The main types of threats to the security of information systems are:

Deliberate actions of violators and intruders (offended persons from among the staff, criminals, spies, saboteurs, etc.).

Security threats can be classified according to various criteria:

1. Based on the results of the promotion:

1) the threat of leakage;

2) the threat of modification;

3) the threat of loss.

2. Based on:

· Unintentional;

· Intentional.

Random (unintentional) threats may arise as a result of:

Natural disasters and accidents (flood, hurricane, earthquake, fire, etc.);

Failure and failure of equipment (technical means) of AITU;

Consequences of errors in the design and development of AIS components (hardware, information processing technology, programs, data structures, etc.);

Operational errors (of users, operators and other personnel).

Main reasons unintentional, man-made threats AIS:

· Inattention;

Violation of the regulations and ignoring the restrictions established in the system;

· Incompetence;

· Negligence.

Examples of threats:

1) unintentional actions leading to partial or complete failure of the system or destruction of the hardware, software, information resources of the system (unintentional damage to equipment, deletion, distortion of files with important information or programs, including system ones, etc.);

2) improper activation of the equipment or changing the operating modes of devices and programs;

3) unintentional destruction of media information;

4) illegal introduction and use of unrecorded programs (game, educational, technological, etc.)., which are not necessary for the violator to perform his official duties) with subsequent unreasonable expenditure of resources (processor load, seizure of RAM and memory on external media);

6) computer infection viruses;

7) careless actions leading to disclosure of confidential information or making it publicly available;

8) disclosure, transfer or loss of access control attributes (n passwords, encryption keys, identification cards, passes, etc.);

9) ignoring organizational constraints(established rules) at the rank in the system;

10) login bypassing security(loading an external operating system from removable magnetic media, etc.);

11) incompetent use, setting or illegal shutdown means of protection security personnel;

12) forwarding data to an erroneous address of the subscriber (device);

13) entering erroneous data;

14) unintentional damage to communication channels.

deliberate threats - these are AIS threats caused by human activity, associated with the selfish aspirations of people (intruders).

Sources of threats in relation to the information system can be external or internal.

Unfortunately, the result of the implementation of both threats are the same consequences: loss of information, violation of its confidentiality, its modification.

Main deliberate intentional threats usually aimed at:

Deliberate disruption of the system and its failure,

· for the purpose of penetration into the system and unauthorized access to information and its use for personal gain.

Deliberate threats, in turn, can be divided into:

1. Active and passive .

Passive Threats - are aimed mainly at unauthorized use of information resources that does not entail damage and destruction of information.

To do this, various methods are used :

a) use of listening devices, remote photo and video filming, media theft, etc.;

b) theft of information media (magnetic disks, tapes, memory chips, storage devices and personal computers);

c) interception of data transmitted over communication channels and their analysis in order to find out the exchange protocols, the rules for entering communication and authorization of the user and subsequent attempts to imitate them in order to penetrate the system;

G) reading the rest of the information from the RAM and from external storage devices (printer memory buffer);

e) reading information from areas of RAM used by the operating system (including the protection subsystem);

e) illegal obtaining of passwords and other requisites for access control (by agents, using the negligence of users, by selecting, imitating the system interface, etc., followed by disguise as a registered user (“masquerade”);

Active Threats - violation of the normal functioning of the system by purposefully influencing its components.

Implementation methods:

A) failure of the PC or operating system;

B) disruption of communication channels;

C) hacking the security system;

D) the use of software viruses, etc.

2. Internal and external threats .

insiders may be persons from the following categories of personnel:

§ support and maintenance personnel (operators, electricians, technicians) of the system;

§ employees of software development and maintenance departments (application and system programmers);

§ employees of the AITU security service;

§ managers of various levels of the job hierarchy.

According to research conducted in the BIS, more than 80% of violations are committed by bank employees

Outsiders who may be external violators .

§ clients (representatives of organizations, citizens);

§ visitors (invited on any occasion);

§ representatives of organizations interacting on issues of ensuring the life of the organization (energy, water, heat supply, etc.);

representatives of competing organizations (foreign special services) or persons acting on their instructions;

2.Methods and means of protection

Protection system - it is a set (complex) of special legal (legislative) (administrative) measures, organizational measures, physical and technical (software and hardware) means of protection, as well as special personnel designed to ensure the security of information, information technologies and the automated system as a whole.

In international and Russian practice, standards are used to assess the level of security of computer systems. In the US, the document containing these standards is called the Orange Book. (1985). It provides the following levels of system security:

Highest class - A;

Intermediate class -B;

Low level - C;

· The class of systems that have not passed the test -D.

In Russian practice, the State Technical Commission under the President of the Russian Federation has developed a guiding document that provides for the establishment of 7 classes of security of CVT from unauthorized access. At the same time, protective measures cover the following subsystems:

· Access control;

· Registration and accounting;

· Cryptographic;

· Ensuring integrity;

· Legislative measures;

physical measures.

Methods and means of ensuring information security are shown in Figure 2. Consider the main content of the presented methods of information protection, which form the basis of protection mechanisms.

| Information Security

Lessons 6 - 8
Information Security

By studying this topic, you will learn:

What are the main goals and objectives of information security;
- what are information threats and how they manifest themselves;
- what is the source of information threats;
- what methods exist to protect information from information threats.

The main goals and objectives of information security

Throughout the history of the development of civilization, reliable and complete information has always been a sought-after and expensive commodity. Modern society is characterized by an exponentially increasing amount of information that a person must perceive and process in the course of his activity.

How to protect information and enable it to be used for its intended purpose and on time? The solution of this issue has been and still remains one of the most urgent tasks. The large-scale development of the informatization process has further exacerbated this problem, since it is necessary to take into account not only the conditions of the traditional human environment, but also the environment that has appeared due to the widespread introduction of computer systems in various areas of its activity.

The process of informatization inevitably leads to the integration of these environments, so the problem of information protection must be solved, taking into account the entire set of conditions for the circulation of information, the creation and use of information resources in this new unified environment, which is called the "information environment".

The information environment is a set of conditions, means and methods based on computer systems designed to create and use information resources.

The totality of factors that pose a danger to the functioning of the information environment is called information threats. The specific results of these threats can be: the disappearance of information, the modification of information, the familiarization of information with unauthorized persons, etc.

Illegal influences on the information environment can be detrimental to the interests of a person and society, therefore one of the tasks of informatization is to ensure information security. The protection of the information environment from information threats must be ensured, that is, not only the protection of information, but also the information security of the person himself and the whole society.

Information security - a set of measures to protect the information environment of society and man.

The main goals of ensuring the information security of society are:

♦ protection of national interests;
♦ providing a person and society with reliable and complete information;
♦ legal protection of an individual and society in obtaining, disseminating and using information.

Objects that should be provided with information security include:

♦ information resources;
♦ system of creation, distribution and use of information resources;
♦ information infrastructure of the society (information communications, communication networks, data analysis and processing centers, information security systems and tools);
♦ mass media;
♦ human and state rights to receive, disseminate and use information;
♦ protection of intellectual property and confidential information.

Information threats

Sources of information threats to a person and society can be external and internal factors (Fig. 1.1).

Rice. 1.1. Sources of the main information threats for Russia

The sources of the main external threats for Russia include:

♦ policies of countries that oppose access to world achievements in the field of information technologies;
♦ "information war" disrupting the functioning of the information environment in the country;
♦ criminal activity directed against national interests.

The sources of the main internal threats for Russia include:

♦ lagging behind the leading countries of the world in terms of the level of informatization;
♦ technological backwardness of the electronic industry in the field of production of information and telecommunication equipment;
♦ decrease in the level of education of citizens, which hinders work in the information environment.

Information threats to information security can be divided into intentional (unauthorized access) and accidental (Fig. 1.2).

Rice. 1.2. Main types of information threats

Deliberate threats are often referred to as unauthorized access, attack, attack. These threats are associated with human actions, the causes of which may be: self-affirmation of one’s abilities (hackers), dissatisfaction with one’s life situation, material interest, entertainment, etc. The list of intentional influences on information can be very diverse and is determined by the capabilities and imagination of those who going to implement them. Here are some possible deliberate threats that are typical for computer systems:

♦ theft of information: unauthorized access to documents and files (viewing and copying data), theft of computers and storage media, destruction of information;
♦ distribution of computer viruses;
♦ physical impact on equipment: making changes to equipment, connecting to communication channels, damage or destruction of media, deliberate exposure to a magnetic field.

Deliberate threats in computer systems can be carried out through information access channels:

♦ employee's computer workplace;
♦ computer workstation of a computer system administrator;
♦ external media (discs, tapes, paper media);
♦ external communication channels.

The most serious threat comes from computer viruses. Up to 300 new viruses appear every day. Viruses do not recognize state borders, spreading around the world in a matter of hours. The damage from computer viruses can be varied, ranging from extraneous inscriptions that appear on the monitor screen, and ending with the theft and deletion of information located on the infected computer. Moreover, these can be both system files of the operating environment, as well as office, accounting and other documents that are of some value to the user. Financial damage from viruses in 2003, according to preliminary estimates, reached 12 billion dollars.

Among malicious programs, a special place is occupied by "Trojan horses", which can be installed and run on their computer without the owner noticing. Various variants of "Trojan horses" make it possible to view the contents of the screen, intercept commands entered from the keyboard, steal and change passwords and files, etc.

Increasingly, the cause of information "sabotage" is called the Internet. This is due to the expansion of the range of services and electronic transactions carried out via the Internet. Increasingly, along with e-mail, free programs, computer games come computer viruses. Two global epidemics occurred in 2003, the largest in the history of the Web. It is noteworthy that the epidemics were caused not by classical mail worms, but by their network modifications - worms that spread in the form of network data packets. They have become leaders in the malware rating. The share of "network worms" in the total mass of such programs that appeared, for example, in 2003, exceeds 85%, the share of viruses - 9.84%, trojans accounted for 4.87%.

Recently, network attacks have become one of the most common computer threats. Attacks of intruders are aimed at disabling certain nodes of a computer network. These attacks are called "denial of service" ("denial of service"). Disabling some network nodes even for a limited time can lead to very serious consequences. For example, a failure to service a bank's payment system server will lead to the impossibility of making payments and, as a result, to large direct and indirect financial losses.

Random threats are manifested in the fact that information in the process of input, storage, processing, output and transmission is subjected to various influences. Random factors that determine such impacts are associated with both unforeseen situations (force majeure) and the human factor (errors, negligence, negligence when working with information). So, for example, in computer systems, the causes of random effects can be:

♦ computer user errors;
♦ errors of professional developers of information systems: algorithmic, software, structural;
♦ equipment failures and failures, including interference and signal distortion on communication lines;
♦ force majeure circumstances (accident, fire, flood and other so-called force majeure effects).

Information security for various users of computer systems

The solution to the problem of information security is largely determined by the tasks that the user solves as a specialist in a particular field. Let's explain this with examples. We define several types of activities, for example:

♦ solution of applied problems, which reflects the specifics of the activity of a particular user-specialist;
♦ solving managerial problems, which is typical for any company;
♦ provision of information services in a specialized company, such as information center, library, etc.;
♦ commercial activity;
♦ banking.

Imagine these areas of activity in the form of a pyramid (Fig. 1.3). The size of each sector of the pyramid reflects the degree of mass consumption of information. It corresponds to the number of interested parties (information consumers) who need the result of the relevant information activity. The decrease in the volume of the sector as you move from the base of the pyramid to the top reflects the decrease in the degree of importance of information for the company and all stakeholders. We will explain this in the process of considering each of the listed activities.

Rice. 1.3. Importance of information security
for various specialists from the position of the company and stakeholders

When solving applied problems, the user works with personal information, sometimes using Internet resources as a source of information. Such a user, as a rule, is faced with the task of preserving his personal information. The information stored on his personal computer is the result of his intellectual activity, perhaps many years of research or collection. It has a significant degree of importance directly for this user.

When solving managerial problems, information systems play an important role, the implementation of which is unthinkable without a computer base. With the help of computers, organizational and administrative activities are carried out, information on personnel is compiled and stored, and accounting is maintained. Computers in this case are an auxiliary tool that facilitates the work of employees. For external activities, network technologies are also used, with the help of which the exchange of necessary information is carried out. At the same time, in order to ensure the protection of information in the most important documents, they additionally use regular mail during shipment. The problem of information loss or distortion often affects individual employees, which can affect the success of their career. Thus, the managerial staff in such a company is mainly faced with the task of ensuring the completeness of management documents.

For companies providing information services, such as Internet service providers or telecom operators, the most important task is to ensure the availability and uptime of information systems. The rating of the company, the trust of subscribers in it depends on this. You have to invest in both hardware (to ensure the continuity and stability of communications), as well as backup systems and means to detect attacks that violate the availability of systems.

For the commercial activities of companies operating in a highly competitive environment, the most important task is to prevent information leakage and maintain its confidentiality. This is due to the financial risks of companies in various transactions. Here, the savings in security funds can lead to large losses.

In banking, it is necessary to solve the problems of safety, confidentiality, and security of work, but the task of ensuring the integrity of information (for example, so that it is impossible to make unauthorized changes to processed payment orders) comes first.

Information security methods

When developing methods for protecting information in the information environment, the following important factors and conditions should be taken into account:

♦ expanding areas of computer use and increasing the growth rate of the computer park (that is, the problem of information protection should be solved at the level of technical means);
♦ a high degree of concentration of information in the centers of its processing and, as a result, the emergence of centralized databases intended for collective use;
♦ expanding user access to global information resources (modern data processing systems can serve an unlimited number of subscribers hundreds and thousands of kilometers away);
♦ complicating the software of the computing process on a computer.

Under such modes of operation, programs and data arrays of various users can be simultaneously stored in the computer memory, which makes it important to preserve information from unwanted influences and its physical protection.

Traditional methods of protection against deliberate information threats include: restriction of access to information, encryption (cryptography) of information, access control to equipment, legislative measures. Let's consider these methods.

Restriction of access to information is carried out at two levels:

♦ at the level of human habitat, that is, by creating an artificial barrier around the object of protection: issuing special passes to admitted persons, installing a security alarm or video surveillance system;
♦ at the level of protection of computer systems, for example, by dividing information circulating in a computer system into parts and organizing access to it by persons in accordance with their functional duties. When protected at the software level, each user has a password that allows him to have access only to the information to which he is allowed.

Encryption (cryptography) of information consists in the transformation (coding) of words, letters, syllables, numbers using special algorithms. To get acquainted with encrypted information, a reverse process is needed - decoding. Encryption provides a significant increase in the security of data transmission on the network, as well as data stored on remote devices.

Access control to equipment means that all equipment is closed and sensors are installed in the access points to it, which are triggered when the equipment is opened. Such measures allow you to avoid, for example, connecting third-party devices, changing the operating modes of the computer system, downloading third-party programs, etc.

Legislative measures consist in the implementation of laws, regulations, instructions existing in the country that regulate the legal liability of officials - users and service personnel for leakage, loss or modification of information entrusted to them.

When choosing information protection methods for a particular computer network, a thorough analysis of all possible methods of unauthorized access to information is necessary. Based on the results of the analysis, planning of measures that provide the necessary protection is carried out, that is, the development of a security policy is carried out.

A security policy is a set of technical, software and organizational measures aimed at protecting information in a computer network.

Consider some methods of protecting computer systems from deliberate information threats, focusing on the scheme shown in Fig. 1.2.

Protection against theft of information is usually carried out using special software tools. Unauthorized copying and distribution of programs and valuable computer information is theft of intellectual property. Protected programs are subjected to pre-processing, which brings the executable code of the program into a state that prevents its execution on "foreign" computers (encrypting files, inserting password protection, checking a computer by its unique characteristics, etc.). Another example of protection: to prevent unauthorized access to information in the local network, an access control system is introduced both at the hardware and software levels. An electronic key connected, for example, to a printer connector can be used as a hardware access control device.

To protect against computer viruses, "immune-resistant" software tools (analyzer programs) are used that provide for access control, self-control, and self-healing. Antivirus tools are the most common means of protecting information.

As a physical protection of computer systems, special equipment is used to detect industrial espionage devices, to exclude the recording or relaying of computer radiation, as well as speech and other information-carrying signals. This prevents leakage of informative electromagnetic signals outside the protected area. The most effective means of protecting information in communication channels is the use of special protocols and cryptography (encryption).

To protect information from random information threats, for example, in computer systems, tools are used to increase the reliability of equipment:

♦ increasing the reliability of electronic and mechanical units and elements;
♦ structural redundancy - duplication or tripling of elements, devices, subsystems;
♦ functional control with failure diagnostics, i.e. detection of failures, malfunctions and software errors and elimination of their influence on the information processing process, as well as indication of the location of the failed element.

Every year the number of threats to information security of computer systems and ways of their implementation is constantly increasing. The main reasons here are the shortcomings of modern information technology and the ever-increasing complexity of the hardware. The efforts of numerous developers of software and hardware methods for protecting information in computer systems are aimed at overcoming these reasons.

Control questions and tasks

Tasks

1. Describe the information environment for the listed objects and indicate possible information threats for it:

a) school;
b) library;
c) your family;
d) a supermarket;
e) cinema;
f) any other medium of your choice.

2. Using the Internet, write an abstract and make a report on the methods and means of protecting information for a non-computer human environment.

3. List the most important factors and conditions that should be taken into account when developing methods for protecting information in the information environment. Illustrate your answer with a specific example of the information environment proposed in paragraph 1.

test questions

1. What is the information environment?

2. How information security manifests itself:

a) a person;
b) countries;
c) a computer;
d) local area network?

3. What objects should be provided with information security?

4. What is an information threat?

5. What external information threats should be taken into account when developing information security measures in Russia?

6. What internal information threats should be taken into account when developing information security measures in Russia?

7. What deliberate information threats do you know? Give examples.

8. What random informational threats do you know? Give examples.

9. What is the main goal of information security in solving applied user problems?

10. What is the main goal of information security in solving managerial problems?

11. What is the main goal of information security for a company specializing in the provision of information services?

12. What is the main goal of information security in business?

13. What is the main goal of information security in banking?

14. What is a security policy?

15. What methods of protecting information from deliberate information threats do you know?

16. What methods of protecting information from random information threats do you know?

An information security threat (information threat) is understood as an action or event that can lead to the destruction, distortion or unauthorized use of information resources, including stored, transmitted and processed information, as well as software and hardware. If the value of information is lost during its storage and / or distribution, then the threat of violation of the confidentiality of information is realized. If information is changed or destroyed with the loss of its value, then the threat to the integrity of information is realized. If the information does not reach the legal user on time, then its value decreases and completely depreciates over time, thereby threatening the efficiency of use or the availability of information.

So, the implementation of information security threats consists in violating the confidentiality, integrity and availability of information. An attacker can get acquainted with confidential information, modify it, or even destroy it, as well as restrict or block a legitimate user's access to information. In this case, the attacker can be both an employee of the organization and an outsider.

Information threats can be caused by:

• - natural factors (natural disasters - fire, flood, hurricane, lightning and other causes);
• - human factors. The latter, in turn, are divided into:
  • a) threats of an accidental, unintentional nature. These are threats associated with errors in the process of preparing, processing and transmitting information (scientific and technical, commercial, monetary and financial documentation);
  • b) with non-targeted "brain drain", knowledge, information. These are threats associated with errors in the process of designing, developing and manufacturing systems and their components (buildings, structures, premises, computers, communications, operating systems, application programs, etc.) with errors in the operation of equipment due to poor-quality manufacturing;
  • c) with errors in the process of preparing and processing information (errors of programmers and users due to insufficient qualifications and poor quality service, operator errors in preparing, entering and outputting data, correcting and processing information);
  • d) threats caused by intentional, deliberate actions of people. These are threats related to the transfer, distortion and destruction of data for mercenary and other anti-social motives (documentation, drawings, descriptions of discoveries and inventions, and other materials);
  • e) eavesdropping and transmission of official and other scientific, technical and commercial conversations; with a purposeful "brain drain". These are threats associated with unauthorized access to the resources of an automated information system.

Leakage of confidential information is an uncontrolled release of confidential information outside the IP or the circle of persons to whom it was entrusted in the service or became known in the course of work. This leak may be due to:

• - disclosure of confidential information;
• - information withdrawal through various, mainly technical, channels;
• - unauthorized access to confidential information in various ways.

Uncontrolled care of confidential information via visual-optical, acoustic, electromagnetic and other channels is possible.

Types of threats to confidential documents in the organization's workflows can be divided into several groups:

• 1. Unauthorized access of an unauthorized person to documents, cases, databases due to his curiosity or deceitful, provocative actions, as well as accidental or deliberate errors of the company's personnel;
• 2. Loss of a document or its individual parts (sheets, applications, diagrams, copies, copies, photographs, etc.), a carrier of a draft version of a document or working records due to theft, loss, destruction;
• 3. Loss of confidentiality by information due to its disclosure by personnel or leakage through technical channels, reading data in other people's arrays, using residual information on a copy tape, paper, disks and diskettes, erroneous actions of personnel;
• 4. Substitution of documents, carriers and their separate parts for the purpose of falsification, as well as concealment of the fact of loss, theft;
• 5. Accidental or deliberate destruction of valuable documents and databases, unauthorized modification and distortion of text, details, falsification of documents;
• 6. The destruction of documents in extreme situations.

For electronic documents, the threats are especially real, since the fact of information theft is almost difficult to detect. With regard to confidential information processed and stored in computers, the conditions for the occurrence of threats, according to a number of experts, are classified according to the degree of risk as follows:

• * Unintentional errors of users, operators, referents, case managers, system administrators and other persons serving information systems;
• * Theft and forgery of information;
• * Natural situations of the external environment;
• * Infection with viruses.

In accordance with the nature of the above threats, the tasks of ensuring the protection of information in document flows are formed, aimed at preventing or mitigating these threats.

The main direction of protecting documented information from possible dangers is the formation of a secure workflow and the use of a specialized technological system in the processing and storage of documents that ensures the security of information on any type of media.

Thus, security is not only protection against criminal encroachments, but also the preservation of (especially electronic) documents and information, as well as measures to protect critical documents, and ensure the continuity and / or recovery of activities in case of disasters.

Organizational measures play an essential role in creating a reliable mechanism for protecting information, since the possibility of unauthorized use of confidential information is largely determined not by technical aspects, but by malicious actions, negligence, negligence and negligence of users or security personnel. The influence of these aspects is almost impossible to avoid with the help of technical means. This requires a set of organizational, legal and organizational and technical measures that would exclude (or at least minimize) the possibility of a danger to confidential information. Organization of work on carrying out systematic control over the work of personnel with confidential information, the procedure for accounting, storage and destruction of documents and technical media. An instruction should be developed that regulates the procedure for employees to access confidential information, the procedure for creating, accounting, storing and destroying confidential documents of the organization.

Introduction 3

1. The concept of information security threat 4

2. Sources of threats to information security of the Russian Federation 9

3. Methods and means of information protection 11

4. Examples of threats to information security 14

Conclusion 19

List of sources used 20

Introduction

In recent years, computer technology has closely entered our lives. It is quite difficult for people in our time to imagine how they used to do without computers, they are so used to them. With the availability of computers, people also began to actively use the services of the Internet - e-mail, the World Wide Web, Internet banking. Now, every morning of the average person begins with the standard viewing of the news feed, checking the contents of personal mail, visiting various popular social networks, shopping in online stores, paying for various services, etc. The Internet has slowly but surely become a constant assistant in our daily affairs.

The Internet facilitates communication and breaks down language barriers, now even if your friend lives a thousand kilometers from you in another city or even in another country, you can communicate with him, if you wish, at least all day long.

But with all the advantages of the Internet, it also lurks a lot of dangers. First of all, these are threats to personal and state security. The Internet is a free space where personal data, bank card data can be easily stolen, information wars are waged on the Web, information conflicts are generated.

Thus, the threat to information security is one of the most important problems of modern human life, and we need to know where it comes from and how we can protect ourselves.

1. The concept of information security threat

The life of modern society is unthinkable without modern information technologies. Computers serve banking systems, control the operation of nuclear reactors, distribute energy, monitor train schedules, control aircraft, spacecraft. Computer networks and telecommunications predetermine the reliability and capacity of the country's defense and security systems. Computers provide storage of information, its processing and provision to consumers, thus implementing information technology.

However, it is precisely the high degree of automation that creates the risk of reducing security (personal, informational, state, etc.). The availability and widespread use of information technologies and computers makes them extremely vulnerable to destructive influences. There are many examples of this.

Under information security threat means an action or event that can lead to the destruction, distortion or unauthorized use of information resources, including stored, transmitted and processed information, as well as software and hardware.

The main types of threats to the security of information technologies and information (threats to the interests of subjects of information relations) are:

• natural disasters and accidents (flood, hurricane, earthquake, fire, etc.);
• failures and failures of equipment (technical means) of AITU;
• the consequences of errors in the design and development of AITU components (hardware, information processing technology, programs, data structures, etc.);
• operational errors (of users, operators and other personnel);
• deliberate actions of violators and intruders (offended persons from among the staff, criminals, spies, saboteurs, etc.).

Security threats can be classified according to various criteria.

As a result of the action: 1) the threat of leakage; 2) the threat of modification; 3) the threat of loss.

By violation of the properties of information: a) the threat of violation of the confidentiality of the processed information; b) the threat of violation of the integrity of the processed information; c) the threat of system disruption (denial of service), i.e., the threat to availability.

By the nature of occurrence: 1) natural; 2) artificial.

Natural Threats are threats caused by the impact on a computer system and its elements of objective physical processes or natural disasters.

Man-made threats are threats to a computer system caused by human activity. Among them, based on the motivation of actions, we can distinguish:

a) unintentional(unintentional, accidental) threats caused by errors in the design of a computer system and its elements, errors in software, errors in the actions of personnel, etc.;

b) deliberate(deliberate) threats associated with the selfish aspirations of people (intruders). Sources of threats in relation to information technology can be external or internal (components of the computer system itself - its hardware, programs, personnel).

The main unintentional artificial threats (actions performed by people accidentally, through ignorance, inattention or negligence, out of curiosity, but without malicious intent):

1. unintentional actions leading to partial or complete failure of the system or destruction of the hardware, software, information resources of the system (unintentional damage to equipment, deletion, distortion of files with important information or programs, including system ones, etc.);
2. illegal inclusion of equipment or change in operating modes of devices and programs;
3. unintentional, damage to storage media;
4. launching technological programs that, if used incompetently, can cause a loss of system performance (freezes or loops) or irreversible changes in the system (formatting or restructuring of storage media, deleting data, etc.);
5. illegal introduction and use of unrecorded programs (gaming, educational, technological, etc., which are not necessary for the violator to perform their official duties) with subsequent unreasonable expenditure of resources (processor load, seizure of RAM and memory on external media);
6. infection of the computer with viruses;
7. careless actions leading to the disclosure of confidential information or making it publicly available;
8. disclosure, transfer or loss of access control attributes (passwords, encryption keys, identification cards, passes, etc.).
9. design of system architecture, data processing technologies, development of application programs with capabilities that pose a threat to system performance and information security;
10. ignoring organizational restrictions (established rules) with rank in the system;
11. logging into the system bypassing the protection means (loading an external operating system from removable magnetic media, etc.);
12. incompetent use, adjustment or unlawful disabling of security measures by security personnel;
13. forwarding data to the wrong address of the subscriber (device);
14. entering erroneous data;
15. unintentional damage to communication channels. c.124]

The main deliberate artificial threats are characterized by possible ways of deliberately disrupting work, disabling the system, penetrating the system and unauthorized access to information:

1. physical destruction of the system (by explosion, arson, etc.) or disablement of all or some of the most important components of the computer system (devices, carriers of important system information, personnel, etc.);
2. shutdown or incapacitation of subsystems for ensuring the functioning of computing systems (power supply, cooling and ventilation, communication lines, etc.);
3. actions to disrupt the functioning of the system (changing the operating modes of devices or programs, a strike, sabotage of personnel, setting up powerful active radio interference at the operating frequencies of the system devices, etc.);
4. introduction of agents into the number of system personnel (including, possibly, into the administrative group responsible for security);
5. recruitment (by bribery, blackmail, etc.) of personnel or individual users with certain powers;
6. the use of eavesdropping devices, remote photography and video recording, etc.;
7. interception of spurious electromagnetic, acoustic and other radiation from devices and communication lines, as well as directing active radiation to auxiliary technical means that are not directly involved in information processing (telephone lines, power networks, heating, etc.);
8. interception of data transmitted over communication channels and their analysis in order to find out the exchange protocols, the rules for entering communication and authorization of the user and subsequent attempts to imitate them in order to penetrate the system;
9. theft of information carriers (disks, flash tape, memory chips, storage devices and personal computers);
10. unauthorized copying of information media;
11. theft of production waste (printouts, records, decommissioned storage media, etc.);
12. reading the rest of the information from the RAM and from external storage devices;
13. reading information from areas of RAM used by the operating system (including the protection subsystem) or other users in an asynchronous mode, using the shortcomings of multitasking operating systems and programming systems;
14. illegal obtaining of passwords and other requisites of access control (undercover, using the negligence of users, by selection, imitation of the system interface, etc.) with subsequent disguise as a registered user (“masquerade”);
15. unauthorized use of user terminals that have unique physical characteristics, such as the number of a workstation in the network, physical address, address in the communication system, hardware coding unit, etc.;
16. opening ciphers of cryptoprotection of information;
17. the introduction of hardware special attachments, programs of "bookmarks" and "viruses" ("Trojan horses" and "bugs"), i.e. such sections of programs that are not necessary for the implementation of the declared functions, but allow you to overcome the protection system, covertly and illegally access to system resources in order to register and transmit critical information or disrupt the functioning of the system;
18. illegal connection to communication lines for the purpose of working "between the lines", using pauses in the actions of a legitimate user on his behalf, followed by the introduction of false messages or modification of transmitted messages;
19. illegal connection to communication lines with the aim of directly replacing a legitimate user by physically disconnecting him after logging in and successfully authenticating, followed by the introduction of disinformation and the imposition of false messages. c.71]

It should be noted that most often, to achieve the goal, the attacker uses not one method, but some combination of them from those listed above.

2. Sources of threats to information security of the Russian Federation

Sources of Threats information security of the Russian Federation are divided into external and internal.

To external sources relate:

• activities of foreign political, economic, military, intelligence and information structures directed against the interests of the Russian Federation in the information sphere;
• the desire of a number of countries to dominate and infringe on Russia's interests in the global information space, to oust it from the external and internal information markets;
• aggravation of international competition for the possession of information technologies and resources;
• activities of international terrorist organizations;
• increasing the technological gap between the leading powers of the world and building up their capabilities to counteract the creation of competitive Russian information technologies;
• activities of space, air, sea and ground technical and other means (types) of reconnaissance of foreign states;
• the development by a number of states of the concepts of information wars, which provide for the creation of means of dangerous influence on the information spheres of other countries of the world, the disruption of the normal functioning of information and telecommunication systems, the safety of information resources, and obtaining unauthorized access to them. 7, p.15]

To internal sources relate:

• the critical state of domestic industries;
• unfavorable criminogenic situation, accompanied by trends in the merging of state and criminal structures in the information sphere, obtaining access to confidential information by criminal structures, strengthening the influence of organized crime on the life of society, reducing the degree of protection of the legitimate interests of citizens, society and the state in the information sphere;
• insufficient coordination of the activities of federal state authorities, state authorities of the constituent entities of the Russian Federation in the formation and implementation of a unified state policy in the field of ensuring information security of the Russian Federation;
• insufficient development of the regulatory legal framework governing relations in the information sphere, as well as insufficient law enforcement practice;
• underdevelopment of civil society institutions and insufficient state control over the development of the information market in Russia;
• insufficient funding for measures to ensure the information security of the Russian Federation;
• insufficient economic power of the state;
• decrease in the efficiency of the education and upbringing system, insufficient number of qualified personnel in the field of information security;
• insufficient activity of federal state authorities, state authorities of the constituent entities of the Russian Federation in informing the public about their activities, in explaining the decisions made, in the formation of open state resources and the development of a system for citizens to access them;
• lagging behind Russia from the leading countries of the world in terms of the level of informatization of federal government bodies, government bodies of the constituent entities of the Russian Federation and local governments, the credit and financial sector, industry, agriculture, education, healthcare, the service sector and the life of citizens.9, p.119 ]

3. Methods and means of information protection

The problem of creating an information security system includes two complementary tasks:

1) development of an information security system (its synthesis);

2) evaluation of the developed information security system.

The second task is solved by analyzing its technical characteristics in order to establish whether the information protection system satisfies a set of requirements for these systems. Such a task is currently being solved almost exclusively by expert means through the certification of information security tools and the certification of the information security system in the process of its implementation.

Consider the main content of modern methods of information protection, which form the basis of protection mechanisms.

Obstacles— methods of physically blocking the way for an intruder to protected information (to equipment, storage media, etc.).

Access control- a method of protecting information by regulating the use of all resources of a computer information system (elements of databases, software and hardware). Access control includes the following security features:

• identification of users, personnel and resources of the system (assignment of a personal identifier to each object);
• identification (authentication) of an object or subject by the identifier presented to them;
• verification of authority (checking the compliance of the day of the week, time of day, requested resources and procedures with the established regulations);
• permission and creation of working conditions within the established regulations;
• registration (logging) of calls to protected resources;
• registration (signaling, shutdown, delay of work, refusal of a request) in case of attempts of unauthorized actions.

Disguise- a method of protecting information by its cryptographic closure. This method is widely used abroad both in the processing and storage of information, including on diskettes. When transmitting information over long-distance communication channels, this method is the only reliable one.

Regulation- a method of protecting information that creates such conditions for automated processing, storage and transmission of protected information, in which the possibility of unauthorized access to it would be minimized.

Compulsion- a method of protection in which users and system personnel are forced to comply with the rules for processing, transferring and using protected information under the threat of material, administrative or criminal liability.

Motivation- a method of protection that encourages the user and system personnel not to violate the established order by complying with established moral and ethical standards (both regulated and unwritten).

The considered methods of ensuring security are implemented in practice through the use of various means of protection, such as technical, software, organizational, legislative, moral and ethical. K. main protective equipment, used to create a security mechanism include the following:

Technical means implemented in the form of electrical, electromechanical and electronic devices. The whole set of technical means is divided into hardware and physical.

Under hardware It is customary to understand equipment or devices that interface with similar equipment via a standard interface. For example, a system of identification and differentiation of access to information (by means of passwords, recording codes and other information on various cards).

Physical means implemented as autonomous devices and systems. For example, locks on the doors where the equipment is located, bars on the windows, uninterruptible power supplies, electromechanical equipment for burglar alarms.

Software are software specifically designed to perform information security functions. This group of tools includes: an encryption mechanism (cryptography is a special algorithm that is triggered by a unique number or bit sequence, usually called an encryption key; then the encrypted text is transmitted over the communication channels, and the recipient has his own key to decrypt the information), a digital signature mechanism, mechanisms access control, data integrity mechanisms, scheduling mechanisms, routing control mechanisms, arbitration mechanisms, anti-virus programs, archiving programs (for example, zip , rar, arj, etc.), protection during input and output of information, etc.

Organizational means protection are organizational, technical and organizational and legal measures carried out in the process of creating and operating computer technology, telecommunications equipment to ensure the protection of information. Organizational measures cover all structural elements of equipment at all stages of their life cycle (construction of premises, design of a computer information system for banking, installation and commissioning of equipment, use, operation).

Moral and ethical means protections are implemented in the form of all sorts of norms that have developed traditionally or are formed as computing technology and means of communication spread in society. These norms are for the most part not mandatory as legislative measures, however, non-compliance with them usually leads to a loss of authority and prestige of a person. The most illustrative example of such norms is the Code of Professional Conduct for Members of the US Computer Users Association.

Legislative means protection are determined by the legislative acts of the country, which regulate the rules for the use, processing and transmission of restricted access information and establishes liability for violation of these rules.

All considered means of protection are divided into formal (performing protective functions strictly according to a predetermined procedure without the direct participation of a person) and informal (determined by a purposeful human activity or regulate this activity).

4. Examples of information security threats

According to a study by Kaspersky Lab in 2015, 36% of Russian users suffered an account hack at least once, as a result of which their personal data was stolen or the profile was used to distribute malware.

Most often, attackers are interested in access to an account on a social network and email (14%) and a password to online banking (5%).

53% of respondents received phishing messages as a result of a hack or got to suspicious sites, the purpose of which was to extract credentials from them. The information stored in the profile was completely destroyed in every fifth victim, and in 14% of cases, personal data was used for criminal purposes, for example, to conduct unauthorized transactions.

It is not only the users whose credentials have been stolen that suffer from the actions of cybercriminals, but also their friends and relatives. Thus, more than half of the victims of account hacking discovered that someone was sending messages on their behalf, and almost one in four - that their friends clicked on a malicious link received from them.

Despite this, only 28% of users create strong passwords for their accounts, and only 25% choose to securely store them.

For the year from June 2014 to June 2015, cybercriminals stole 2.6 billion rubles through Internet banking systems in Runet, follows from the report of Group-IB at the conference "Trends in the development of crimes in the field of high technologies-2015". For the same period last year, the amount was several times higher - 9.8 billion rubles. "We record a decrease in damage with an increase in the number of attacks," said Dmitry Volkov, head of the Bot-Trek Intelligence cyber intelligence service.

The greatest damage was suffered by legal entities that lost 1.9 billion rubles as a result of the actions of cybercriminals. Every day, 16 companies become victims of cyber attacks, losing an average of 480 thousand rubles. At the same time, hackers have learned to bypass traditional means of protection: neither tokens nor additional SMS authentication can save you from “autoloads” - Trojans that allow you to transfer money from accounts by replacing details. When confirming a payment, a client infected with this Trojan sees the correct recipient's data, although in reality the money goes to the attackers' account.

As a result of targeted attacks, Russian banks themselves lost 638 million rubles during the reporting period. Even single attacks on clients of large banks bring a lot of income. There is a growing interest of malefactors in both trading and brokerage systems. Thus, in February 2015, the first successful attack on a stock broker in Russia was carried out, which lasted only 14 minutes and led to damage of about 300 million rubles.

Almost 100 million rubles. stolen from individuals, and 61 million rubles - with the help of Trojans tailored for the Android platform. The Android vulnerability is attracting more and more attackers, according to the report: ten new criminal groups have emerged working with Android Trojans, and the number of incidents has tripled. Every day, 70 users of Android mobile banking become victims of cybercriminals.

According to Group-IB, the development of the ecosystem serving the commission of cybercrime continues. Services for cashing out stolen money brought the attackers 1.92 billion rubles. The turnover of sites selling data on bank cards, logins and passwords of various systems is growing: the revenue of seven such stores exceeded 155 million rubles.

According to the forecast, next year the developers of malicious software will fully focus on mobile platforms, the number of incidents and the amount of theft from individuals will increase due to the interception of card data, logins and passwords for Internet banking on Android devices. In addition, companies will face even more incidents with programs that encrypt data for subsequent extortion of money for their decryption (crypto lockers). The number of theft of information about bank cards through POS-terminals will also grow: more and more programs for these purposes appear, and some of them are in the public domain.

According to a study by the information security company Invincea, over the past few days, experts have discovered 60 cases of infection of systems with Dridex banking malware in France. The malware is distributed under the guise of emails with an attached Microsoft Office file that looks like an invoice from a popular hotel or store. The malicious attachment is in French and contains a hexadecimal code.

In 2014, nearly 18 million US citizens were victims of identity theft, with credit cards and bank accounts in most of the cases, according to The Networkworld, citing a US Department of Justice report.

According to the Bureau of Justice Statistics, over the past year the number of victims of cyber fraud has increased by 1 million compared to 2012. It is worth noting that the department's report took into account not only cases of compromise of personal information, but also its use for financial or other benefits. According to the data, two out of five incidents were related to illegal manipulation of credit cards, and about the same number - to fraud with bank accounts.

The 2015 Financial Impact of Cybercrime study by the Ponemon Institute (USA) provides data on the annual cost of cyberattack mitigation for companies in the US, UK, Japan, Germany, Australia, Brazil, and Russia.

The study found that US companies on average suffer $15 million a year from cybercrime, 82% more than when the study began six years ago. In other words, every year costs increased by almost 20%.

Cyber-attacks now take an average of 46 days to mitigate, an increase of nearly 30% in six years, with companies spending an average of $1.9 million to mitigate each.

The US study also found that many businesses are investing in security analytics to avoid the cost of detecting and remediating cyberattacks. This tactic pays off: the cost of responding to attacks is reduced, and this can significantly increase the return on investment.

The personal data of 1.5 million users were published in the Amazon cloud service

The victims of the leak were clients of organizations involved in health insurance.

One and a half million Americans have become victims of personal information leakage. Full names, addresses, phone numbers, health and prescription data were mistakenly posted in the clear on the Amazon cloud by health insurance companies using Systema Software.

The incident affected the Kansas Self-Insurance Fund, the CSAC Excess Insurance Authority, and the Salt Lake County database in Utah. The cause of the leak and the exact number of victims are still unknown. A total of 1 million social security numbers, 5 million financial transaction records, hundreds of thousands of injuries, and 4.7 million notes, including those related to fraud investigations, were released.

Conclusion

Based on the results of the studies carried out in this work, the following conclusions can be drawn:

• the life of modern society is unthinkable without modern information technologies;
• in turn, a high degree of automation gives rise to the risk of reducing security (personal, informational, state, etc.). The availability and widespread use of information technologies, computers makes them extremely vulnerable to destructive influences, and there are many examples of this;
• information security threat is an action or event that can lead to the destruction, distortion or unauthorized use of information resources, including stored, transmitted and processed information, as well as software and hardware;
• sources of threats to the information security of the Russian Federation are divided into external and internal;
• to ensure the protection of information, there are a number of methods, as well as means for their implementation;
• According to the online magazine Itsec, in 2014 and 2015 there was a very high level of various cybercrimes.

The above examples of violations of personal and state information security once again prove that the existing threats should by no means be neglected either by the Internet users themselves or by organizations and enterprises.

List of sources used

1. Domarev VV Safety of information technologies. System approach - K .: LLC TID Dia Soft, 2014. - 992 p.
2. Lapina M.A., Revin A.G., Lapin V.I. Information law. - M.: UNITI-DANA, 2014. - 548 p.
3. Bartender Scott. Development of information security rules. - M.: Williams, 2012. - 208 p.
4. Galatenko V. A. Information security standards. - M .: Internet University of Information Technologies, 2006. - 264 p.
5. Galitsky A. V., Ryabko S. D., Shangin V. F. Protection of information in the network. - M.: DMK Press, 2014. - 616 p.
6. Gafner V.V. Information security: textbook. allowance. - Rostov-on-Don: Phoenix, 2010. - 324 p.
7. Information security (2nd book of the socio-political project "Actual problems of social security"). // "Arms and technologies", No. 11, 2014. - P.15-21.
8. Lepekhin A. N. Investigation of crimes against information security. - M.: Tesey, 2008. - 176 p.
9. Lopatin VN Information security of Russia: Man, society, state. - M.: 2010. - 428 p.
10. Petrenko S. A., Kurbatov V. A. Information security policies. — M.: Company IT, 2014. — 400 p.
11. Petrenko S. A. Management of information risks. - M.: IT Company; DMK Press, 2004. - 384 p. — ISBN 5-98453-001-5.
12. Shangin VF Protection of computer information. Effective methods and means. M.: DMK Press, 2013. - 544 p.
13. Shcherbakov A. Yu. Modern computer security. Theoretical basis. Prak inform about it to us.

Sources domestic threats are:

1. Employees of the organization.

2. Software.

3. Hardware.

Internal threats can manifest themselves in the following forms:

Errors of users and system administrators;

Violations by employees of the company of established regulations for the collection, processing, transfer and destruction of information;

Errors in the operation of the software;

Failures and failures in the operation of computer equipment.

To external threat sources include:

1. Computer viruses and malware.

2. Organizations and individuals.

3. Natural disasters.

Forms of manifestation of external threats are:

Infection of computers with viruses or malware;

Unauthorized access (UAS) to corporate information;

Information monitoring by competing structures, intelligence and special services;

Actions of state structures and services, accompanied by the collection, modification, withdrawal and destruction of information;

Accidents, fires, man-made disasters, natural disasters.

All of the above types of threats (forms of manifestation) can be divided into deliberate and unintentional. According to the Computer Security Institute (CSI), over 50% of intrusions are the work of a company's own employees. Regarding the frequency of intrusions, 21% of those surveyed indicated that they had experienced recurrences of "attacks". Unauthorized data modification was the most common form of attack and was mainly used against medical and financial institutions. Over 50% of respondents see competitors as a likely source of "attacks". Respondents attach the greatest importance to the facts of eavesdropping, penetration into information systems and "attacks", in which "intruders" falsify the return address in order to redirect searches to uninvolved persons. These perpetrators are most often offended employees and competitors.

By means of influence on information security objects, threats are subject to the following classification: information, software, physical, radio-electronic and organizational and legal.

To informational threats include:

Unauthorized access to information resources;

Illegal copying of data in information systems;

Theft of information from libraries, archives, banks and databases;

Violation of information processing technology;

Illegal collection and use of information;

The use of information weapons.

To programmatic threats include:

Exploitation of bugs and "holes" in software;

Computer viruses and malware;

Installation of "mortgage" devices.

To physical threats include:

Destruction or destruction of information processing and communication facilities;

Theft of storage media;

Theft of software or hardware keys and means of cryptographic data protection;

Impact on staff.

To electronic threats include:

Implementation of electronic devices for intercepting information in technical facilities and premises;

Interception, decryption, substitution and destruction of information in communication channels.

To organizational and legal threats include:

Violation of legal requirements and delay in making the necessary legal and regulatory decisions in the information sphere;

Procurement of imperfect or obsolete information technologies and means of informatization.

To protect the interests of the subjects of information relations, it is necessary to combine measures the following levels:

1)legislative level(laws, regulations, standards, etc.). The legislative level is the most important for ensuring information security. Measures of this level include the regulation by law and regulations of actions with information and equipment, and the onset of responsibility for violating the correctness of such actions. This issue is discussed in more detail in other chapters.

2) administrative level(actions of a general nature taken by the management of the organization). The main goal of administrative level measures is to form a work program in the field of information security and ensure its implementation by allocating the necessary resources and monitoring the state of affairs. The basis of the program is a security policy that reflects the organization's approach to protecting its information assets. The leadership of each organization must realize the need to maintain a security regime and allocate significant resources for this purpose.

3)procedural level(specific security measures focused on people).

Measures at this level include:

Activities carried out in the design, construction and equipment of computer centers and other objects of data processing systems;

Measures to develop rules for user access to system resources (development of security policy);

Activities carried out in the selection and training of personnel serving the system;

Organization of security and access to the system;

Organization of accounting, storage, use and destruction of documents and information carriers;

Distribution of access control details;

Organization of explicit and covert control over the work of users;

Activities carried out in the design, development, repair and modification of equipment and software.

4)software and hardware level(technical measures).

Protection measures of this level are based on the use of special programs and equipment that perform (independently or in combination with other means) protection functions:

Identification and authentication of users;

Differentiation of access to resources;

Registration of events;

Cryptographic transformations;

Checking the integrity of the system;

Checking for the absence of malware;

Software protection of transmitted information and communication channels;

Protecting the system from the presence and appearance of unwanted information;

Creation of physical obstacles to the penetration of violators;

Monitoring and signaling compliance with the correct operation of the system;

Create backup copies of valuable information.