Information security is a set of methods, methods and actions aimed at protecting against unauthorized actions with data. Information is information that is transmitted orally and in writing by means of signs, technical mechanisms, gestures, programs. Information and its constituent principles are still being studied by experts to improve the efficiency of data storage and use.
It includes:
- data that is transmitted between people and specialized devices;
- signs (in animals, plants);
- other distinctive properties (cells, organs).
Information security is a system of methods that helps in the protection of technologies that ensure cybersecurity within a state or company.
Information that must be secured is used in a wide variety of areas of life: political, economic, social and spiritual. It is important to keep it from leaking to minimize potential adverse effects. For example, economic losses at the state level.
Information is considered safe if it is fully protected from any type of threat. The most common cases of information leakage about payments and personal data are considered (about 80% of cases). The correct approach to security is to implement preventive measures that can reduce the harmful effects inside and outside the system.
The narrow significance of information security
Information security is a practice aimed at preventing unauthorized access, use, discovery and transformation of data. Internal and external information threats can harm national and international relations, specific citizens. Information protection is a set of legal, technical and organizational methods of preventing unauthorized actions with data. It is installed in information systems and is characterized by a set of measures and actions that are aimed at protecting data from outside influences.
The information system includes the following elements:
- subjects - owners of information and mechanisms (infrastructure);
- base - computer rooms, various systems (power supply), communication lines, service personnel.
Information security is also the science of ensuring the safety of information resources, the inviolability of will, the legal rights of the individual and society.
Penetration into the information space is an open (sometimes latent) action that intentionally or by coincidence affects the object of protection, which leads to leakage or disclosure of information.
Information technology security is based on the following inputs:
- Why, who and what to protect?
- What external and internal factors should be protected from?
- How to protect against the threat?
Information security elements
The main components of information security are a set of elements that include openness, confidentiality and integrity of information resources and supporting infrastructure. Security elements often include protection against unauthorized access, which is a key part of data security.
Consider the system of the main components of information data:
- Accessibility is a feature that allows users in certain cases to freely obtain information of interest to them. An exception is data that is hidden from public view, the disclosure of which may cause serious damage to subjects and information. For example, there are materials available that everyone can get: buying tickets, services in banks, paying utility bills.
- Integrity is one of the elements of information that guarantees its stability in case of intentional (unintentional) transformation or destruction of certain data. It can be static (stability of the main objects from the initial state) and dynamic (precise implementation of sequential actions). If the unity of information is violated, this can lead to serious negative consequences. This characteristic is basic and relevant in the information space.
- Confidentiality is the main property that allows access to information exclusively to legally eligible entities: clients, platforms (programs), processes. Confidentiality is the most researched, well-researched aspect of information security.
Information security components cannot function without observing the basic principles, which include:
- ease of use;
- control over operations;
- access control.
Each link of information security is of key importance for the entire system. There is no distinction that data secrecy is the most important, while other principles take the lowest positions. For all subjects of information relations who use the information system in everyday life, at work or for other purposes, the data must be accessible, complete and confidential.
Other categories of information protection
Information objects make up a certain system.
These include:
- various types of media resources (data recorded on tangible media, with the possibility of their identification);
- advantages (rights) of citizens, legal entities and government bodies to disseminate and own data;
- systems for the formation of social responsibility in the use of data.
The components of the information system are divided into groups by type:
- with an exclusive opportunity to enter, with public access;
- other available information;
- false information (has no legal basis).
Data with exclusive access is divided into state secrets and classified data. The first protects information that is secret in various security spheres of the Russian Federation: economic, national, counterintelligence, political. The threat of disclosing state secrets can seriously harm the national integrity of the state. Most of this information is protected from external and internal influences.
The purpose of confidential information is to restrict access of persons to data, the legal regime of which is established by specialized normative acts in the national and non-state areas, industry and social activities.
Confidential information is of the following types:
- the course of the investigation;
- official ethics;
- professional secrecy;
- non-state secret;
- individual data;
- data on the essence of production.
Personal information comprises all types of data about a person that directly or partially relate to him. Such information has limited access, but the subject himself can use this information. They are protected at the national level, the legal principles of subjective data are highlighted.
For example, in 149-FZ of the Russian Federation "On Information" as amended on 12/18/2018, the following rights are spelled out:
- self-identification of information;
- potential access to personal data;
- making adjustments to individual data;
- transformation of personal data;
- complaints about illegal use of data;
- monetary compensation for losses.
Governmental bodies and private organizations, self-governing institutions in the regions use data mainly within the framework of the powers established by national laws and regulations, licenses for the right to engage in certain types of activities.
The main part of information carriers are:
- newspaper and magazine editions, advertising;
- citizens;
- means of communication;
- information documents;
- electronic and other media suitable for improving data.
Methods of protection and transmission of information
Methods of information preservation are of no small importance. Ensuring security in the Russian Federation is a key task for the preservation, conservation, non-use of information important to the state by unauthorized persons. When information is leaked, an uncontrolled increase in data flows occurs, the use of which can negatively affect the integrity of the country.
There are two types of protection: formal and formal. Formal ones save information without personal participation of a person in the protection process (software, hardware). Informal regulates human actions (rules, documents, various events).
Formal methods include:
- physical - electrical, mechanical, electrical devices that function independently of information systems;
- hardware - visual, electronic, laser and other devices built into information systems, specialized computers, employee monitoring systems that prevent access to information;
- software (DLP-, SIEM-systems);
- specific (cryptographic, verbatim - provide secure transmission of information in the corporate and global network).
Informal means organizational, legislative and ethical ways:
- Legislative - these are mandatory norms that are spelled out in laws, by-laws. They regulate the procedure for the operation, analysis and transfer of information, liability for violation of any principles and rules for the use of data. Legislative norms apply to all subjects of relations (currently about 80 acts regulate information activities).
- Organizational - general technical, legal procedures that are mandatory throughout the life cycle of the information system (for example, the Shewhart-Deming cycle). These are the capabilities of the organization that help the system function. These include certification of the system and its elements, certification of objects and subjects.
- Highly moral (ethical) are the principles of morality, the rules of ethics that have historically developed in society. Violation of these norms will lead to the loss of information security, in particular the status and respect of citizens.
Information security methods are uniform and are used in solving data transmission problems, among which there are three main ones:
- reliable communication channel between users;
- using a public encryption channel;
- the use of an information channel with the transformation of data into a form in which only the addressee can decrypt them.
The preservation of documents has played a key role at all times. They were transmitted by encrypted communication channels, hid, bribed couriers to obtain secret data from neighboring states, intercepted in all possible ways. As the norm, such methods have become the impetus for the creation of the main method of converting information that protects against illegal seizure and use - cryptography).
Cryptography and its features
Cryptography is the science of how to ensure confidentiality, the inadmissibility of unauthorized access to informational data. It is a rather complex and popular science about methods of encryption (decryption) of information in such an intricate way that, except for the author, no person can find access to it without a specific key.
Cryptography helps transform data for the sake of its safety and unity. It is a component of information security from the side of functional protection means. Cryptography includes cryptanalysis, which investigates and evaluates encryption techniques, including the development of other techniques. Encoding techniques are often used in transforming information.
Cryptography uses various approaches to creating ciphers: substitution, rearrangement, gamma (encoding), quantum encryption, public key encryption, and various cryptographic protocols. A large number of components are combined into one secure information core.
In the Russian Federation, at the origins of the development of cryptography was Vladimir Anisimov - Candidate of Technical Sciences, Associate Professor of the Department of Information Technologies of the Far Eastern State University of Communications. He has developed a work program on information security practices, in which he introduces the cryptographic aspects of information security to students and citizens who want to protect public data from outsiders. The aim of the program is to study a variety of ways to protect data.
The process of protecting information is multifaceted, complex, and requires a lot of effort from the government, companies, and citizens. Information security must be constantly addressed at the legislative level. Experts must monitor the process, which is key in the safety, reliability and confidentiality of data. Precautions must be taken to protect against leakage and loss of information in all possible ways, since, falling into the wrong hands, it can be used against an individual or a state.
18.12.2020
