Levels of information protection: concept, basic principles, risk analysis and their elimination

To begin with, let's define what information is and what is the concept - levels of information protection? Information is defined as a reflection of the real (material) world in systems or in a subject in the form of signals and signs. It exists in different forms: as a document, drawing or text. And also in other forms: sound and light signals, energy and other impulses, etc. Knowledge about the environment, messages about the "world" that a person perceives can also be safely attributed to the field of information.

Information protection or information security (IS) can be represented as a set of measures and technical means aimed at preventing false distortion, destruction and illegal use of information, which can harm the user. The most important goal of information security is to provide security to the system as a whole, its protection and guarantee of accuracy. If it is modified or destroyed, then these destructions must be minimized.

Guidelines

Comprehensive protection of information is both the imperative of the time and the most important direction in the development of intelligent systems. It should be based on an integrated approach. This means that all information security tools should be taken in a single set of interactions.

The first sign of system information protection (ISP) against random or targeted threats is the principle of "reasonable sufficiency". Since 100% protection does not exist anywhere, it is therefore necessary to strive for the minimum necessary level of protection against random external threats. The principle of information integrity is expressed in the preservation of its content and structure. Only the user can create and modify data. Confidentiality refers to restricting outsiders' access to factual information. The principle of accessibility is the ability to obtain the required information in a certain time. The principle of reliability is expressed in the fact that the information really belongs to the subject from which it was received.

Information security measures. Security Policy

In order to protect the interests of subjects that are united informationally, it is necessary to single out and agree on the following levels of protection:

1. Legislative level of information protection, including the development of laws and documents that promote compliance with security rules.

2. Administrative level of information security (this includes orders and effective actions of the leadership of organizations to protect information systems).

3. Procedural level of system protectioninformation, i.e. security measures focused exclusively on people.

4. Software and hardware level of information security (IP), providing control over information systems. Control is implemented by hardware and software.

The basis of the system-object approach to protecting information is the security policy. It is based on an analysis of the risks inherent in the organization's system. If the risks and strategy are identified, then a protection program and methods of execution in the field of information security are drawn up.

Formal security features

Features of the study of problems in this area are manifested in the fact that we can present the levels of information protection both in the form of CI tools and in the form of additional levels of protection. This article deals with the first. The mentioned levels of information security tools can be divided into regulatory and technical methods. Normative means include moral and ethical factors and administrative means. Technical methods are divided into physical, hardware, software and cryptographic methods.

Level Safety

The levels of information security are usually divided into:

• Regulatory support (documents and regulations that are mandatory in the field of GI).
• Organizational support - IS protection is carried out by the security service of organizations.
• Technical security - the use of technical means to protect information.

Strategic levels of the defense systeminformation is formulated as follows:

1. Providing protection to the individual, society and the state.

2. Development of programs and implementation of government problems.

3. Installing barriers and prohibitions against unwanted access to information systems.

Types of levels. Program method

Summarize that the software level of information protection forms the main and important frontier in the current information security policy. Only software and hardware measures are able to resist ignorance when using information tools by legal users. The software aspect of information protection clearly implies such security measures as:

1. Recognition and authentication (authentication) of all active education users.

2. Application of firewalls to protect network information channels from external threats.

3. Managing access to information at the user level and protecting against intrusions into the information network.

4. Cryptographic protections.

5. Recording and auditing the protection of factual information.

6. Protect against viruses with antivirus packages.

This classification of information protection levels is divided by implementation methods into hardware and software methods; by protection methods (techniques that contribute to data protection functions); installation and execution stepsprograms that are implemented by means of the BIOS.

It is carried out by hardware devices that are schematically embedded in operating systems by other auxiliary application programs for various purposes.

Implementation of the main levels

After analyzing the main levels of information security, we can focus on the fact that information security tasks are divided into such control types as:

1. Regulated by law protection of state secrets (secret and other documentary information) from all types of destruction and substitution, access to it.
2. Legislative protection of human (citizen) rights to declared informational property. As well as the disposal and management of confidential information.
3. The law provides for the protection of the rights of an entrepreneur in the conduct of trade and other activities.
4. Conciliatory protection of technological and software measures of informatization from malicious influences by law.
5. Legal notification protection of fundamental constitutional rights to the secrecy of exclusive correspondence, to friendly negotiations and personal secrecy.

Aspects of determining levels

As a factor of understanding and the result of the implementation of security measures, we note that it is customary to determine the levels of information protection in such aspects as:

• Consistency, which involves taking into account all the main elements, conditions and risks affecting profitabilitysystem.
• Complexity, which requires the coordinated use of different means to block the channel of external threats and destroy weaknesses in the system architecture.
• Continuity, which implies the adoption of functional measures at all positions in the life cycle of the protected system.
• Openness, which implements the effectiveness of classes of algorithms and personal protection mechanisms (but passwords and keys are entered secretly). The source code for all versions of programs can also be provided in open form.
• Flexibility of management and application, which is an indisputable advantage for the active user.
• Easy to apply secure crypto signs in such a way that a legal user may not have specialized knowledge.

Conclusion

You need to understand that no formal solutions can provide complete security in the areas of information systems. But in general, the risks of external threats can be significantly reduced. Determining the boundaries of security is the main condition of the SI. Keeping the system up and running is another safeguard.

We hope this article has been informative for our readers.