Goals and objectives of information security
Information security - ensuring the confidentiality and integrity of information, preventing unauthorized actions with it, in particular, its use, disclosure, distortion, modification, research and destruction. Information security provisions are the same for all forms of information storage: physical, digital or any other. With the advent of computerized information systems, data security has come to the fore.
The main goals of information security
The use of information security systems sets itself specific tasks to preserve the key characteristics of information and provides:
- confidentiality of data - only authorized persons have access;
- the availability of information systems with the data contained in them to specific users who have the right to access such information;
- data integrity involves blocking unauthorized changes to information;
- authenticity - completeness and general accuracy of information;
- non-repudiation - the ability to determine the source or authorship of information.
The main goal of information security systems is to guarantee data protection from external and internal threats.
To ensure complete confidentiality in the information system, four methods are used that are relevant for any information format:
- restriction or complete closure of access to information;
- crushing into parts and separate storage;
- hiding the very fact of the existence of information.
Types of information threats
To determine the correct information protection strategy, you need to determine what threatens data security. Information security threats are likely events and actions that, in the future, can lead to leakage or loss of data, unauthorized access to them. This, in turn, will lead to moral or material damage.
The primary property of threats to information systems is the origin, according to which threats are divided into the following:
- Technogenic sources - threats caused by problems with technical support, their prediction is difficult.
- Anthropogenic sources - threats of human error. They can be both unintentional and deliberate attacks. Unintentional threats are an accidental error, for example, the user unknowingly disabled the antivirus. Generally, man-made problems can be predicted for preventive action. Intentional security threats lead to information crimes.
- Spontaneous sources are insurmountable circumstances that have a low probability of forecasting, and their prevention is impossible. These are various natural disasters, fires, earthquakes, power outages due to hurricanes.
Also, according to the location of the source relative to the information system, threats are classified into external and internal. This division is especially applicable to large-scale state-level systems.
If the external level is attacks from hackers, competing companies or hostile states, then internal threats are due to:
- low level of software and hardware;
- at the state level - poor development of data transmission technology and the IT sector as a whole;
- low computer literacy of users.
The main goal of information security systems is to eliminate internal threats. They usually consist of the following:
- the data is seized by intruders, information packets are destroyed, which disrupts the work of the information environment;
- employees create backdoors or leak information;
- Spyware invisibly affects production code and system hardware.
Therefore, in fact, all the work of the information security system comes down to creating secure communication channels, protecting servers, ensuring the security of external media and user workstations.
Information security in the computer environment
The issue of maintaining the security of information systems is equally acute for ordinary users and for enterprises. Loss of data for companies entails, first of all, loss of trust and reputation. For a person, at best, the leak results in an intrusive display of targeted advertising, at worst, confidential information (passwords, bank card details, information for logging into systems) can be used by fraudsters for their own ends.
Various software tools are used to control the data circulating in the information environment:
- super-powerful applications, the work of which is to ensure the security and encryption of financial and bank information registers;
- global solutions that work at the level of the entire information array;
- utilities to solve specific problems.
Information systems protection methods
The meaning of information protection is to preserve information in its original form, excluding access by strangers.
The systems approach consists of four pillars of security:
- laws and regulations;
- distribution of tasks between information security departments;
- information security policy;
- technical and software.
All methods of protection at the enterprise have the following characteristics:
- the use of technical means, the actual use of which is growing as the information space and the number of workstations expand;
- constant monitoring of databases;
- continuous development of new computing systems with improved encryption methods, permanent encryption with existing methods;
- restricting access to information at the enterprise.
The most serious threat to information systems are computer viruses. They bring the most losses to the information infrastructure. The main problem is that antivirus software cannot completely prevent new threats from emerging. As a result, one way or another, information packets are damaged and information systems malfunction. Elimination of the problem is possible only after the fact after finding a malicious interference. It is also worth mentioning the physical methods of protecting information - devices that instantly recognize third-party intervention in the system.
To protect a certain object from external and internal threats, it is necessary to create an Information Security System (ISS).
To build an effective and efficient system, they are guided by a rough plan:
- identify the degrees of protection necessary for this object;
- correlate them with the provisions of laws and regulations in force on the territory of the country in this area of activity;
- refer to previous developments;
- designate responsible units and distribute responsibility between them;
- determine the information security policy of this object and use the necessary software and hardware methods for its implementation.
As a result, an information security management system is created at the enterprise, with the help of which a constant and effective control of the effectiveness of protection means, timely correction of actions taken and a revision of existing provisions to ensure maximum security are carried out.