Information security methods of the Russian Federation
Information security of the Russian Federation is one of the main tasks of the state. Despite the specifics of objects using information resources or having other legal relations related to information information, most organizations use general information security methods. Let's talk about the main methods of information protection.
What is included in the concept of information security
Work in the information sphere of the Russian Federation is regulated by several legal acts. Regardless of whether the data is in electronic form or it is a paper version of classified documents, the goal of information security is to protect the confidentiality, integrity and availability of data.
By identifying the main sources of threats, vulnerabilities, the potential degree of impact on information and risk management capabilities, they develop a basic methodology for industrial standards for ensuring protection, taking technical measures, at the legal level securing legal responsibility for violations.
The complex of measures taken to prevent strangers from accessing the carriers of confidential information makes it possible to ensure the safety of confidential data leakage.
The basis for ensuring information security is activities to protect information in critical situations, regardless of whether they are natural, man-made or occur as a result of computer failures, physical theft of information.
Methods used in Russia to ensure information security
To protect databases at all stages - from creation to use for their intended purpose, in the process of storage or transfer, - a set of legal, economic, organizational methods of ensuring information security allows.
The established procedure for providing information involves:
- public availability of information that can be freely distributed;
- the possibility of their transfer only by agreement of interested parties;
- limited access or prohibition for the dissemination of certain information in the Russian Federation (for example, calling for violence).
There are several types of data:
- information for informing the population through mass information resources - print media, television and radio broadcasting, Internet channels;
- professional specific data used within a narrow circle of specialists;
- provided to a certain number of officials or employees who have signed a treaty on the non-proliferation of classified information;
- data concerning specific individuals, defining a person as a person, his social status.
Speaking about ensuring information security, it should be understood that the means of protection are intended for information, access to which is limited, secret and confidential data.
The methods and policy of information security applied in the Russian Federation for the relevant subjects of information relations are aimed at ensuring the protection of information from:
- unwanted disclosure;
- reducing the risks of unauthorized access to classified information, their illegal replication.
Ensuring the legality of data protection
To achieve the set goals, a legal framework is needed that regulates the norms of relations in the information sphere. Methodological documentation is being developed for the practical implementation of data security.
- amendments to existing laws and the adoption of new ones that regulate issues of legal relations in the field of information security to eliminate contradictions;
- specifying the grounds for prosecution, penalties for violations of secrecy or limited access to data;
- delimitation of the powers of the federal and the executive authorities operating in the constituent entities of the country regarding information security, involvement of the public in this activity;
- clarification of the status of foreign journalists and news agencies, the legality of attracting foreign investors in the development of the country's information infrastructure;
- consolidation of the priority of domestic producers of information resources and communication networks;
- creation of a legal framework that allows the formation of structures responsible for information security at the regional level.
So, for example, the norms of the adopted Federal Law No. 149 "On Information, Information Technologies and the Protection of Information" establish the rights to produce, distribute, receive data; regulates the use of technologies and ensuring the protection of confidential, classified information; the definition of information is given - as any information, regardless of the form of their provision.
Based on the requirements established by federal law, information is classified as information that is confidential or contains secret data, the dissemination of which may harm public policy or a specific area of activity.
Within the framework of criminal, administrative legislation, taking into account the severity of the offense, the consequences, the punishment measures for the perpetrators are determined - from fines to the prohibition to engage in certain types of activity, imprisonment. It also provides for liability for deliberate or negligent failure to comply with security measures.
Feature of economic methods for ensuring information security
Already at the stage of creating confidential or secret data that is not intended for mass distribution, measures should be taken to ensure their protection.
The purchase of special tools and equipment for information security requires certain material investments.
Effective information protection can be achieved if:
- take care of restricting access to information carriers by placing appropriate devices and equipment in protected premises, using locking mechanisms that function regardless of the form and type of secret data;
- control the actions of employees using devices built into information and telecommunication systems;
- install special programs to prevent changes to documents, as well as their unauthorized copying and transfer;
- use advanced mathematical (cryptographic) tools that ensure information security of data by creating a software and hardware complex that allows you to protect the information itself, and not access to it.
The economic part in solving information security problems is:
- establishment of the procedure for financing measures aimed at data protection;
- the creation of an insurance system for individuals and legal entities, which allows to cover the costs of material damage caused due to the loss or damage of information, for example, as a result of emergencies of a natural or man-made nature, failure of computer networks.
Together with the norms established by law, these methods are aimed at improving the security system of the Russian Federation.
To achieve the set goals:
- analyze the sources of possible threats and risks that can harm the confidentiality of data;
- carry out software certification;
- pay maximum attention to the degree of security of communication systems and their development.
Organization of information protection
The adoption of rules for the exchange of data, the establishment of a regime for the protection of classified information on paper and electronic media are classified as organizational methods of protection.
The basis for organizing information security when working with documentation and other resources are:
- approval of the rules for differentiating access in the provisions of internal use that do not contradict the requirements of federal laws;
- analysis of potential information threats, regular monitoring of the protection indicators of confidential information;
- recruiting personnel to work with documentation and data carriers, familiarizing them with the duties and measures of responsibility for disclosing information that became known in the process of performing professional (official) functions;
- control and training of personnel who have access to secure information systems.
In practice, information security is provided by government agencies or responsible officials specially created at the enterprises of the service.
The effectiveness of measures taken to protect data depends on an integrated approach to solving the assigned tasks.
Correct identification of potential threats and the correct choice of technical means will ensure the confidentiality of classified information at the stage of information creation and in the process of its use.
The basis of the state policy in ensuring information security is:
- protection of constitutional rights and freedoms of citizens;
- observance of legislative norms and generally recognized principles of international law, agreements signed by Russia.
A security system of any level should provide for potential risks:
- natural threats to information carriers - for example, damage as a result of natural disasters or equipment failure, lack of power supply;
- criminal acts - kidnapping, interception, use of information data for personal gain;
- unintentional errors that lead to a malfunction of the information system or a violation of its integrity.
The main rule for financing information security, not only in Russia, but also in other countries, is considered to be the creation of such a system for protecting valuable documents and other important information, the costs of which do not exceed the cost of the protected data. In this case, it is imperative to take into account the possible damage in the event of their kidnapping, destruction, illegal distribution.