Protection of Information (Защита Информации)
PROTECTION OF INFORMATION
INTRODUCTION
Rapid development of automation processes and the
penetration of the computers in all fields of life have lead to appearance of a
range of peculiar problems. One of these problems is the necessity of providing
effective protection to information and means of its processing.
A lot
of ways to access information, considerable quantity of qualified specialists,
vast use of special technical equipment in social production make it possible
for violators practically at any moment and in any place carry out the actions,
which represent a threat to information safety.
Particular
role in this process has been played by appearance of personal computer (PC),
which has made computers, software and other informational technologies
available to general public. Wide distribution of PC and impossibility of
conducting effective control of their use have resulted in the decreasing
security level of information systems.
In
the current situation, data processing has moved the problems of information
security forward to the rank of most important problems of national economy.
Solving the problem of poor information security presupposes a complex of
measures. First of all, such actions of government as development of
classification system, documentation of information and protection methods,
data access regulations and punishing measures against information security
violators.
PROTECTION
OF INFORMATION
Information
a. State
informational sources
Formation of
state informational sources is carried out by citizens, state authorities,
organizations and social unions. Documents, which belong to a person, can be
included in the state structure of informational sources, of course, if the
person wishes. State informational sources are open and generally available.
Documented information with limited access is divided into state secret and
confidential information.
b. Citizen information
(personal information)
Personal data refers to confidential information. The collection, storage, use
and distribution of private information are not allowed. The information, which
breaks personal and family secret, secret of correspondence, telephone, postal,
telegraph talks and other messages of a person without his/her permission, is
also confidential.
Personal
data may not be used with purpose of causing damage to person’s property and
reputation, difficulties of realization its right. Collected data must be
limited to necessary information. The information, which carries strong
probability of causing damage to a citizen’s interests shouldn’t be collected.
There
are some categories of personal information:
·
secret documents;
·
official department rules and
instructions;
·
information, which is not to be
made public in accordance with legislative acts;
·
confidential business information;
·
information, which touches private
life of a person;
c. Development and production of
informational systems
All
types of informational systems and networks, technologies and means of their
providing compose a special branch of economic activity, whose development is
defined by the state scientific, technological and industrial policy of
informatization.
State
and non-state organizations and, of course, the citizens have equal rights in
terms of access to the development and producing of informational systems,
technologies.
Owner of
informational systems
The informational systems, technologies and means of
their providing can be the property objects of juridical person, non-juridical
person and state. The owner of informational system is a person, who purchased
these objects or got as a gift, heredity or by any other legal way.
The
informational systems, technologies and means of their providing can be
considered as a good (product), if the producer rights are not broken. The
owner of informational system determines the using conditions of this product.
Copyrights and property rights
Copyrights and property rights on informational
systems, technologies and means of their providing can be belong to different
persons. The owner of informational systems has to protect copyrights in
accordance with legislation.
Informational
systems and databases, intended for citizens’ and organizations’ informational
service, are subjected to certification according to the established custom.
The
organizations, which work in the field of making design, producing the means of
information protection and personal data treatment, must obtain licensees to
conduct such activity. The steps for obtaining license are defined by the
legislation.
Computer
systems and protection of information
a. Problem of information protection
The problem of
information security is relatively new. Not all problems, connected with it
have been figured out and solved up to now. The fact of great number of
computer systems users means the definite risk to security because not all
clients will carry out the requirements of its providing.
The
order of storage mediums should be clearly defined in legal acts and envisage
the complete safety of mediums, control over the work with information,
responsibility for unsanctioned access to mediums with a purpose of copying,
changing or destroying them and so on.
b. Legal aspects
There are some
legal aspects of information protection, which can appear due to not carefully
thought or ill-intentioned use of computer technics:
·
legal questions of protection of
informational massifs from distortions;
·
security of stored information
from the unsanctioned access;
·
setting juridically fixed rules
and methods of copyrights protection and priorities of software producers;
·
development of measures for
providing the juridical power to the documents, which are given to the
machines;
·
legal protection of the experts’
interests, who pass their knowledge to the databases;
·
setting of legal norms and
juridical responsibility for using electronic computer means in personal
interests, which hurt other people and social interests and can harm them;
The lack of appropriate registration and control, low
level of work and production personnel
discipline,
the access of an unauthorized persons to the computing sources create
conditions for abusing and cause difficulties to their detection. In every
computing center it is usual to set and strictly follow the regulations of the
access to different official rooms for employees of any categories.
Computer crimes
a. Definition
The development of
computer technology and its wide use have lead to appearance and spread of
computer crimes. Such situation causes alarm among those organizations and
legislative institutions that use computer technologies and, of course, people,
who use new informational services at homes.
The term “computer
crime” was first used in the early 70s. However, the discussions concerning it
are still actual. The top question of these discussions is ”What unlawful
actions are implied by computer crime”. A rank of definitions of the computer
crime has been composed. It often refers to crimes directly or indirectly
connected to electronic computing machines and which includes a number of
illegal acts, committed by means of electronic data processing system or
against it. Others consider that computer crime is any action, which goes
together with interfering with property rights and fulfilled by means of
computers. The thirds think that computer crime can be defined as all
intentional and unlawful actions, which lead to causing harm to possessions,
with help of computers too.
b. Statistics
There are
following forms of computer criminality: computer manipulations, economic
espionage, sabotage, computer extortion, “hackers” activity. The main character
of committing computer crimes in the business field becomes highly qualified
“white collars” from the suffered organization’s employees.
According to the MIS Traiding Institute (USA), they get 63%
of all causes, examining crimes and abuses. More than 36% of law-committing
employees are related to the personnel, which is not connected with computer
servicing, 29% - qualified programmers, 25% - other workers of computing
center. This tendency is reflected in official statistics too, according to
which, about 40% of computer crimes are committed for solving of financial
problems, 20% are motivated as an intellectual challenge to society, 17% - by
the willing of solving personal problems, 8% - problems of corporation or
organization, 4% - are directed for social admitting, 3% - for wounding
somebody’s rights and so on.
c. “Hackers” and “crackers”
The most dangerous individuals of computer swindle are so
called “hackers”, “crackers” and representatives of other groups, working in
the sphere of industrial espionage. So, many security specialists advise
employers to pay special attention to engaged workers-specialists in computer
technologies, programming and information protection spheres.
There are many causes, when “hackers” get a job with a goal
of personal enrichment. But the most danger can represent such specialists, who
are in collusion with managers of commercial structures and organized criminal
groups; in these situations causing damage and weight of consequences
considerably increases.
There are two types of unsanctioned access:
·
internal “breaking open” – the
criminal has access to the terminal, with information he interested in and can
work with it for some time without somebody’s control;
·
external “breaking open” – the
criminal doesn’t have indirect access to the computer system, but has an
opportunity of penetration to the protected system by means of remote access;
CONCLUSION
Analysis of such actions shows that single crimes from own
or neighbor work places gradually develop into network computer crimes, which
are carried out by means of breaking of organizations’ protecting systems.