information security system of Ashatli Management Company LLC. Among these changes, work with personnel is key, since no matter what perfect information security software is implemented, nevertheless, all work with them is carried out by personnel and the main failures in the organization's security system are usually caused by personnel. Properly motivated, result-oriented staff is already half of what is needed for the effective operation of any system.
2.4 Effectiveness of the proposed measures
The most important advantage of the updated security system at the Ashatli Management Company LLC is the changes in personnel. Most of the problems in the existing security system were caused by the personnel.
Benefits of usingESET NOD32 Business Edition:
focused on enterprises from 5 to 100,000 PCs within one structure
installed on both server and workstations
proactive protection against unknown threats
application of intelligent technologies combining heuristic and signature detection methods
updated heuristic core ThreatSense™
regular automatic update of signature databases
Scalable Solution
Modern technologies
full scanning of all incoming mail via POP3 and POP3s protocols
scanning incoming and outgoing email
detailed report on detected malware
full integration into popular email clients: Microsoft Outlook, Outlook Express, Windows Mail, Windows Live Mail, Mozilla Thunderbird and The Bat! to organize information, and secondly, it will reduce the load on the Internet, since data transmission channels will not be busy transmitting extraneous information.
Centralized Management
With Solution ESET Remote Administrator you can remotely install and uninstall software products ESET , control the operation of anti-virus software, create servers within the network for local product updates ESET ("mirrors"), allowing to significantly reduce external Internet traffic.
ESET NOD 32 Business Edition automatically generates a report on detected infected objects sent to quarantine, on the dynamics of threats, events, scans, tasks, various combined reports can be generated, etc. It is possible to send warnings and messages via the protocol SMTP or through the message manager.
Email and web content filtering
Convenient reports
High-quality anti-virus and network protection will help to avoid disruptions in the operation of computers, this is especially important for the workplaces of managers and consultants. Such improvements will affect the reliability of the campaign as a business partner for many customers, which will have a beneficial effect on the image of the campaign, as well as its income. Automatic backup of information will ensure its integrity and safety, and archiving will provide the ability to quickly restore it in necessary situations.
3. Information security model
The presented model of information security is a set of objective external and internal factors and their influence on the state of information security at the facility and on the safety of material or information resources. Material and technical means, personal data, documents are considered as objects.
PROTECTED VOLUMEKTY
PROTECTED OBJECTS- personal data of students f
aculte;Personal files of students;
Personal cards of students;
current documents;
Material and technical values.
THREATS SECURITY
- theft;
- unauthorized access;
- violation of the integrity of info rmation;
Failures of software and hardware.
PROTECTION METHODS
- regulations;
- organizational, technical and security measures and methods;
- software and hardware oby;
Organizational protection.
SOURCES OF THREATS
- anthropogenic sources (staff, students, intruders);
Technogenic sources (software and hardware);
Natural sources of threats (fires, floods, earthquakes, etc.).
Conclusion
In the process of implementing the course project, an analysis was made of the information security tools of the enterprise LLC "UK" Ashatli ". An analysis was made of the information resources of the enterprise, an analysis of the threats to information security, and the corresponding shortcomings were identified.
The implementation of the proposed corrective actions will allow the enterprise to increase the effectiveness of protection measures and reduce the risk of information loss. It should be noted that the process of organizing or reorganizing information security is a complex process in which programs, personnel and equipment interact simultaneously.
To solve the problem of ensuring information security, it is necessary to apply legislative, organizational and software and hardware measures, which will completely eliminate it.
List of used literature
Maklakov S.V. Creation of information systems with AllFusion Modeling Suite. – M.: Dialogue-MEPhI, 2003. – 432 p.
www. ashatli-agro.ru
Federal Law No. 231-F "On Information, Information Technologies and Information Protection" dated 12/18/2006.
Federal Law of the Russian Federation of July 27, 2006 No. 149-FZ "On Information, Information Technologies and Information Protection"
2. Antivirus system ESET NOD 32 to protect against computer viruses.
Databases are regularly updated and workstations are scanned.
3. Built-in Windows Backup to create archives.
OS Backup Wizard is a program designed to quickly create and restore a Windows backup. It allows you to create a copy of the entire Windows or just individual files and folders.
4. Encryption with a key of 2048 bits for the vpn channel (connection to the office of the management company for mail and workflow).
Chapter 2. Improvement of the NIS
2.1 Weaknesses in the information security system
When analyzing the issues related to information security, it is necessary to take into account the specifics of this aspect of security, which consists in the fact that information security is an integral part of information technology - an area that is developing at an unprecedented pace. What is important here is not so much individual solutions (laws, training courses, software and hardware products) that are up-to-date, but mechanisms for generating new solutions that allow you to live at the pace of technical progress.
Modern programming technologies do not allow creating error-free programs, which does not contribute to the rapid development of information security tools.
After analyzing the information security of the enterprise, we can conclude that insufficient attention is paid to information security:
Lack of access passwords to the system;
The absence of passwords when working with the program with 1C: Enterprise, when changing data;
There is no additional protection of files and information (there is no elementary password request when opening or changing information in files, not to mention data encryption tools);
Irregular updating of the anti-virus program databases and scanning of workstations;
A large number of documents on paper are mainly in folders (sometimes without them) on the employee's desktop, which allows attackers to easily use this kind of information for their own purposes;
There is no regular discussion of information security issues at the enterprise and emerging problems in this area;
A regular check of the operability of the information systems of the enterprise is not organized, debugging is carried out only when they fail;
Lack of information security policy;
Lack of a system administrator.
All of the above are very important shortcomings in ensuring the information security of an enterprise.
2.2 Purpose and objectives of the information security system
Information security - the state of protection of information resources in computer networks and enterprise systems from unauthorized access, accidental or deliberate interference with the normal functioning of systems, attempts to destroy its components.
Information security goals:
prevention of threats to the security of the enterprise due to unauthorized actions to destroy, modify, distort, copy, block information or other forms of illegal interference in information resources and information systems;
preservation of commercial secrets processed using computer technology;
protection of the constitutional rights of citizens to maintain personal secrecy and confidentiality of personal data available in information systems.
To achieve the goals of protection, an effective solution of the following tasks should be ensured:
Protection against interference in the process of functioning of the enterprise by unauthorized persons;
protection against unauthorized actions with the information resources of the enterprise by unauthorized persons and employees who do not have the appropriate authority;
Ensuring the completeness, reliability and efficiency of information support for the adoption of managerial decisions by the management of the enterprise;
Ensuring the physical safety of the technical means and software of the enterprise and protecting them from the action of man-made and natural sources of threats;
registration of events affecting the security of information, ensuring full control and accountability of the implementation of all operations performed at the enterprise;
timely identification, assessment and forecasting of sources of threats to information security, causes and conditions that contribute to damage to the interests of subjects, disruption of the normal functioning and development of the enterprise;
analysis of the risks of the implementation of information security threats and assessment of possible damage, prevention of unacceptable consequences of a violation of enterprise information security, creation of conditions for minimizing and localizing the damage caused;
Ensuring the possibility of restoring the current state of the enterprise in case of violation of information security and the elimination of the consequences of these violations;
· Creation and formation of a purposeful information security policy of the enterprise.
2.3 Measures and means to improve the information security system
To achieve the set goals and solve problems, it is necessary to carry out activities at the levels of information security.
Administrative level of information security.
To form an information security system, it is necessary to develop and approve an information security policy.
A security policy is a set of laws, rules and norms of behavior aimed at protecting information and its associated resources.
It should be noted that the policy being developed should be consistent with existing laws and regulations relating to the organization, i.e. these laws and regulations need to be identified and taken into account in policy development.
The more reliable the system, the stricter and more diverse the security policy should be.
Depending on the formulated policy, you can choose specific mechanisms that ensure the security of the system.
Organizational level of information security.
Based on the shortcomings described in the previous section, the following measures can be proposed to improve information security:
Organization of work on training staff in the skills of working with new software products with the participation of qualified specialists;
Development of the necessary measures aimed at improving the system of economic, social and information security of the enterprise.
Provide training so that each employee realizes the importance and confidentiality of the information entrusted to him, because, as a rule, the reason for the disclosure of confidential information is the lack of knowledge by employees of the rules for protecting trade secrets and misunderstanding (or misunderstanding) of the need for their careful observance.
Strict control over compliance by employees with the rules for working with confidential information;
Monitoring compliance with the rules for storing working documentation of employees of the enterprise;
Scheduled meetings, seminars, discussions on enterprise information security issues;
Regular (scheduled) checking and maintenance of all information systems and information infrastructure for operability.
Appoint a system administrator on a permanent basis.
Software and hardware measures to protect information.
Software and hardware are one of the most important components in the implementation of information protection of an enterprise, therefore, to increase the level of information protection, it is necessary to introduce and apply the following measures:
Entering user passwords;
To regulate user access to the information resources of the enterprise, you must enter a list of users who will enter the system under their login. With Windows Server 2003 Std installed on the server, you can create a list of users with the corresponding passwords. Distribute passwords to employees with appropriate instructions for their use. You also need to enter the password expiration date, after which the user will be prompted to change the password. Limit the number of login attempts with an incorrect password (for example, to three).
Introduction of a password request in the 1C: Enterprise program when working with a database, when changing data. This can be done using PC software tools and software.
Differentiation of access to files, directories, disks.
Differentiation of access to files and directories will be carried out by the system administrator, who will allow access to the corresponding drives, folders and files for each user specifically.
Regular scanning of workstations and updating anti-virus program databases.
Allows you to detect and neutralize malicious programs, eliminate the causes of infections. It is necessary to perform installation, configuration and maintenance of anti-virus protection tools and systems.
To do this, you need to configure the antivirus program to regularly scan your PC and regularly update the databases from the server.
Installation of the Agnitum Outpost FireWall firewall on the server computer, which blocks attacks from the Internet.
Benefits of using Agnitum Outpost FireWall:
¾ controls your computer's connections to others, blocking hackers and preventing unauthorized external and internal network access.
Send your good work in the knowledge base is simple. Use the form below
Students, graduate students, young scientists who use the knowledge base in their studies and work will be very grateful to you.
Hosted at http://www.allbest.ru/
COURSE PROJECT
In the discipline "Information Security"
On the topic
“Improvement of the information security system on
enterprise LLC "Oven"
Introduction
Speaking of information security, at the present time, in fact, they mean computer security. Indeed, information on electronic media plays an increasingly important role in the life of modern society. The vulnerability of such information is due to a number of factors: huge volumes, multipoint access and possible anonymity of access, the possibility of "information sabotage" ... All this makes the task of ensuring the security of information located in a computer environment a much more difficult problem than, say, keeping the secret of a traditional postal correspondence.
If we talk about the security of information stored on traditional media (paper, photo prints, etc.), then its safety is achieved by observing physical protection measures (ie, protection against unauthorized entry into the media storage area). Other aspects of the protection of such information are related to natural disasters and man-made disasters. Thus, the concept of "computer" information security as a whole is broader than information security in relation to "traditional" media.
If we talk about differences in approaches to solving the problem of information security at different levels (state, regional, level of one organization), then such differences simply do not exist. The approach to ensuring the security of the State Automated System "Vybory" does not differ from the approach to ensuring the security of a local network in a small company. Therefore, the principles of ensuring information security in this paper are considered on examples of the activities of a separate organization.
The purpose of the course project is to improve the information security system of Oven LLC. The objectives of the course work will be - analysis of Oven LLC, its resources, structure and existing information security system in the enterprise and the search for methods for improving it.
At the first stage, an analysis of the information security system will be carried out. From the results obtained, at the second stage, a search will be made for methods to improve the protection of information, if there are weaknesses in this system.
1. Analysis of the information security system at Oven LLC
1.1 Characteristics of the enterprise. Organizational structure of the enterprise. Service dealing with information resources and their protection
The full corporate name of the enterprise is the Limited Liability Company "Aries". The abbreviated name of the Company is Oven LLC. Further in the text Society. The company has no branches and representative offices, its only center is located in the Perm region, Suksunsky district, Martyanovo village.
The society was formed in 1990 as a small farm and had three founders. After the reorganization of the farm into a peasant economy in 1998, the only founder remained. The last reorganization was in April 2004. Since April 1, the enterprise has become known as Aries Limited Liability Company.
The main activity of the company is the cultivation of agricultural products, seed material, the sale of agricultural products. Today in Russia, the company occupies the thirteenth place among potato farms and the first in the Perm Territory.
Legal address: Russia, 617553, Perm Territory, Suksunsky, village Martyanovo.
The goals of the enterprise as a whole:
· Receiving profit from the main activity.
· Increasing the competitiveness of products and expanding sales markets.
· Concentration of capital and increase of investment resources for the implementation of investment and other projects.
Company enterprise mission:
1. Continue to take a leading position in the market.
2. Creation of a seed farm.
Organizational structure of the enterprise.
The company uses a linear-functional structure. In a linear-functional structure, a hierarchy of services is formed. In this structure, the heads of functional units have the right to give orders to the next level of management on functional issues.
The structure of the enterprise is shown in Figure 1.
Hosted at http://www.allbest.ru/
Hosted at http://www.allbest.ru/
Figure 1 - Organizational structure of Aries LLC
1.2 Analysis and characterization of information resources of the enterprise
Today, everyone is concerned about the security of corporate information. Individual programs and entire complexes designed to protect data are becoming increasingly popular. However, no one thinks about the fact that you can have as much reliable protection as you like, but still lose important information. Because one of your employees will consider it insignificant and put it on public display. And if you are sure that you are protected from this, then you are greatly mistaken. At first glance, this situation looks like something unreal, like a joke. However, this does happen, and happens often. Indeed, technical staff, who in the vast majority of cases deal with information security issues, do not always understand what data should be hidden and which should not. In order to understand, you need to break down all the information into different types, which are commonly called types, and clearly define the boundaries between them.
As a matter of fact, all companies specializing in the supply of complex systems for ensuring the security of computer information take into account the division of data into various types. This is where you have to be careful. The fact is that Western products follow international standards (in particular, ISO 17799 and some others). According to them, all data is divided into three types: open, confidential and strictly confidential. Meanwhile, in our country, according to the current legislation, a slightly different distinction is used: open information, for internal use and confidential.
Open means any information that can be freely transferred to other persons, as well as placed in the media. Most often, it is presented in the form of press releases, speeches at conferences, presentations and exhibitions, separate (naturally, positive) elements of statistics. In addition, this vulture includes all data obtained from open external sources. And, of course, information intended for a corporate website is also considered public.
At first glance, it seems that open information does not need protection. However, people forget that data can not only be stolen, but also replaced. Therefore, maintaining the integrity of open information is a very important task. Otherwise, instead of a pre-prepared press release, it may turn out to be incomprehensible. Or the main page of the corporate site will be replaced with offensive inscriptions. So public information also needs to be protected.
Like any other enterprise, the company has open information, contained mainly in presentations shown to potential investors.
Information for internal use includes any data that is used by employees in the performance of their professional duties. But that's not all. This category includes all information that is exchanged among themselves by various departments or branches to ensure their performance. And, finally, the last type of data falling under this category of data is information obtained from open sources and subjected to processing (structuring, editing, clarification).
In fact, all this information, even if it falls into the hands of competitors or intruders, cannot cause serious harm to the company. However, some damage from her abduction can still be. Suppose employees have collected news for their boss on a topic of interest to him, among which they have chosen the most important messages and marked them. Such a digest is clearly information for internal use (information obtained from open sources and subjected to processing). At first glance, it seems that competitors, having acquired it, will not be able to benefit from it. But in fact, they can guess what direction your company's management is interested in, and, who knows, they may even be able to get ahead of you. Therefore, information for internal use must be protected not only from substitution, but also from unauthorized access. True, in the vast majority of cases, you can limit yourself to the security of the local network, because it is not economically profitable to spend large sums on this.
This type of information is also presented at the enterprise, which is contained in various kinds of reports, lists, extracts, etc.
Confidential information - documented information, access to which is restricted in accordance with the legislation of the Russian Federation, which is not publicly available and, if disclosed, can damage the rights and legally protected interests of the person who provided it. The list of data related to this neck is established by the state. At the moment, it is as follows: personal information, information constituting a commercial, official or professional secret, information that is a secret of the investigation and office work. In addition, recently, data on the essence of an invention or scientific discovery before their official publication has been classified as confidential.
Confidential information in an enterprise includes such data as: development plan, research work, technical documentation, drawings, profit distribution, contracts, reports, resources, partners, negotiations, contracts, as well as information of a managerial and planning nature.
The company has about twenty PCs. As for the presence of a local network in an enterprise, PCs in society are not united into a single network. In addition, all computers are equipped with a standard set of office programs and accounting programs. Three computers have Internet access through the WAN Miniport. At the same time, not a single computer in the enterprise is equipped with an anti-virus program. The exchange of information is carried out through media: flash drives, floppy disks. All information on "traditional" media is located in cabinets that are not locked. The most important documents are kept in a safe, the keys to which are kept by the secretary.
information protection security
1.3 Threats and means of protecting information in the enterprise
Information security threat - a set of conditions and factors that create a potential or real danger associated with information leakage and / or unauthorized and / or unintentional influences on it
According to the ways of influencing information security objects, threats relevant to society are subject to the following classification: informational, software, physical, organizational and legal.
Information threats include:
Unauthorized access to information resources;
Theft of information from archives and databases;
Violation of information processing technology;
illegal collection and use of information;
Software threats include:
computer viruses and malware;
Physical threats include:
Destruction or destruction of information processing and communication facilities;
Theft of storage media;
The impact on staff
Organizational and legal threats include:
Procurement of imperfect or obsolete information technologies and means of informatization;
Information security tools are a set of engineering, electrical, electronic, optical and other devices and devices, devices and technical systems, as well as other real elements used to solve various problems of information protection, including leakage prevention and security protected information.
Consider the information security tools used in the enterprise. There are four of them in total (hardware, software, mixed, organizational).
Hardware protection- locks, bars on windows, security alarms, network filters, video surveillance cameras.
Software protections: operating system tools such as protection, password, accounts are used.
Organizational means of protection: preparation of premises with computers.
2 Improving the information security system
2.1 Identified shortcomings in the information security system
The most vulnerable point in the protection of information in society is the protection of computer security. In the course of even a superficial analysis of the enterprise, the following shortcomings can be identified:
§ Information is rarely backed up;
§ Insufficient level of information security software;
§ Some employees have insufficient PC skills;
§ There is no control over employees. Often employees can leave the place of work without turning off their PC and having a flash drive with service information.
§ Lack of normative documents on information security.
§ Not all computers use OS tools such as passwords and accounts.
2.2 Goals and objectives of the formation of the information security system in the enterprise
The main goal of the information security system is to ensure the stable operation of the facility, prevent threats to its security, protect the legitimate interests of the enterprise from unlawful encroachments, prevent theft of funds, disclosure, loss, leakage, distortion and destruction of service information, ensuring the normal production activities of all departments of the facility. Another goal of the information security system is to improve the quality of services provided and guarantee the security of property rights and interests.
The tasks of forming an information security system in an organization are: the integrity of information, the reliability of information and its confidentiality. When the tasks are completed, the goal will be realized.
The creation of information security systems (ISS) in IS and IT is based on the following principles:
A systematic approach to building a protection system, which means the optimal combination of interrelated organizational, software, hardware, physical and other properties, confirmed by the practice of creating domestic and foreign protection systems and used at all stages of the technological cycle of information processing.
The principle of continuous development of the system. This principle, which is one of the fundamental ones for computer information systems, is even more relevant for NIS. Ways to implement threats to information in IT are constantly being improved, and therefore ensuring the security of IP cannot be a one-time act. This is a continuous process, which consists in substantiating and implementing the most rational methods, methods and ways to improve the ISS, continuous monitoring, identifying its bottlenecks and weaknesses, potential information leakage channels and new methods of unauthorized access.
Separation and minimization of powers for access to processed information and processing procedures, i.e. providing both users and IS employees themselves with a minimum of strictly defined powers sufficient for them to perform their official duties.
The completeness of control and registration of unauthorized access attempts, i.e. the need to accurately establish the identity of each user and record his actions for a possible investigation, as well as the impossibility of performing any information processing operation in IT without prior registration.
Ensuring the reliability of the protection system, i.e., the impossibility of reducing the level of reliability in the event of failures, failures, deliberate actions of a hacker or unintentional errors of users and maintenance personnel in the system.
Ensuring control over the functioning of the protection system, i.e. creation of means and methods for monitoring the performance of protection mechanisms.
Providing all kinds of anti-malware tools.
Ensuring the economic feasibility of using the protection system, which is expressed in the excess of the possible damage to IS and IT from the implementation of threats over the cost of developing and operating the ISS.
2.3 Suggested actions to improve the information security system of the organization
Identified shortcomings at the enterprise require their elimination, therefore, the following measures are proposed.
§ Regular backup of the database with personal data of the company's employees, with accounting data and other databases available at the enterprise. This will prevent data loss due to disk failures, power outages, viruses, and other accidents. Careful planning and regular backup procedures allow you to quickly restore data in case of loss.
§ Using OS tools on each computer. Creation of accounts for specialists and regular password changes for these accounts.
§ Training of personnel of the enterprise to work with computers. A necessary condition for the correct operation of workstations and the prevention of loss and damage to information. The work of the entire enterprise depends on the skills of the PC staff in terms of correct execution.
§ Installation of anti-virus programs on computers such as: Avast, NOD, Doctor Web, etc. This will avoid infecting computers with various malicious programs called viruses. Which is very important for this enterprise, since several PCs have Internet access and employees use flash media to exchange information.
§ Conducting control over employees, using video cameras. This will reduce cases of careless handling of equipment, the risk of equipment theft and damage, and will also allow controlling the “removal” of official information from the territory of the company.
§ Development of a regulatory document “Measures for protecting information in Oven LLC and responsibility for their violations”, which would comply with the current legislation of the Russian Federation and determine the risks, violations and liability for these violations (fines, punishments). As well as making the appropriate column in the employment contract of the company, that he is familiar with and undertakes to comply with the provisions of this document.
2.4 Effectiveness of the proposed measures
The proposed measures carry not only positive aspects, such as the elimination of the main problems in the enterprise related to information security. But at the same time, they will require additional investments in personnel training and the development of regulatory documents relating to security policy. It will require additional labor costs and will not completely eliminate the risks. There will always be a human factor, force majeure. But if such measures are not taken, the costs of restoring information, the lost opportunities will cost more than those required to develop a security system.
Consider the results of the proposed measures:
1. Increasing the reliability of the organization's information security system;
2. Increasing the level of PC proficiency of personnel;
3. Reduced risk of information loss;
4. Availability of a regulatory document defining the security policy.
5. Possibly reduce the risk of entering/removing information from the enterprise.
3 Information security model
The presented model of information security (Figure 2) is a set of objective external and internal factors and their influence on the state of information security at the facility and on the safety of material or information resources.
Figure 2 - Information security system model
This model complies with the special regulatory documents for ensuring information security adopted in the Russian Federation, the international standard ISO / IEC 15408 "Information technology - methods of protection - criteria for assessing information security", the standard ISO / IEC 17799 "Information security management", and takes into account development trends domestic regulatory framework (in particular, the State Technical Commission of the Russian Federation) on information security issues.
Conclusions and offers
The Information Age has brought about dramatic changes in the way people carry out their duties for a large number of professions. Now a mid-level non-technical specialist can do the work that a highly skilled programmer used to do. The employee has at his disposal as much accurate and up-to-date information as he never had.
But the use of computers and automated technologies leads to a number of problems for the management of the organization. Computers, often networked, can provide access to a huge amount of a wide variety of data. Therefore, people are concerned about the security of information and the risks associated with automating and providing much more access to confidential, personal or other critical data. The number of computer crimes is constantly increasing, which can eventually lead to undermining the economy. And so it should be clear that information is a resource that needs to be protected.
And since automation has led to the fact that now computer operations are performed by ordinary employees of the organization, and not by specially trained technical personnel, end users need to be aware of their responsibility to protect information.
There is no single recipe that provides a 100% guarantee of data safety and reliable network operation. However, the creation of a comprehensive, well-thought-out security concept that takes into account the specifics of the tasks of a particular organization will help minimize the risk of losing valuable information. Computer security is a constant struggle against the stupidity of users and the intelligence of hackers.
In conclusion, I would like to say that the protection of information is not limited to technical methods. The problem is much broader. The main lack of protection is people, and therefore the reliability of the security system depends mainly on the attitude of the company's employees towards it. In addition, protection must be constantly improved along with the development of a computer network. Do not forget that it is not the security system that interferes with the work, but its absence.
I would also like, summing up the results of this course project, to note that, after analyzing the information security system of the Aries enterprise, five shortcomings were identified. After the search, solutions were found to eliminate them, these shortcomings can be corrected, which will improve the information security of the enterprise as a whole.
In the course of the above actions, the practical and theoretical skills of studying the information security system were worked out, therefore, the goal of the course project was achieved. Thanks to the solutions found, we can say that all the tasks of the project were completed.
Bibliography
1. GOST 7.1-2003. Bibliographic record. Bibliographic description. General requirements and rules for drafting (M.: Publishing house of standards, 2004).
2. Galatenko, V.A. "Fundamentals of Information Security". - M.: "Intuit", 2003.
3. Zavgorodniy, V. I. “Integrated information protection in computer systems”. - M.: "Logos", 2001.
4. Zegzhda, D.P., Ivashko, A.M. "Fundamentals of information systems security".
5. Nosov, V.A. Introductory course on the discipline "Information Security".
6. Federal Law of the Russian Federation of July 27, 2006 N 149-FZ "On Information, Information Technologies and Information Protection"
Hosted on Allbest.ru
Similar Documents
Characteristics of the information resources of the agricultural holding "Ashatli". Information security threats specific to the enterprise. Measures, methods and means of information protection. Analysis of the shortcomings of the existing and the advantages of the updated security system.
term paper, added 02/03/2011
General information about the activity of the enterprise. Objects of information security at the enterprise. Measures and means of information protection. Copying data to removable media. Installing an internal backup server. Efficiency of improving the IS system.
test, added 08/29/2013
The concept, meaning and directions of information security. A systematic approach to organizing information security, protecting information from unauthorized access. Means of information protection. Methods and systems of information security.
abstract, added 11/15/2011
Information security mode formation system. Tasks of information security of society. Means of information protection: basic methods and systems. Information protection in computer networks. Provisions of the most important legislative acts of Russia.
abstract, added 01/20/2014
Information security risk analysis. Evaluation of existing and planned means of protection. A set of organizational measures to ensure information security and protection of enterprise information. A control example of the project implementation and its description.
thesis, added 12/19/2012
An enterprise information security strategy in the form of a system of effective policies that would define an effective and sufficient set of security requirements. Identification of threats to information security. Internal control and risk management.
term paper, added 06/14/2015
Characteristics of the complex of tasks and substantiation of the need to improve the system for ensuring information security and information protection at the enterprise. Development of a project for the use of a DBMS, information security and personal data protection.
thesis, added 11/17/2012
Regulatory documents in the field of information security in Russia. Analysis of information systems threats. Characteristics of the organization of the personal data protection system of the clinic. Implementation of an authentication system using electronic keys.
thesis, added 10/31/2016
Prerequisites for creating a personal data security system. Threats to information security. Sources of unauthorized access to ISPD. The device of personal data information systems. Means of information protection. Security policy.
term paper, added 10/07/2016
Tasks, structure, physical, software and hardware measures to protect the information system. Types and causes of computer crimes, ways to improve the organization's security policy. Purpose and main functions of the folder "Diary" MS Outlook 97.
