Methods of ensuring information security
The modern digital world is full of unpredictable threats that affect the normal functioning of the state, the work of business and affect the rights of the individual. The State Doctrine of Information Security of Russia is designed to protect national interests in the digital world. It names the main spheres of the country's life in which information is protected, objects subject to protection, and the main and most effective methods of ensuring information security.
What do the document developers offer
The developers of the Doctrine proposed three types of methods for ensuring information security of the Russian Federation. These include legal, organizational and technical, implemented in the field of economics and finance. Legal methods of ensuring information security are fundamental for the application of other mechanisms and technologies.
Methods implemented in the legal field
The state realizes its will by issuing normative legal acts. The documents adopted in the information sphere regulate the main systemic tasks. Narrower issues, often associated with the use of technical protection measures, are regulated by the methodological documents of the FSTEC, Roskomnadzor, and the FSB. On specific issues of control over the work and implementation of laws, various organizations issue orders to eliminate violations of the law. The set of legal methods for ensuring information security of the Russian Federation is aimed at standardizing and regulating the activities of subjects of the information field.
Among the main areas of legislative and law enforcement activities, experts name:
- adoption of laws and regulations that regulate new directions in the field of information security;
- making additions and changes to the current legislation, which eliminate contradictions between legal acts adopted at various levels of government, the national legislation of the Russian Federation and international treaties that take precedence over domestic laws;
- establishment of administrative and criminal liability for crimes in the field of information security of the Russian Federation, citizens and organizations, for encroachment on critical infrastructure;
- distribution of powers in the field of information security regulation between the state authorities of the Russian Federation and the bodies of the constituent entities of the Federation, as well as between the state and society;
- legal regulation of confidentiality regimes for various types of information, for example, for commercial and banking secrets, personal data, as well as the establishment of liability for illegal access to such information or its disclosure;
- regulation of the status of foreign entities having access to facilities related to ensuring the information security of Russia. Such entities include investors investing in the development of Russia's digital economy, and foreign news agencies that transmit information to the national media.
Structuring and organization
Many regulatory documents oblige state bodies and enterprises to take certain organizational measures aimed at protecting state interests.
Among such methods of protecting information, the following comes to the fore:
- formation of the infrastructure for ensuring information security of the Russian Federation, its hardware, software, staffing;
- law enforcement activities of the Ministry of Internal Affairs, the Investigative Committee, courts, and other federal bodies in terms of taking preventive measures and disclosing offenses in the field of information security, bringing to justice and punishing those responsible;
- creation of new technical means of information protection, mechanisms for monitoring the effectiveness of these software and hardware products, strengthening control over the Russian sector of the Internet, developing the ideology of a sovereign Runet, creating secure telecommunications systems, developing our own software and increasing the reliability of the already created;
- creation of technical means capable of preventing unauthorized or unauthorized access to objects of information infrastructure and the amount of information subject to protection, as well as repelling attacks aimed at distorting data or changing the normal operation of automated control systems;
- compulsory or voluntary certification of software products, licensing of legal entities operating in the field of data security, the introduction of standards (GOST and others) that determine the means and methods for protecting information and infrastructure;
- certification of telecommunication equipment;
- development of new ways to ensure security, including anti-virus and cryptographic ones;
- analysis of the results of applying the provisions of regulatory documents.
Methods working in the field of economics
Economic methods for ensuring information security of the Russian Federation are most effective when they are aimed at stimulating investment in the electronics industry and import substitution.
Among the methods in the implementation of which the efforts of the state and business are combined, experts name the following:
- development of federal and regional information security programs, identification of sources for obtaining funds necessary for their launch and uninterrupted operation;
- financing measures and programs aimed at protecting sovereignty, economic stability and security from information threats of various types, for example, aimed at reducing the value of shares of Russian companies traded on organized securities markets by disseminating inaccurate or defamatory information;
- widespread use of insurance of various risks in order to compensate for losses incurred in cases of violation of information security standards.
Most of the economic methods of information security that are being introduced are aimed not only at creating and maintaining government infrastructure, but also at protecting businesses and government services that are most exposed to risks.
- services that maintain registers of enterprises and real estate objects;
- statistics bodies;
- services that collect and process customs and tax information;
- systems of accounting and financial accounting of enterprises;
- credit and financial sphere.
Information protection in these areas is achieved primarily by using certified software. Also, such solutions are being implemented as the creation of our own electronic payment systems and an analogue of the SWIFT system.
The set of methods for ensuring the information security of the Russian Federation is aimed at maintaining the parity of forces in the electronic world, preventing any foreign states from obtaining any advantage, achieved through superiority in technology and control over the Internet infrastructure.