Information protection types and content of events. Dedicated PC information protection software

1

The degree of relevance of the problem of information security at the present time is determined. The main definitions related to engineering and technical protection are presented. The stages of ensuring the protection of information necessary for enterprises are described. The distribution of protected objects into the corresponding classes has been carried out. Described possible channels information leakage and a classification of technical channels of information leakage is presented. Requirements have been established for the scope and nature of a set of measures aimed at protecting confidential information from leakage through technical channels during the operation of the protected object. The main officials at the enterprise responsible for the implementation are indicated information security. Views considered technical means receiving, processing, storing and transmitting information. The main methods and means of protecting information from leakage through technical channels are described - organizational, search and technical. Methods of active and passive protection of information are presented.

data protection

funds

leakage channels

classification

information

1. Khorev A.A. Organization of information protection from leakage through technical channels // Special Technique. - 2006. - No. 3.

2. Khalyapin D.B. Data protection. Are you being overheard? Protect yourself. - M .: NO SHO Bayard, 2004.

3. Averchenkov V.I., Rytov M.Yu. Information security service: organization and management: tutorial for universities [ electronic resource] - M.: FLINTA, 2011.

4. Torokin A.A. Fundamentals of engineering and technical protection of information. – M.: Gelius, 2005.

5. Buzov G.A. Protection against information leakage through technical channels. M.: Hotline, 2005.

Information is now the key. Information - information about persons, facts, events, phenomena and processes, regardless of the form of their presentation. Possession of information at all times gave advantages to the side that had more accurate and extensive information, especially if it concerned information about rivals or competitors. "Whoever owns the information owns the world" (Nathan Rothschild - British banker and politician).

The problem of information security has always existed, but at present, due to the huge leap in scientific and technological progress, it has gained particular relevance. Therefore, the task of information security specialists is to master the whole range of techniques and methods of information security, methods of modeling and designing information security systems. One of the ways to protect information is the engineering and technical protection of information. Engineering and technical protection is a set of special bodies, technical means and measures for their use in the interests of protecting confidential information.

Information leakage is understood as an unauthorized process of transferring information from a source to a competitor. The physical path of information transfer from its source to an unauthorized recipient is called a leak channel. The channel in which unauthorized transfer of information is carried out using technical means is called the technical channel of information leakage (TCLE). The classification of technical channels of information leakage is shown in the figure.

To ensure high-quality protection of information from leakage through technical channels, first of all, a differentiated approach to protected information is needed. To do this, they must be divided into appropriate categories and classes. In this case, the classification of objects is carried out in accordance with the tasks of technical protection of information. It also establishes requirements for the volume and nature of a set of measures aimed at protecting confidential information from leakage through technical channels during the operation of the protected object.

Protection class A includes objects on which complete concealment is carried out information signals arising from the processing of information or negotiation (hiding the fact of processing confidential information at the facility).

Classification of technical channels of information leakage

Protection class B includes objects on which the parameters of information signals that occur during information processing or negotiation are hidden, for which it is possible to restore confidential information (hiding information processed at the object).

Depending on the nature of the source of confidential information, leakage channels are classified as follows:

• electromagnetic channels of information leakage in the radio frequency range electromagnetic waves, in which the technical reconnaissance (unmasking) sign of the objects of protection is electromagnetic radiation, the parameters of which qualitatively or quantitatively characterize specific object protection;
• electromagnetic channels of information leakage in the infrared range of electromagnetic waves, in which the technical unmasking feature of the object of protection is the own radiation of objects in this range;
• acoustic channel of information leakage. Used to obtain information in acoustic speech and signal intelligence;
• hydroacoustic channels of information leakage. It is used when receiving information about the transmission of sound information communications, reconnaissance of noise fields and hydroacoustic signals;
• seismic information leakage channels, which allow, by detecting and analyzing deformation and shear fields in the earth's surface, to determine the coordinates and strength of various explosions, as well as intercept ongoing negotiations at a short distance;
• magnetometric information leakage channels that provide information about objects through detection local changes magnetic field Earth affected by the object;
• chemical channels of information leakage that allow obtaining information about an object by contact or remote analysis of changes in the chemical composition of the environment surrounding the object.

The process of ensuring information security can be divided into several stages.

The first stage (analysis of the object of protection) is to determine what needs to be protected.

The analysis is carried out in the following areas:

• the information that needs to be protected in the first place is determined;
• stand out the most important elements(critical) protected information;
• the lifetime of critical information is determined (time, required by a competitor for the implementation of the obtained information);
• determined key elements information (indicators) reflecting the nature of the protected information;
• indicators are classified according to the functional areas of the enterprise (production and technological processes, the system of logistics for production, divisions, management, etc.).

The second step is to identify threats:

• it is determined - who may be interested in protected information;
• methods used by competitors to obtain this information are evaluated;
• probable channels of information leakage are assessed;
• a system of measures is being developed to suppress the actions of a competitor.

The third one analyzes the effectiveness of adopted and permanently operating security subsystems ( physical security documentation, reliability of personnel, security of communication lines used to transfer confidential information, etc.).

Fourth - the definition of necessary protective measures. Based on the first three stages of analytical studies, the necessary additional measures and means to ensure the security of the enterprise are determined.

Fifth - the heads of the firm (organization) consider the submitted proposals for all necessary measures safety, and calculate their cost and effectiveness.

Sixth - implementation additional measures security, taking into account the established priorities.

The seventh is the implementation of control and bringing the implemented security measures to the attention of the company's personnel.

Within the framework of the organization, the process of protecting information passes, to one degree or another, through the above stages.

The enterprise security system is currently understood as an organized set of special bodies, services, means, methods and measures that ensure the protection of the vital interests of the individual, enterprise and state from internal and external threats.

The company's security system consists of the following main elements (officials and bodies):

• The head of the company in charge of information security issues.
• Company Security Council.
• Company security service.
• Departments of the firm involved in ensuring the security of the firm.

Safety management is assigned, as a rule, to the head of the company and his deputy for general issues(1st Deputy), to whom the security service is directly subordinate.

To organize the protection of information at the enterprise, it is necessary to form a Security Council. It is a collegial body under the head of the company, whose composition is appointed by him from among the qualified and responsible for information security issues. officials. The Security Council develops proposals for the manager on the main issues of ensuring the protection of information, including:

• areas of activity of the company to ensure security;
• improvement of the security system;
• interaction with authorities, customers, partners, competitors and consumers of products, etc. .

Along with technical means for receiving, processing, storing and transmitting information (TSPI), technical means and systems are installed in the premises that are not directly involved in the processing of confidential information, but are used in conjunction with TSPI and are located in the zone of the electromagnetic field created by them. Such technical means and systems are called auxiliary technical means and systems (ATSS).

In organizations, work on engineering and technical protection Information usually consists of two stages:

• construction or modernization of the protection system;
• maintaining information security at the required level.

The formation of an information security system is carried out in newly created organizations, in the rest the existing system is being modernized.

Depending on the goals, the procedure for carrying out measures to ensure the security of information and the equipment used, methods and means of protecting against information leakage through technical channels can be divided into organizational, search and technical.

Organizational ways to protect

These measures are carried out without the use of special equipment and involve the following:

• establishing controlled zone around the object;
• the introduction of frequency, energy, temporal and spatial restrictions in the modes of operation of technical means for receiving, processing, storing and transmitting information;
• disconnection for the period of closed meetings of auxiliary technical means and systems (ATSS), which have the qualities of electro-acoustic converters (telephone, fax, etc.), from connecting lines;
• use only certified TSPI and HTSS;
• involvement in the construction and reconstruction of allocated (protected) premises, the installation of TSPI equipment, as well as in the work on protecting information, exclusively organizations licensed by the relevant services for activities in this area;
• categorization and certification of informatization objects and allocated premises for compliance with the requirements for ensuring the protection of information when working with information of varying degrees of secrecy;
• regime restriction of access to TSPI accommodation facilities and allocated premises.

Search activities

Portable listening (mortgage) devices are identified during special surveys and inspections. Inspection of TSPI accommodation facilities and allocated premises is carried out without the use of equipment by visual inspection. In the course of a special check performed using passive (receiving) and active search tools, the following is carried out:

• control of the radio spectrum and spurious electromagnetic radiation of the TSPI;
• detection with the help of indicators of the electromagnetic field, interceptors, frequency meters, scanners or software and hardware systems behind the scenes installed listening devices;
• special check allocated premises, TSPI and HTSS using non-linear radars and mobile x-ray units.

Technical protection

Such events are carried out using both passive and active protective techniques and means. To the passive technical ways protections include:

• installation of access restriction and control systems at TSPI accommodation facilities and in allocated premises;
• shielding of TSPI and connecting lines of means;
• grounding of TSPI and screens of connecting lines of devices;
• soundproofing of allocated premises;
• embedding in VTSS, having a "microphone" effect and having an exit beyond the controlled zone, special filters;
• introduction of autonomous and stabilized sources, as well as uninterrupted power supply devices in the TSPI power supply circuit;
• installation in the power supply circuits of the TSPI, as well as in the power networks of dedicated premises of noise suppression filters.

Active influence on leakage channels is carried out by implementing:

• spatial noise generated by electromagnetic noise generators;
• targeted interference generated at the operating frequencies of the radio channels of eavesdropping devices by special transmitters;
• acoustic and vibration interference generated by vibroacoustic protection devices;
• suppression of voice recorders by devices of directional high-frequency radio emission;
• noisy electrical networks, extraneous conductors and connecting lines of VTSS that go beyond the controlled zone;
• thermal destruction modes electronic devices.

As a result of using the funds to carry out measures to ensure the engineering and technical protection of information, the organization will significantly reduce the likelihood of threats being realized, which undoubtedly contributes to the preservation of the material and intellectual capital of the enterprise.

Reviewers:

Kitova O.V., Doctor of Economics, Professor, Head of the Department of Informatics, FSBEI HPE “Russian University of Economics named after G.V. Plekhanov” of the Ministry of Education and Science of the Russian Federation, Moscow;

Petrov L.F., Doctor of Technical Sciences, Professor of the Department mathematical methods in Economics, Russian Economic University named after G.V. Plekhanov” of the Ministry of Education and Science of the Russian Federation, Moscow.

The work was received by the editors on March 18, 2014.

Bibliographic link

Titov V.A., Zamaraeva O.A., Kuzin D.O. MEASURES TO ORGANIZE ENGINEERING AND TECHNICAL PROTECTION OF INFORMATION // Basic Research. - 2014. - No. 5-3. – P. 573-576;
URL: http://fundamental-research.ru/ru/article/view?id=33920 (date of access: 04/06/2019). We bring to your attention the journals published by the publishing house "Academy of Natural History"

Everyone has already ceased to be surprised by the fact that information is constantly appearing on sale that constitutes a trade secret of an organization. Today it will not be difficult to acquire a client base or personal data of employees of a company you are interested in. This is because the leaders of organizations do not make sufficient efforts to protect information that is a trade secret. Moreover, do not forget about the real-life hunters for such information. Scientific and technological progress has introduced into our lives a large number of technical means that allow recording telephone conversations, meetings, it became possible to read information from the computer screen, geographically being outside the location of the company.

But the main source of information leakage are employees. It is they who “leak” information that is a trade secret. There can be many reasons for this - and getting extra income and through negligence or accident.

Today, companies specializing in technical protection valuable information, offer a range of products capable of dynamically blocking devices through which attackers can download information.

But against human factor defense is harder to build. It is necessary to clearly explain to employees what information is classified as a trade secret, and what is the degree of responsibility for its disclosure. Limit access to information constituting a trade secret: determine the procedure for handling this information, monitor compliance with this procedure. Design special instruction on confidentiality.

It is mandatory to conclude employment contracts with employees, and with contractors (Latin contrahens - contracting - persons, institutions, organizations bound by obligations under a general agreement, cooperating in the process of fulfilling the agreement) civil law contracts, which must contain conditions on the protection of confidential information. The non-disclosure obligation can be drawn up in any form, it is important that it contains a list of information that constitutes a trade secret in your company.

Also organize special office work to ensure the safety of media containing commercial secrets, and introduce a system for separating information into blocks. Each employee should know exactly as much as is necessary to perform his duties.

Another way to protect the rights of the owner of a trade secret is to establish sanctions for violation of confidentiality obligations by counterparties in civil law contracts. By general rule, the protection of violated civil rights is carried out in court (recognition of the right, suppression of illegal actions, compensation for losses). In addition to civil law methods of protection, trade secrets can be protected under labor law, criminal law, and unfair competition.

Of the possibilities provided by labor law, the rights of the owner of a trade secret can be protected by such actions as bringing to material liability and bringing to disciplinary liability up to the termination of the employment relationship. In addition, if there are signs of an offense provided for by the relevant branches of law, it is possible to bring offenders to criminal liability.

When information is stored in in electronic format There are three areas of work on information security: theoretical research, development of security tools and justification of ways to use security tools in automated systems.

In theoretical terms, the main attention is paid to the study of the vulnerability of information in systems electronic processing information, the phenomenon and analysis of information leakage channels, the substantiation of the principles of information protection in large automated systems and the development of methods for assessing the reliability of protection.

To date, many different means, methods, measures and measures have been developed to protect information accumulated, stored and processed in automated systems. This includes hardware and software, cryptographic closing of information, physical measures, organized events, legislative measures. Sometimes all these means of protection are divided into technical and non-technical, moreover, hardware and software and cryptographic closure of information are classified as technical, and the rest of the above are non-technical.

a) hardware protection methods.

Hardware protection includes various electronic, electro-mechanical, electro-optical devices. To date, a significant number of hardware have been developed for various purposes, but the following are the most common:

Special registers for storing security details: passwords, identification codes, vultures or secrecy levels,

Code generators designed to automatically generate a device identification code,

Devices for measuring individual characteristics of a person (voice, fingerprints) in order to identify him,

Special security bits, the value of which determines the level of security of information stored in the memory to which these bits belong,

Schemes for interrupting the transmission of information in the communication line in order to periodically check the address of data output.

A special and most widespread group of hardware protection devices are devices for encrypting information (cryptographic methods).

b) software methods protection.

Protection software includes special programs that are designed to perform protection functions and are included in the software of data processing systems. Software protection is the most common type of protection, which is facilitated by such positive properties this tool, as universality, flexibility, ease of implementation, almost unlimited possibilities for change and development, etc. By functional purpose they can be divided into the following groups:

Identification of technical means (terminals, devices group control input-output, computers, storage media), tasks and users,

Determining the rights of technical means (days and hours of operation, tasks allowed for use) and users,

Monitoring the operation of technical means and users,

Registration of the operation of technical means and users when processing information of limited use,

Destruction of information in the memory after use,

Alarms for unauthorized actions,

Auxiliary programs for various purposes: monitoring the operation of the protection mechanism, affixing a secrecy stamp on issued documents.

c) backup.

Backup information is to store a copy of the programs on the media. On these media, copies of programs can be in normal (uncompressed) or archived form. Backup is carried out to save programs from damage (both intentional and accidental), and to store rarely used files.

G) cryptographic encryption information.

Cryptographic closure (encryption) of information consists in such a transformation of the protected information, in which appearance it is not possible to determine the content of the private data. Cryptographic protection specialists pay Special attention, considering it the most reliable, and for information transmitted over a long-distance communication line, - the only means protection of information from theft.

The main directions of work on the considered aspect of protection can be formulated as follows:

The choice of rational encryption systems for reliable closure of information,

Substantiation of ways to implement encryption systems in automated systems,

Development of rules of use cryptographic methods protection during the operation of automated systems,

Evaluation of the effectiveness of cryptographic protection.

A number of requirements are imposed on ciphers designed to close information in computers and automated systems, including: sufficient strength (closing reliability), ease of encryption and decryption from the method of intramachine representation of information, insensitivity to small encryption errors, the possibility of intramachine processing of encrypted information, insignificant redundancy of information due to encryption and a number of others. To some extent, these requirements are met by some types of substitution, permutation, gamma ciphers, as well as ciphers based on analytical transformations of encrypted data.

Particularly effective are combined ciphers, when the text is sequentially encrypted with two or a large number encryption systems (for example, substitution and gamma, permutation and gamma). It is believed that in this case the strength of the encryption exceeds the total strength in the composite ciphers.

Each of the encryption systems can be implemented in an automated system or programmatically or using special equipment. Software implementation compared to the hardware is more flexible and cheaper. However hardware encryption in general case several times more efficient. This circumstance is crucial for large volumes of confidential information.

e) physical protection measures.

The next class in the arsenal of information security tools are physical measures. it various devices and structures, as well as measures that make it difficult or impossible for potential intruders to enter places where you can have access to protected information. The most commonly used measures are:

Physical isolation of structures in which equipment is installed automated system, from other structures,

Territory fencing computer centers fences at such distances that are sufficient to exclude the effective registration of electromagnetic radiation, and the organization of systematic monitoring of these territories,

Organization of checkpoints at the entrances to the premises of computer centers or equipped entrance doors with special locks that allow you to regulate access to the premises,

Organization of a security alarm system.

f) organizational measures to protect information.

The next class of information security measures are organizational measures. These are such regulatory legal acts that regulate the functioning of the data processing system, the use of its devices and resources, as well as the relationship between users and systems in such a way that unauthorized access access to information becomes impossible or significantly impeded. Organizational measures play an important role in creating a reliable information protection mechanism. The reasons why organizational measures play an increased role in the protection mechanism is that the possibilities of unauthorized use of information are largely determined by non-technical aspects: malicious acts, negligence or negligence of users or personnel of data processing systems. The influence of these aspects is almost impossible to avoid or localize using the above hardware and software tools, cryptographic closure of information and physical protection measures. This requires a set of organizational, organizational-technical and organizational-legal measures that would exclude the possibility of the danger of information leakage in this way.

The main activities in this aggregate are the following:

Activities carried out in the design, construction and equipment of computer centers (CC),

Activities carried out in the selection and training of personnel of the EC (checking those hired, creating conditions under which the staff would not like to lose their jobs, familiarizing themselves with the measures of responsibility for violating the rules of protection),

Organization of reliable access control,

Organizing the storage and use of documents and media: defining issuance rules, maintaining issuance and usage logs,

Control of changes in mathematical and software,

Organization of training and control of users' work,

One of the most important organizational measures is the maintenance of a special full-time information protection service in the CC, the number and composition of which would ensure the creation reliable system protection and its regular operation.

Thus, the means, methods and measures of protection discussed above come down to the following:

1. The greatest effect is achieved when all the means, methods and measures used are combined into a single, integral information protection mechanism.

2. The protection mechanism should be designed in parallel with the creation of data processing systems, starting from the moment the general idea of ​​building the system is developed.

3. The operation of the protection mechanism should be planned and maintained along with the planning and maintenance of the main processes. automated processing information.

4. It is necessary to constantly monitor the functioning of the protection mechanism.

Measures for the technical protection of information can be divided into three areas: passive, active and combined.

Passive protection involves the detection and localization of sources and channels of information leakage.

Active - the creation of interference that prevents the removal of information.

Combined - combines the use of the two previous directions and is the most reliable.

However, passive and active protection vulnerable in a way. For example, when using only passive protection, it is necessary to conduct round-the-clock monitoring, since it is not known when the means of removal are turned on, or the ability to use detection equipment during a business meeting is lost.

Active protection can make life very difficult for people who are watching you, and you can use it in vain, not knowing for sure if there is surveillance.

Combined protection eliminates these shortcomings.

Model of protecting information from leakage through technical channels from the protected object

Table 9

	Installation location	Positional installation location of information retrieval devices	Type (index) of the data pickup device	Mode of application	Technical channel for closing information leakage
			Noise generator "Thunder ZI - 4"	Constantly	Radioelectronic
	PC office №3		Noise generator "GSh-K-1000M"	Constantly	Radioelectronic
			Noise generator "Kupol-W-DU"	Constantly	Radioelectronic
	Socket 220 V. Office of the head of the protected object		Noise generator	By decision of management	Radioelectronic
Table continuation
			Noise generator "SI-8001"	Constantly	Radioelectronic
	Socket 220 V. Cabinet No. 2		Noise generator "SI-8001"	By decision of management	Radioelectronic
			Noise generator "Wave 4 M"	By decision of management	Radioelectronic
	Office of the head of the object of protection		Noise generator "SELSP-21B1"	By decision of management	Radioelectronic
	Office of the head of the object of protection		Power filter "FSP-1F-7A"	Constantly	Radioelectronic
	The window of the office of the head of the object of protection		Vibroacoustic system "VGSh-103"	Constantly	Acoustic
	Window of the secret compartment		Vibroacoustic noise generator "ANG-2000"	By decision of management	Acoustic

Tactical and technical characteristics of protective equipment

Table 10

	Installation location	Type (index) of information security device	Specifications
	Desk of the head of the object of protection	Grom ZI-4	Frequency range - 20 - 1000 MHz Power supply - network 220 V Signal voltage - in the frequency range 100 kHz - 1 MHz - 60 dB
	Office of the head of the object of protection		Frequency range - 100 kHz - 1000 MHz Power supply - +12 V, from the computer bus Radiated Power Levels noise - 30 - 45 dB
Table continuation
	Secret office room	Dome-W-DU	Action radius - 5 - 10 m Operating frequency range - 100 kHz - 1800 MHz Power - 220 V radiation power - 15 W Noise quality factor - no worse than 0.6
	Socket 220 V. Office of the head of the protected object		Interference spectrum width - 30 kHz - 30 MHz Power - 220 V Noise signal level - 75 - 35 dB / μV
	Socket 220 V. Premises of the secret department		Power consumption< 15ВА Power-220 V Interference level -30 - 80 dB
	Socket 220 V. Cabinet No. 2		Interference spectrum width - 5 kHz - 10 MHz Power-220 V Interference level -30 - 80 dB
	Office of the head of the object of protection		Frequency range - 0.5...1000 MHz Power - 20 W Food - 220 V Noise amplitude - at least 3 V
	Office of the head of the object of protection		Power - 12 V Frequency range - 5 MHz ... 1 GHz Output signal level - 45 dB Consumption current - 350 mA
	Office of the head of the object of protection		Operating frequency range - 0.15-1000 MHz Attenuation amount -60 dB Permissible load current-7 A
	The window of the office of the head of the object of protection		Range -40 dB in the frequency range 175 - 5600 Hz Radius - 5 m
	Window of the secret compartment		Interference spectrum width - 250 Hz - 5 kHz Power-220 V Power consumption - 24 W Output voltage -1 - 12 V Resistance > 0.5 ohm

Each organization solves the problem of information protection independently, based on current legislation and their own interests and abilities. However, by now, many years of practice have developed general recommendations, which can be useful to any enterprise that solves the problem of classifying its commercial information.

1. A person responsible for this work is allocated - one of the managers of the enterprise (for example, the deputy head of commerce or marketing) who, together with the security service (SB), organizes and carries out the entire range of work.

2. A commission is created from among qualified specialists of the leading structural divisions, which is entrusted with expert functions.

3. Members of the established commission with the involvement of leaders and specialists of the patent and licensing department, financial department and the advertising department and other structural divisions, the initial version of the list of information constituting the commercial secret of the enterprise is determined,

4. An analysis of the received proposals is carried out and the final version of the list of information constituting a commercial secret is prepared.

5. The final version of the list is approved by the head of the enterprise and brought to the attention of the performers in in full or parts relating to their powers.

Ways to protect information

All the various ways of protecting information are usually classified according to two criteria.

1. By the owner of the information (by types of protected secrets):

Protection state secret;

Protection of interstate sectors;

Trade secret protection.

2. By groups of forces, means and methods used to protect information:

Legal (development of legal norms regulating the legal relations of personnel in the context of the organization of document circulation);

Organizational (installation of security posts; development of methodological and guidance materials for the organization of workflow; appropriate selection of personnel, etc.);

Engineering and technical (the use of appropriate technical means that prevent or significantly hinder the theft of funds computer science, information carriers, as well as excluding unauthorized access to electronic document management);

Program and mathematical (application of system-wide and special programs; instructive and methodological materials on the use of software tools; mathematical methods, models and algorithms for information processing, etc.).

Let us dwell on the problem of recruitment. The primary task in this case is to identify and screen out candidates with signs of psychological pathology. At the same time, even experienced managers cannot correctly, reliably and quickly assess the true mental state of candidates, due to their increased excitement. In this case, it seems appropriate to require those who came for an interview to provide health certificates or send them to certain clinics for a full medical examination.

Primary contact with the candidate should be used as much as possible to collect information and for educational and preventive purposes. Recommended:

Draw the attention of the future employee to characteristics and mode of future work;

Draw attention to the conditions of work with confidential information to which he will be admitted;

Give examples from the practice of protecting commercial information in the enterprise and carefully evaluate the candidate's reaction to this information.

In addition, you can additionally require the preparation of a candidate's questionnaire and his photograph in order to ensure the maximum completeness of the wording of the final conclusion and identify possible hidden contradictions in the character of the person being checked with the invitation of highly professional specialists, graphologists, psychoanalysts and even psychics.

If the results do not frighten you, you can proceed to the next large block of work. This block is to create a legal framework for the protection of information. AT in general terms these activities consist of the creation of the Regulations on trade secrets and the List of information classified as trade secrets, familiarization of all employees with this provision, signing by each employee of the Agreement on Non-Disclosure of Commercial Secrets. A large number of documents is due to the fact that the institution of trade secrets in Russian law is regulated by several branches of law: - Civil law - Criminal law - Labor law I pay special attention to this stage. If you want to legal measures protect your property this case information), then consider the implementation of these activities. Of fundamental importance is not only every word in the non-disclosure agreement of trade secrets, but also the construction of sentences and the general logic of the document. You can then move on to the next steps.

First of all, it is necessary to talk about preventive measures, and then about measures to identify and suppress attempts of unauthorized removal of information, attempts to destroy or distort information. Preventive (preventive) should include: - explanatory and educational work with staff - explanation of what is a trade secret, how to protect it, what are the consequences of its disclosure, what should an employee do in a given situation, EVERY employee should feel that this issue enough attention is given. - creating conditions for employees to protect information - conditions for storing information media (safe, lockable cabinet, etc.), conditions for secure transmission information ( closed channels communications) - preventive cleaning of especially important premises - before important events, after meetings, as well as planned, it is necessary to check especially important premises for the presence of technical channels for information leakage - regular inspection of the territory of the facility - is carried out with the same purpose as the previous event - creation special regime work both at the enterprise as a whole, and work with protected information in particular - this is a clear regulation of the storage, transfer, use, destruction of protected information with detailed description who, in what situation and what should be done, this is also the control of compliance this mode- study of candidates for work in the company - this is finding out the biography of the candidate, identifying his connections with crime, negative facts of life, connection with direct and indirect competitors or ill-wishers, reviews from previous jobs, etc.

Measures to identify facts or attempts of theft, modification and destruction of information include: - continuous monitoring electromagnetic environment - instrumental control of all radiation at the facility and electromagnetic signals in communications - operational activities - undercover work, provocations, work with staff, partners, customers and competitors.

Prevention measures are a logical continuation previous actions: - actual suppression - punishment of an employee (this requires an evidence base), removal of a mortgage device, etc. - creation of a system for suppressing unauthorized radiation - the use in construction and decoration of premises of materials that absorb electromagnetic radiation, installation and periodic use of a system of noise generators - masking or encryption of useful signals - use of devices or programs that encrypt transmitted information or masking its presence. This is a short list of what needs to be created for normal operation information security systems. This is not a one day job and the system will not work on its own even if everything is described in detail on paper. In order for this colossus to start producing results, you need a person who knows HOW to do it, who is able and willing to do it, as well as appropriate management support, especially at initial stage- the stage of formation. This is primarily due to the resistance of employees to the creation of the system. After all, this is a complication of their work, which means additional efforts on their part. And people are lazy and therefore will resist all innovations that somehow complicate their lives, even knowing full well the importance and necessity of these innovations.

information commercial secret classification