The concept and types of information threats. Information security system

Table of contents:

The concept and types of information threats. Information security system
The concept and types of information threats. Information security system

In the modern society of information technology and the storage of huge databases on electronic media, the issues of ensuring the security of information and types of information threats are not without idleness. Accidental and intentional actions of natural or artificial origin that can harm the owner or user of information is the topic of this article.

Information Security Principles

The main principles of information security, systems for ensuring its safety and integrity are:

  • Integrity of information data. This principle implies that information retains content and structure during its transmission and storage. The right to create, modify or destroy data is reserved only to users with the appropriate access status.
  • Data privacy. It is understood that access to the data array has a clearly limited circle of users,authorized in this system, thereby providing protection against unauthorized access to information.
  • Availability of the data array. In accordance with this principle, authorized users receive timely and unhindered access to it.
  • Reliability of information. This principle is expressed in the fact that information strictly belongs only to the subject from whom it is received and which is its source.
types of information threats
types of information threats

Security Challenges

Issues of information security come to the fore if malfunctions and errors that occur in a computer system can lead to serious consequences. And under the tasks of the information security system, they mean multifaceted and comprehensive measures. They include the prevention of misuse, damage, distortion, copying and blocking of information. This includes tracking and preventing unauthorized access by persons without the proper level of authorization, preventing information leakage and all possible threats to its integrity and confidentiality. With the modern development of databases, security issues are becoming important not only for small and private users, but also for financial structures and large corporations.

Classification of information security threat types

Under the "threat" in this context means potentially possible actions, phenomena and processes that can lead to undesirable consequences or impacts on the operatingsystem or the information stored in it. In the modern world, a fairly large number of such information threats are known, the types of which are classified based on one of the criteria.

Thus, by the nature of occurrence, they distinguish:

  • Natural threats. These are those that arose as a result of physical influences or natural phenomena.
  • Artificial threats. This type of information threats includes all those associated with human actions.

According to the degree of intentionality, threats are divided into accidental and deliberate.

Depending on the direct source of information security threat, there can be natural (for example, natural phenomena), human (violation of confidentiality of information by disclosing it), software and hardware. The latter type, in turn, can be divided into authorized (errors in the operation of operating systems) and unauthorized (website hacking and virus infection) threats.

Classification by source distance

Depending on the position of the source, there are 3 main types of information threats:

  • Threats from a source outside the computer operating system. For example, the interception of information at the time of its transmission through communication channels.
  • Threats that originate within the controlled operating system. For example, data theft or information leakage.
  • Threats that have arisen within the system itself. For example, incorrect transfer or copying of a resource.
information leak
information leak

Other classifications

Regardless of the remoteness of the source, the type of information threat can be passive (the impact does not entail changes in the data structure) and active (the impact changes the data structure, the content of the computer system).

In addition, information threats may appear at the stages of access to the computer and be detected after authorized access (for example, unauthorized use of data).

In accordance with the location in the system, there can be 3 types of information threats: those that arise at the stage of access to information located on external memory devices, in RAM and in the one that circulates through communication lines.

Some threats (for example, information theft) do not depend on system activity, others (viruses) are detected only during data processing.

protection against unauthorized access
protection against unauthorized access

Unintentional (natural) threats

Mechanisms for implementing this type of information threats have been studied quite well, as well as methods for preventing them.

Of particular danger to computer systems are accidents and natural (natural) phenomena. As a result of such an impact, information becomes inaccessible (in whole or in part), it can be distorted or completely destroyed. The information security system cannot completely eliminate or prevent such threats.

Another danger is the mistakes made in the design of the computer system. For example, incorrectwork algorithms, incorrect software. It is these errors that are often used by attackers.

Another type of unintentional but significant type of threat to information security is the incompetence, negligence or inattention of users. In 65% of cases of weakening the information security of systems, it was violations of functional duties by users that led to the loss, violations of confidentiality and integrity of information.

main types of information threats
main types of information threats

Deliberate information threats

This type of threat is characterized by a dynamic nature and constant replenishment with new types and methods of targeted actions of violators.

In this area, attackers use special programs:

  • Viruses are small programs that copy and distribute themselves in the system.
  • Worms are utilities that activate every time you boot your computer. Like viruses, they copy and spread on their own in the system, which leads to its overload and blocking the work.
  • Trojan horses are malicious programs hidden under useful applications. It is they who can send information files to an attacker and destroy the system software.

But malware is not the only means of deliberate intrusion. Numerous methods of espionage are also used - wiretapping, theft of programs and protection attributes, hacking and theft of documents. Password interception is most often done usingspecial programs.

computer viruses and antivirus
computer viruses and antivirus

Industrial espionage

Statistics from the FBI and the Computer Security Institute (USA) shows that 50% of intrusions are carried out by employees of companies or enterprises themselves. In addition to them, companies-competitors, creditors, companies-buyers and companies-sellers, as well as criminal elements become subjects of such information threats.

Hackers and technorats are of particular concern. These are qualified users and programmers who hack websites and computer networks for profit or for sport.

information security system
information security system

How to protect information?

Despite the constant growth and dynamic development of various kinds of information threats, there are still methods of protection.

  • Physical protection is the first stage of information security. This includes restricting access to unauthorized users and a pass system, especially for access to the server division.
  • The basic level of information protection is programs that block computer viruses and antivirus programs, systems for filtering correspondence of a dubious nature.
  • DDoS protection offered by software developers.
  • Create backups stored on other external media or in the so-called "cloud".
  • Disaster and recovery plan. This method is important for large companies that want to secureyourself and reduce downtime in the event of a failure.
  • Encryption of data when transmitted via electronic media.

Protection of information requires an integrated approach. And the more methods will be used, the more effective will be the protection against unauthorized access, threats of destruction or damage to data, as well as their theft.

website hack
website hack

A few facts that make you think

DDoS attacks were recorded in 26% of banks in 2016.

One of the biggest personal data leaks happened in July 2017 at the Equifax credit bureau (USA). The data of 143 million people and 209 thousand credit card numbers fell into the wrong hands.

"Who owns the information - he owns the world." This statement has not lost its relevance, especially when it comes to competition. So, in 2010, the presentation of the iPhone 4 was disrupted due to the fact that one of the employees forgot the prototype smartphone in a bar, and the student who found it sold the prototype to journalists. As a result, an exclusive review of the smartphone was released to the media a few months before its official presentation.

Popular topic

Editor's choice

  • Restore Skype account: step by step instructions, return access to your account
    Restore Skype account: step by step instructions, return access to your account

    Don't know how to recover your Skype account? Or do you want to know your friend's Skype password? The article discusses several ways to restore the user's page, as well as recommendations for storing and selecting pin codes

  • Why can't I follow on Instagram? All possible reasons
    Why can't I follow on Instagram? All possible reasons

    We subscribe to people with a specific goal - to find friends, like-minded people of interest, to learn something new for ourselves. And sometimes it is very strange to see that the Instagram system does not allow you to "follow" the profile you are interested in. This error occurs quite often, no one is immune from this trouble. Let's analyze the main reasons why Instagram does not allow you to subscribe to people

  • How to find out who "liked" a person on Instagram. Proven Methods
    How to find out who "liked" a person on Instagram. Proven Methods

    Everyone who is trying to start the path of a blogger or has already achieved some success in this field, hopes that the content that he shares with readers will not be left without attention. The main indicator of page popularity is “likes”. “Thumbs up” is also put when they want to attract the attention of potential subscribers

  • How to restore a channel on YouTube: detailed instructions, simple and effective tips
    How to restore a channel on YouTube: detailed instructions, simple and effective tips

    This article describes how to restore a channel on YouTube after deleting it. To understand this task, it will be useful to familiarize yourself with some terminology. There is a difference between deleting and blocking a YouTube account

  • How to remove a contact from "Vatsap" and how to block an unwanted interlocutor
    How to remove a contact from "Vatsap" and how to block an unwanted interlocutor

    WhatsApp is a popular messenger. It has many features that users are not even aware of. One of these is the ability to block contacts. It helps to get rid of annoying interlocutors. And how to remove a contact from WhatsApp and how to block it? You can perform these actions in different ways