home › Internet › Protection of information in the internal affairs bodies. Fundamentals of information security. If we talk about threats of an information technology nature, we can distinguish such elements as information theft, malware, hacker attacks, spam, employee negligence

Protection of information in the internal affairs bodies. Fundamentals of information security. If we talk about threats of an information technology nature, we can distinguish such elements as information theft, malware, hacker attacks, spam, employee negligence

Send your good work in the knowledge base is simple. Use the form below

Students, graduate students, young scientists who use the knowledge base in their studies and work will be very grateful to you.

Posted on http://allbest.ru

Introduction

1. The main threats to information security arising in the course of activity operational units internal affairs bodies

2. The concept and goals of conducting special inspections of informatization objects; the main stages of the audit

3. Hardware and firmware data cryptoprotection

Conclusion

Bibliography

Introduction

The Federal Law of the Russian Federation "On Information, Informatization and Protection of Information", adopted on January 25, 1995 by the State Duma, defines that "information is information about persons, objects, facts, events, phenomena and processes, regardless of the form of their presentation." Information has a number of features: it is intangible; information is stored and transmitted using material? carriers; any material object contains information about itself or about another object.

Rapidly developing computer information technologies are making noticeable changes in our lives. Information has become a commodity that can be bought, sold, exchanged. At the same time, the cost of information is often hundreds of times greater than the cost of the computer system in which it is stored.

According to the results of one study, about 58% of those surveyed suffered from computer hacks in the last year. Approximately 18% of those surveyed say they lost more than a million dollars in the attacks, more than 66% suffered losses of $50,000. Over 22% of the attacks were aimed at trade secrets or documents of primary interest to competitors.

From the degree of security information technologies the well-being and sometimes even the lives of many people depend on it. Such is the payment for the complication and ubiquity of automated information processing systems. A modern information system is a complex system consisting of a large number of components of varying degrees of autonomy that are interconnected and exchange data. Almost every component can be exposed to external influences or fail.

1. Mainthreatsinformationalsecurity,emergingVprocessactivitiesoperationaldivisionsbodiesinternalcases

The development of information and telecommunication technologies has led to the fact that modern society is highly dependent on the management of various processes through computer technology, electronic processing, storage, access and transmission of information. According to the Bureau of Special Technical Measures of the Ministry of Internal Affairs of Russia, more than 14 thousand crimes related to high technologies were recorded last year, which is slightly higher than the year before. An analysis of the current situation shows that about 16% of attackers operating in the "computer" area of crime are young people under the age of 18, 58% are from 18 to 25 years old, and about 70% of them have higher or incomplete higher education .

At the same time, 52% of the identified offenders had special training in the field of information technology, 97% were employees of government agencies and organizations using computers and information technology in their daily activities, 30% of them were directly related to the operation of computer equipment.

According to unofficial expert estimates, out of 100% of initiated criminal cases, about 30% reach the court and only 10-15% of the defendants serve their sentences in prison. Chekalina A. - M .: Hot Line - Telecom, 2006. Most cases are reclassified or dropped for lack of evidence. The real state of affairs in the CIS countries is a matter of fantasy. Computer crimes are crimes with high latency, reflecting the existence in the country of the real situation when a certain part of the crime remains unaccounted for.

Increasingly spreading technological terrorism, an integral part of which is informational or cybernetic terrorism, poses a serious danger to the entire world community.

Computers and specialized systems created on their basis - banking, exchange, archival, research, management, as well as means of communication - from satellites for direct television and communications to radiotelephones and pagers, are becoming targets of terrorists.

The methods of information terrorism are completely different from the traditional ones: not the physical destruction of people (or its threat) and the elimination of material values, not the destruction of important strategic and economic facilities, but a large-scale disruption of financial and communication networks and systems, partial destruction of economic infrastructure and imposition on power structures of his will.

The danger of information terrorism immeasurably increases in the context of globalization, when telecommunications acquire an exclusive role.

Under the conditions of cyber terrorism, a possible model of terrorist influence will have a “three-stage” form: the first stage is the advancement of political demands with the threat of paralyzing the entire economic system of the country if they are not met (at least, that part of it that uses computer technology in its work), the second is to carry out a demonstration attack on the information resources of a fairly large economic structure and paralyze its operation, and the third is to repeat the demands in a tougher form, relying on the effect of a show of force.

A distinctive feature of information terrorism is its cheapness and difficulty of detection. Internet system, which linked computer networks across the planet, changed the rules regarding modern weapons. The anonymity provided by the Internet allows the terrorist to become invisible, as a result, practically invulnerable and not risking anything (primarily life) when carrying out a criminal action.

The situation is aggravated by the fact that crimes in the information sphere, which include cyber terrorism, entail a punishment significantly less than for the implementation of "traditional" terrorist acts. In accordance with the Criminal Code of the Russian Federation (Article 273), creating computer programs or making changes to existing programs that knowingly lead to unauthorized destruction, blocking, modification or copying of information, disruption of the computer, computer system or their network, as well as the use or distribution of such programs or machine media containing such programs is punishable by deprivation of liberty for a term not exceeding seven years. For comparison, in the US laws punish unauthorized entry into computer networks with imprisonment for up to 20 years.

The basis for ensuring an effective fight against cyber terrorism is the creation of an effective system of interrelated measures to detect, prevent and suppress such activities. Various anti-terrorist bodies work to combat terrorism in all its manifestations. The developed countries of the world pay special attention to the fight against terrorism, considering it perhaps the main danger to society.

Threats to the information security of the country, the sources of which are modern crime, criminal national and transnational communities, in their totality and scale of impact covering the entire territory of the country and affecting all spheres of society, necessitate consideration of the struggle between organized crime and law enforcement agencies designed to counter it, primarily , internal affairs bodies, as an information war, the main form of waging which and its specific content is information warfare using information and computing and radio means, electronic intelligence means, information and telecommunication systems, including space communication channels, geo information systems and other information systems, complexes and tools.

In the conditions of the current state of crime, it is impossible to ensure information security in the activities of the internal affairs bodies only on the basis of the use of protective means and mechanisms. Under these conditions, it is necessary to conduct active offensive (combat) operations using all types of information weapons and other offensive means in order to ensure superiority over crime in the information sphere Smirnov AA Ensuring information security in the context of society virtualization. - M.: Unity-Dana, 2012.

The emergence and development of new large-scale phenomena in the life of the country and society, new threats to national security from the underworld, which has modern information weapons at its disposal, and new conditions for the implementation of the operational and service activities of the internal affairs bodies, determined by the needs of conducting an information war against national and transnational basically organized crime, necessitate appropriate legislative, state-legal regulation of relations in the field of information security of the state in general and internal affairs bodies in particular.

The main measures of a state-legal nature to ensure information security, carried out, among other things, by internal affairs bodies, are proposed to include: the formation of a regime and protection in order to exclude the possibility of secret entry into the territory of placement information resources; determination of methods of work with employees in the selection and placement of personnel; work with documents and documented information, including the development and use of documents and carriers of confidential information, their accounting, execution, return, storage and destruction; determining the order of use technical means collection, processing, accumulation and storage of confidential information; creation of technology for analyzing internal and external threats to confidential information and developing measures to ensure its protection; implementation of systematic control over the work of personnel with confidential information, the procedure for accounting, storage and destruction of documents and technical media.

Analysis of the current Russian legislation in the field of information security and state system information protection makes it possible to single out the most important powers of the internal affairs bodies in the field of ensuring the information security of the state: repelling information aggression directed against the country, comprehensive protection of information resources, as well as the information and telecommunications structure of the state; prevention and resolution of international conflicts and incidents in the information sphere; prevention and suppression of crimes and administrative offenses in the information sphere; protection of other important interests of the individual, society and the state from external and internal threats.

The legal protection of information as a resource is recognized at the international and state levels. At the international level, it is determined by interstate treaties, conventions, declarations and is implemented by patents, copyrights and licenses for their protection. At the state level, legal protection is regulated by state and departmental acts.

It is expedient to refer to the main directions of development of the Russian legislation in order to protect the information of the internal affairs bodies:

Legislative consolidation of the mechanism for classifying information infrastructure objects of internal affairs bodies as critical and ensuring their information security, including the development and adoption of requirements for hardware and software used in the information infrastructure of these objects;

Improving the legislation on operational-search activities in terms of creating the necessary conditions for conducting operational-search activities in order to detect, prevent, suppress and solve computer crimes and crimes in the field of high technology; strengthening control over the collection, storage and use by internal affairs bodies of information about the private life of citizens, information constituting personal, family, official and commercial secrets; clarification of the composition of operational-search measures;

Strengthening responsibility for crimes in the field of computer information and clarifying the elements of crimes, taking into account the European Convention on Cybercrime;

Improving criminal procedure legislation in order to create conditions for law enforcement agencies to ensure the organization and implementation of prompt and effective counteraction to crime, carried out using information and telecommunication technologies to obtain the necessary evidence Rastorguev S.P. Fundamentals of information security - M .: Academy, 2009.

Organizational and managerial measures are a decisive link in the formation and implementation of comprehensive information protection in the activities of internal affairs bodies.

When processing or storing information, internal affairs bodies within the framework of protection against unauthorized access are recommended to carry out the following organizational measures: identifying confidential information and documenting it in the form of a list of information to be protected; determination of the procedure for establishing the level of authority of the subject of access, as well as the circle of persons to whom this right is granted; establishing and formalizing access control rules, i.e. a set of rules governing the rights of access of subjects to objects of protection; familiarization of the subject of access with the list of protected information and its level of authority, as well as with the organizational, administrative and working documentation that determines the requirements and procedure for processing confidential information; receipt from the access object of a non-disclosure receipt of confidential information entrusted to it.

In accordance with the Law Russian Federation"On the Police", the competence of the Ministry of Internal Affairs of Russia includes the functions of forming nationwide reference and information funds for operational and forensic accounting. The performance of these functions is carried out by the information and technical units of the services of the Ministry of Internal Affairs of Russia in cooperation with the units of the criminal police, the public security police, penitentiary institutions, other law enforcement agencies, government agencies and organizations in charge of public security issues, as well as law enforcement agencies (police) of other states.

Information interaction in the field of combating crime is carried out within the framework of the laws of the Russian Federation "On operational-search activities", "On security", "On records and accounting activities in law enforcement agencies", the current criminal and criminal procedural legislation, international agreements of the Ministry of Internal Affairs of Russia in the sphere of information exchange, Regulations on the Ministry of Internal Affairs of Russia, orders of the Minister of Internal Affairs of Russia.

Studies have shown that the conceptual provisions for ensuring the information security of law enforcement agencies should include requirements for the transition to a single regulatory framework that regulates the processes of using information in the fight against crime. At the same time, in the system of the Ministry of Internal Affairs, instead of a large group of departmental acts, it is proposed to introduce three groups of legal documents on information support: sectoral, general use; branch, along the lines of services; regulatory and legal documentation of the local level of government on local applied problems information support territorial body of internal affairs.

2. The concept and goals of conducting special inspections of informatization objects; the main stages of the audit

Informatization object - a set of informatization tools together with the premises in which they are installed, designed for processing and transmitting protected information, as well as dedicated premises Partyka T. L., Popov I. I. Information security - M .: Forum, 2012.

Means of informatization - means computer science and communications, office equipment designed to collect, accumulate, store, search, process data and issue information to the consumer.

Computer facilities - electronic computers and complexes, personal electronic computers, including software, peripheral equipment, data teleprocessing devices.

A computer technology object (CT) is a stationary or mobile object, which is a complex of computer technology tools designed to perform certain information processing functions. The objects of computer technology include automated systems (AS), automated workplaces (AWP), information and computing centers (ICC) and other complexes of computer equipment.

The objects of computer technology can also include individual computer equipment that perform independent functions of information processing.

Dedicated room (VP) - a special room designed for meetings, meetings, conversations and other speech events on secret or confidential issues.

Events of a speech nature can be held in allocated premises with the use of technical means of processing speech information (TSOTI) and without them.

Technical Information Processing Tool (ITP) is a technical tool designed to receive, store, search, convert, display and/or transmit information via communication channels.

TSOI includes computer equipment, means and systems of communication, means of recording, amplifying and reproducing sound, intercom and television devices, means of producing and reproducing documents, film projection equipment and other technical means associated with the reception, accumulation, storage, search, transformation, display and/or transmission of information via communication channels.

Automated system (AC) - a set of software and hardware designed to automate various processes associated with human activities. At the same time, a person is a link in the system.

A special check is a check of a technical means of information processing carried out in order to search for and withdraw special electronic embedding devices (hardware embeddings).

Certificate of the object of protection - a document issued by the certification body or other specially authorized body confirming the presence of the necessary and sufficient conditions at the object of protection to fulfill the established requirements and standards for the effectiveness of information protection.

Separate premises certificate - a document issued by the attestation (certification) body or another specially authorized body, confirming the existence of the necessary conditions to ensure reliable acoustic protection of the allocated premises in accordance with established norms and rules.

Instruction for operation - a document containing requirements for ensuring the security of a technical means of processing information during its operation.

The certification test program is a mandatory, organizational and methodological document that establishes the object and objectives of the test, the types, sequence and scope of the experiments, the procedure, conditions, place and timing of the tests, provision and reporting on them, as well as responsibility for ensuring and conducting tests.

The certification test methodology is a mandatory, organizational methodological document, including a test method, test tools and conditions, sampling, and an algorithm for performing operations. By determining one or more interrelated characteristics of the security of the object of the data presentation form and evaluating the accuracy and reliability of the results.

Certificate of certification tests - a document containing the necessary information about the test object, the methods used, means and test conditions, as well as the conclusion on the test results, drawn up in the prescribed manner.

Basic technical means and systems (OTSS) - technical means and systems, as well as their communications, used for processing, storing and transmitting confidential (secret) information.

OTSS may include means and systems of informatization (computer equipment, automated systems of various levels and purposes based on computer equipment, including information and computer systems, networks and systems, means and systems of communication and data transmission), technical means of receiving, transmission and processing of information (telephony, sound recording, sound amplification, sound reproduction, intercom and television devices, means of manufacturing, replicating documents and other technical means of processing speech, graphic video, semantic and alphanumeric information) used to process confidential (secret) information.

Auxiliary technical means and systems (VTSS) - technical means and systems not intended for the transmission, processing and storage of confidential information, installed jointly with OTSS or in dedicated premises.

These include:

Various kinds of telephone facilities and systems;

Means and systems of data transmission in the radio communication system;

Means and systems of security and fire alarms;

Means and systems of warning and signaling;

Control and measuring equipment;

Facilities and air conditioning systems;

Means and systems of a wired radio broadcasting network and reception of radio broadcasting and television programs (subscriber loudspeakers, broadcasting systems, televisions and radio receivers, etc.);

Means of electronic office equipment Velichko M.Yu. Information security in the activities of internal affairs bodies. - M.: Publishing house INION RAN, 2007.

Based on the results of certification tests in various areas and components, Test Reports are drawn up. Based on the protocols, a Conclusion is adopted based on the results of certification with a brief assessment of the compliance of the informatization object with information security requirements, a conclusion on the possibility of issuing a "Certificate of Compliance" and the necessary recommendations. If the informatization object complies with the established information security requirements, a Compliance Certificate is issued for it.

Recertification of the object of informatization is carried out in the case when changes were made to the recently certified object. Such changes may include:

Changing the location of OTSS or VTSS;

Replacing OTSS or VTSS with others;

Replacement of technical means of information protection;

Changes in the installation and laying of low-voltage and solo cable lines;

Unauthorized opening of sealed OTSS or VTSS cases;

Production of repair and construction works in allocated premises, etc. Partyka T. L., Popov I. I. Information security - M .: Forum, 2012.

If it is necessary to re-certify the object of informatization, re-certification is carried out, according to a simplified program. Simplifications consist in the fact that only elements that have undergone changes are tested.

3. Hardware and firmware data cryptoprotection

Any computer system (CS) uses standard and specialized equipment and software that performs a certain set of functions: user authentication, access control to information, ensuring the integrity of information and its protection from destruction, encryption and digital signature, etc. information security cryptoprotection

Integrity and restriction of access to information are provided by specialized system components that use cryptographic protection methods. In order for a computer system to be fully trusted, it must be certified, namely:

- determine the set of functions performed;

- prove the finiteness of this set;

- determine the properties of all functions Gafner V. V. Information security - Rostov-on-Don: Phoenix, 2010 .

Note that during the operation of the system, it is impossible for the appearance of new feature, including as a result of the execution of any combination of functions specified during development. Here we will not dwell on the specific composition of the functions, since they are listed in the relevant guidance documents of the Federal Agency for Government Communications and Information (FAPSI) and the State Technical Commission (STC) of Russia.

When using the system, its functionality should not be violated, in other words, it is necessary to ensure the integrity of the system at the time of its launch and during operation.

The reliability of information protection in a computer system is determined by:

- a specific list and properties of the CS functions;

- methods used in CS functions;

- a way to implement the functions of the COP.

The list of functions used corresponds to the security class assigned to the COP during the certification process, and is basically the same for systems of the same class. Therefore, when considering a specific CS, attention should be paid to the methods used and the method of implementing the most important functions: authentication and checking the integrity of the system. Here, preference should be given to cryptographic methods: encryption (GOST 28147-89), electronic digital signature(GOSTR 34.10-94) and hashing functions (GOSTR 34.11-94), the reliability of which is confirmed by the relevant government organizations.

Most of the functions of modern CSs are implemented in the form of programs, maintaining the integrity of which during system startup and especially during operation is a difficult task. A significant number of users, to one degree or another, have knowledge in programming, are aware of errors in the construction operating systems. Therefore, there is a fairly high probability that they will use their existing knowledge to "attack" the software.

First of all, encoders of the pre-computer era should be attributed to hardware CIPF to preserve historical justice. These are the tablet of Aeneas, the cipher disk of Alberti, and, finally, disk cipher machines. The most prominent representative of disk cipher machines was the World War II Enigma cipher. Modern CIPF cannot be strictly classified as hardware, it would be more correct to call them hardware-software, however, since their software part is not controlled by the OS, they are often called hardware in the literature. The main feature of hardware CIPF is the hardware implementation (due to the creation and use of specialized processors) of the main cryptographic functions - cryptographic transformations, key management, cryptographic protocols, etc.

Hardware-software means of cryptographic information protection combine flexibility software solution with the reliability of the hardware Velichko M.Yu. Information security in the activities of internal affairs bodies. - M.: Publishing house INION RAN, 2007. At the same time, due to the flexible software shell, you can quickly change user interface, the final functions of the product, to make its final adjustment; and the hardware component makes it possible to protect the algorithm of the cryptographic primitive from modification, to ensure high security of the key material and often a higher speed of operation.

Here are some examples of hardware-software CIPF:

The use of hardware removes the problem of ensuring the integrity of the system. Most modern systems protection against unauthorized access, sewing is applied software in ROM or similar chip. Thus, in order to make changes to the software, it is necessary to access the corresponding board and replace the chip. In the case of using a universal processor, the implementation of such actions will require the use of special equipment, which will make the attack even more difficult. The use of a specialized processor with the implementation of the operation algorithm in the form integrated circuit completely removes the problem of violating the integrity of this algorithm.

In practice, often the user authentication functions, integrity checks, cryptographic functions that form the core of the security system are implemented in hardware, all other functions are implemented in software.

Conclusion

Threat - a set of conditions and factors that create a potential or real danger of violating the confidentiality, availability and (or) integrity of information.

If we talk about threats of an information technology nature, we can distinguish such elements as information theft, malware, hacker attacks, SPAM, employee negligence, hardware and software failures, financial fraud, equipment theft.

According to the statistics in relation to these threats, the following data can be cited (based on the results of studies conducted in Russia by InfoWath): Information theft - 64%, Malicious software - 60%, Hacker attacks - 48%, Spam - 45%, Employee negligence - 43 %, Hardware and software failures - 21%, Equipment theft - 6%, Financial fraud - 5%.

As can be seen from the above data, information theft and malware are the most common.

Knowledge of the main methods of committing and preventing computer crimes, methods of combating computer viruses, as well as modern methods information protection is necessary to develop a set of measures to ensure the protection of automated information systems of internal affairs bodies.

All this will contribute to increasing the efficiency of the activities of the internal affairs bodies as a whole.

Listliterature

1. Velichko M.Yu. Information security in the activities of internal affairs bodies. - M.: Izd-vo INION RAN, 2007. - 130 p.

2. Gafner V. V. Information security - Rostov-on-Don: Phoenix, 2010 - 336 p.

3. Gorokhov P. K. Information security. - M.: Radio and communication, 2012 - 224 p.

4. Comprehensive technical control of the effectiveness of security measures of control systems in internal affairs bodies // Ed. Chekalina A. - M.: Hot Line - Telecom, 2006 - 528 p.

5. Partyka T. L., Popov I. I. Information security - M.: Forum, 2012 - 432 p.

6. Rastorguev S. P. Fundamentals of information security - M.: Academy, 2009 - 192 p.

7. Smirnov A. A. Ensuring information security in the conditions of society virtualization. - M.: Unity-Dana, 2012 - 160 p.

8. Teplyakov A. A., Orlov A. V. Fundamentals of security and reliability of information systems - Minsk: Academy of Management under the President of the Republic of Belarus, 2010 - 310 p.

Hosted on Allbest.ru

...

Introduction

National security is the state of protection of the vital interests of the individual, society and the state from internal and external threats.

Vital interests - a set of needs, the satisfaction of which reliably ensures the existence and possibilities for the progressive development of the individual, society and the state.

Threat to security - a set of conditions and factors that create a danger to the vital interests of the individual, society and the state.

Ensuring security is a unified state policy, a system of measures of an economic, political, law-making (other) nature, adequate to threats to the vital interests of the individual, society and the state.

Security protection - direct impact on the object of protection.

Security protection - a set of security measures provision and protection.

Information security is the state of protection of the national interests of the country (the national interests of the country are vital interests based on a balanced basis) in the information sphere from internal and external threats.

That is why information security issues are relevant especially in recent times.

The purpose and objectives of the work is a detailed study of certain aspects of information security.

1 Types and content of information security threats

Sources of threats to information security of the Russian Federation are divided into external and internal. TO external sources relate:

activities of foreign political, economic, military, intelligence and information structures directed against the interests of the Russian Federation in the information sphere;
the desire of a number of countries to dominate and infringe on Russia's interests in the global information space, to oust it from the external and internal information markets;
aggravation of international competition for the possession of information technologies and resources;
activities of international terrorist organizations;
increasing the technological gap between the leading powers of the world and building up their capabilities to counteract the creation of competitive Russian information technologies;
activities of space, air, sea and ground technical and other means (types) of reconnaissance of foreign states;
development by a number of states of concepts information wars providing for the creation of means of dangerous influence on the information spheres of other countries of the world, violation normal functioning information and telecommunication systems, the safety of information resources, obtaining unauthorized access to them 1 .

Internal sources include:

the critical state of domestic industries;
unfavorable criminogenic situation, accompanied by trends in the merging of state and criminal structures in the information sphere, obtaining access to confidential information by criminal structures, strengthening the influence of organized crime on the life of society, reducing the degree of protection of the legitimate interests of citizens, society and the state in the information sphere;
insufficient coordination of activities federal bodies state authorities, state authorities of the constituent entities of the Russian Federation on the formation and implementation of a unified state policy in the field of ensuring information security of the Russian Federation;
insufficient development of the regulatory legal framework governing relations in the information sphere, as well as insufficient law enforcement practice;
underdevelopment of civil society institutions and insufficient state control over the development of the information market in Russia;
insufficient funding of measures to ensure the information security of the Russian Federation;
insufficient economic power of the state;
decrease in the efficiency of the education and upbringing system, insufficient number of qualified personnel in the field of information security;
insufficient activity of federal state authorities, state authorities of the constituent entities of the Russian Federation in informing the public about their activities, in explaining the decisions made, in the formation of open state resources and the development of a system for citizens to access them;
lagging behind Russia from the leading countries of the world in terms of the level of informatization of federal state authorities, state authorities of the constituent entities of the Russian Federation and local governments, the credit and financial sector, industry, agriculture, education, healthcare, services and everyday life of citizens 2 .

2 Technical implementation of the ATS information security concept

The information used by the internal affairs bodies contains information about the state of crime and public order in the service area, about the bodies and units themselves, their forces and means. In duty units, police officers, district police inspectors, investigators, employees of forensic departments, passport and visa machines, and other departments, on primary accounting documents, in accounting journals and on other media, data arrays of operational-search and operational-reference purposes are accumulated, which contains information:

about offenders and criminals;
about the owners of motor vehicles;
about owners of firearms;
about events and facts of a criminal nature, offenses;
about stolen and seized things, antiques;
as well as other information to be stored.

Services and divisions of internal affairs bodies are characterized by the following data:

about the forces and means available to the body;
about the results of their activities.

The information listed above is used in organizing the work of units and taking practical measures to combat crime and offenses.

In the information support of the internal affairs bodies, the central place is occupied by records that are used to register primary information about crimes and the persons who committed them.

Accounting it is a system for recording and storing information about the perpetrators of crimes, about the crimes themselves and related facts and objects.

Accounting for crimes under the jurisdiction of the Ministry of Internal Affairs of Russia covers 95% of criminal manifestations and gives a fairly complete picture of the operational situation in the country and its regions.

In general, in Russia in recent years, with the help of information contained in the records, from 19 to 23% of the crimes committed, or almost one in four of the total number in the line of criminal investigation, are revealed.

In the USSR in 1961, the Instruction on Accounting in the Internal Affairs Bodies was introduced. Under the Ministry of Internal Affairs of the USSR in 1971, the Main Scientific Information Center for Information Management (GNITsUI) was created, later renamed the Main Information Center (GIC), and information centers (ICs) were created in the Ministry of Internal Affairs, ATC.

The main information center is the largest bank of operational reference and search information in the system of the Ministry of Internal Affairs of Russia. It is entrusted with the task of providing the bodies and institutions of internal affairs with various information - statistical, search, operational and reference, forensic, production and economic, scientific and technical, archival. These are unique, multi-profile centralized information arrays, totaling about 50 million accounting documents.

More than 25 million registration documents are concentrated in the surname operational and reference file for convicted persons, and in the fingerprint file 17 million, the SIC has a unique database on machine media containing statistical reports of the Ministry of Internal Affairs, Central Internal Affairs Directorate, Internal Affairs Directorate, UVTD in 50 forms for the period from 1981 to 1992 and retrospective to 1974 3 .

Information centers of the Ministry of Internal Affairs, the Department of Internal Affairs are the most important link in the system of information support of the internal affairs bodies of the Russian Federation. They bear the main burden in providing information support to the internal affairs bodies in the detection and investigation of crimes, the search for criminals.

Information centers are the head units in the system of the Ministry of Internal Affairs, Internal Affairs, UVTD in the field of informatization: providing statistical, operational-reference, operational-search, forensic, archival and other information, as well as computerization and the construction of regional information and computer networks and integrated databanks. Information centers carry out their duties in close cooperation with the subdivisions of the apparatus of the Ministry of Internal Affairs, the Internal Affairs Directorate, the UVTD and city railroad authorities, as well as the SIC of the Ministry of Internal Affairs of Russia.

With the help of records, information is obtained that helps in the detection, investigation and prevention of crimes, the search for criminals, the identification of unknown citizens and the ownership of seized property. They are formed in city railinorgans, Information Center of the Ministry of Internal Affairs, Central Internal Affairs Directorate, Department of Internal Affairs according to the territorial (regional) principle and form federal records of the State Information Center of the Ministry of Internal Affairs of Russia. In addition, records are available in passport machines.

Along with the records in the internal affairs bodies, forensic centralized collections and file cabinets are maintained, which are created and stored in the forensic centers (EKC) of the Ministry of Internal Affairs of Russia (federal) and forensic departments (ECU) of the Ministry of Internal Affairs, Central Internal Affairs Directorate, Internal Affairs Directorate (regional). The collections and file cabinets of the ECU and ECC are focused primarily on ensuring the disclosure and investigation of crimes.

Operational reference, search and forensic information accumulated in records, collections and file cabinets is called criminal.

Accounts are classified according to functional and object features.

Functionally, records are divided into three groups: operational reference, search, forensic.

On the basis of an object, records are divided into persons, crimes (offences), objects.

The main operational-reference and search information is formed in the city railinorgans. Part of it settles in place, while the other is sent to the IC and GIC to form a single data bank.

Information base The system of the Ministry of Internal Affairs is built on the principle of centralization of records. It consists of operational-reference, search and forensic records and file cabinets, concentrated in the State Information Center of the Ministry of Internal Affairs of Russia and the Information Center of the Ministry of Internal Affairs, Internal Affairs Directorate, Department of Internal Affairs, and local records of city railing authorities. In general, their arrays are estimated at about 250-300 million accounting documents.

Centralized operational reference, forensic and search records have the following information about Russian citizens, foreigners and stateless persons:

criminal record, place and time of serving the sentence, date and grounds for release;
transfer of convicts;
death in places of deprivation of liberty, change of sentence, amnesty, criminal case number;
place of residence and place of work before conviction;
detention for vagrancy;
blood type and dactyl formula of convicts.

Fingerprint recording allows you to identify criminals, arrested, detained, as well as unknown patients and unidentified corpses. Fingerprint file cabinets include 18 million fingerprint cards. They receive over 600,000 inquiries, for which about 100,000 recommendations are issued. The information of the file cabinets contributed to the disclosure of crimes or the identification of a person in 10 thousand cases. Currently, these are predominantly manual filing cabinets. 4 .

The records of the internal affairs bodies, depending on the method of processing information, are divided into three types: manual, mechanized, automated.

Automated accounting consists of a number of automated information retrieval systems (AIPS). The accumulation and processing of criminal information with the help of AIPS is carried out in regional banks of criminal information (RBKI).

In accordance with the new tasks of the State Information Center of the Ministry of Internal Affairs of Russia, in November 2004 it was transformed into the Main Information and Analytical Center of the Ministry of Internal Affairs of Russia. In the system of internal affairs bodies, the Main Information and Analytical Center (GIAC) of the Ministry of Internal Affairs of Russia is the head organization in the following areas:

information support with statistical, operational reference, search, forensic, archival and scientific and technical information;
operational-analytical and information support of operational-search activities, as well as information interaction for the exchange of operational information with other subjects of operational-search activities;
planning, coordination and control of the processes of creation, implementation, use, development in the system of the Ministry of Internal Affairs of Russia of modern information technologies, automated information systems for general use and operational-investigative nature, integrated public data banks, computer equipment and system software for them;
maintenance and development of the Unified system of classification and coding of technical, economic and social information.

The main tasks of the SIAC of the Ministry of Internal Affairs of Russia are:

providing the leadership of the Ministry, subdivisions of the system of the Ministry of Internal Affairs of Russia, state authorities of the Russian Federation, law enforcement agencies of other states with statistical information on the state of crime and the results of the operational activities of the internal affairs bodies, as well as operational and reference, search, forensic, archival, scientific and technical and other information;
formation in the internal affairs bodies unified system statistical, operational reference, search, forensic records, automated data banks of centralized records, all-Russian and industry classifiers of technical, economic and social information;
creation, implementation and development of modern information technologies in the system of the Ministry of Internal Affairs of Russia in order to increase the efficiency of the use of records by internal affairs bodies;
monitoring the activities of the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate of the constituent entities of the Russian Federation, the Department of Internal Affairs in terms of the timeliness of submission, completeness and reliability of informationin statistical, operational-reference, search, forensic, operational and other records, the maintenance of which is referred to the competence of the information departments of the internal affairs bodies;
pursuing a unified scientific and technical policy as part of the development of the information and computing system of the Ministry of Internal Affairs of Russia;
coordination and provision of activities for the execution in the internal affairs bodies and internal troops of the Ministry of Internal Affairs of Russia of the legislation of the Russian Federation on archives and on the rehabilitation of citizens subjected to administrative political repression;
organizational and methodological guidance and practical assistance to the subdivisions of the system of the Ministry of Internal Affairs of Russia, the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate of the constituent entities of the Russian Federation on issues within the competence of the SIAC.

To implement the assigned tasks, the SIAC of the Ministry of Internal Affairs of Russia carries out:

formation and maintenance of centralized operational reference, search and forensic records, automated data banks of centralized records, Interstate Information Bank within the framework of agreements between law enforcement agencies; databases of statistical information on the state of crime and the results of the fight against it;
collection, accounting and analysis operational information; information and analytical support of the operational-search activities of the operational units of the Ministry of Internal Affairs of Russia. Providing operational and analytical materials to the leadership of the Ministry and operational units of the Ministry of Internal Affairs of Russia;
formation and maintenance of records of persons declared on the federal and interstate wanted list, preparation and distribution to the internal affairs bodies of the Russian Federation and other states in the prescribed manner of materials on the announcement and termination of the search, bulletins of operational-search information and collections of orientations;
establishing, at the request of the NCB Interpol under the Ministry of Internal Affairs of Russia, the Ministry of Foreign Affairs of Russia, the Central Committee of the Russian Red Cross Society, the location (fate) of foreign citizens (subjects) and stateless persons arrested and convicted on the territory of Russia and the states of the former USSR;
formation and maintenance of a data bank of the system of scientific and technical information of the Ministry of Internal Affairs of Russia on the experience of the internal affairs bodies of the Russian Federation and law enforcement agencies of other states; issuance of this information in accordance with the established procedure at the request of units of the system of the Ministry of Internal Affairs of Russia;
formation and maintenance of a fund of all-Russian classifiers of technical and economic information regarding the Ministry of Internal Affairs of Russia, development and registration of sectoral and intra-system classifiers operating in the internal affairs bodies;
reception, accounting, preservation and use in the prescribed manner of archival documents of the departments of the Ministry of Internal Affairs of Russia and internal affairs bodies;
analysis of the processes of formation and use of statistical, operational-reference, investigative, forensic records of internal affairs bodies, creation, implementation, development of modern information technologies in the system of the Ministry of Internal Affairs of Russia, provision of information and analytical materials to the leadership of the Ministry and departments of the Ministry of Internal Affairs of Russia.

The structure of the Main Information and Analytical Center of the Ministry of Internal Affairs of Russia includes:

Center for Statistical Information;
Crime Information Center;
Operational and reference center;
Center for Investigative Information;
Center for Information Technologies and Systems of Internal Affairs Bodies;
Computing center;
Center for Rehabilitation of Victims of Political Repressions and Archival Information;
Department of Scientific and Technical Information;
Department of documentation support and secrecy regime;
Organizational and methodological department;
Human Resources Department;
Financial and Economic Department;
Second department (special communications);
Fifth department (information interaction with the CIS FSO of Russia);
Logistics Department;
legal group.

All operational and preventive measures and the vast majority of operational and search activities carried out in the internal affairs bodies are provided with information support provided by the SIAC and IC.

The role of information departments is growing from year to year, as evidenced by the following facts. If in 1976 with the help of our records 4% of the total number of solved crimes were solved, in 1996 25%, in 1999 43%, in 2002 60%, then for 2009 over 70% 5 .

Today, the GIAC carries out fully automated collection and compilation of statistical information. The information is summarized for Russia as a whole, for federal districts and subjects of the Russian Federation. The GIAC automated database of statistical indicators contains information starting from 1970.

In the SIAC and information centers of the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate, public data banks have been deployed, and a standard integrated data bank of the regional level has been introduced.

At the regional and federal levels, a set of measures has been implemented to equip all information centers of the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate and the SIAC with standard software and hardware systems.

The centralized equipping of the regions with modern information processing complexes made it possible to purposefully carry out measures to integrate open information resources at the regional and federal levels.

Completed work on the creation of an integrated data bank at the federal level. It combined the resources of 9 existing systems (“Card file”, “ABD-Center”, “ASV-RIF” and “Criminal-Foreigner”, “Antiques”, “FR-Alert”, “Weapon”, “Auto search” and “Dossier- scammer"). This made it possible, at one request, for operatives, investigators and interrogators to receive information in the form of a “dossier” available in the automated records of the SIAC and increase the effectiveness of assistance in solving crimes.

The integrated bank at the federal level systematizes information about issued, lost, stolen passports (blank passports) of citizens of the Russian Federation; about foreign citizens staying and residing (temporarily and permanently) in the Russian Federation; about registered vehicles.

A phased interaction of the Federal Automated Fingerprint System "ADIS-GIC" with similar interregional systems of federal districts, regional systems of information centers and the NCB of Interpol is being carried out. Ability to obtain fingerprint information in electronic format allows you to quickly identify the identity of suspects, increase the efficiency of detection and investigation of crimes.

On the basis of the SIAC of the Ministry of Internal Affairs of Russia, an interdepartmental automated system for maintaining the Register of the Federal Integrated Information Fund has been created, which provides for the integration of information resources and information exchange ministries and departments (Ministry of Internal Affairs, FSB, Ministry of Finance, Ministry of Justice, Prosecutor General's Office, Supreme Court of the Russian Federation, etc.).

Using the mode of direct access to the data bank (within 7-10 minutes without breaking the communication line) and the pending request mode (within 1 hour using Email) will greatly facilitate the work of employees of operational services, investigation and inquiry units, and other law enforcement agencies.

The total number of users who are provided with access to automated centralized records of the vertical “Main Information and Analytical Center information centers of the Ministry of Internal Affairs, Central Internal Affairs Directorate, Internal Affairs Directorate” is more than 30 thousand. More than a third of them are users at the level of the GROVD and departments (departments) of the police.

For information support of the operational and service activities of bodies, divisions and institutions of internal affairs, the educational process and scientific activities of research and higher educational institutions of the Ministry of Internal Affairs of Russia, the Data Bank of the Scientific and Technical Information System (DB SNTI) of the Ministry of Internal Affairs of Russia was created in the SIAC. The SNTI database contains materials on the experience of the internal affairs bodies of Russia, the activities of law enforcement agencies of foreign countries, as well as information on the results of research and development work and dissertations carried out in the system of the Ministry of Internal Affairs of Russia.

The most effective means of increasing the availability and ease of obtaining information, bringing it to the consumer is the data bank of the scientific and technical information system (DB SNTI) of the Ministry of Internal Affairs of Russia.

The SNTI data bank of the Ministry of Internal Affairs of the Russian Federation is intended to provide information to employees of bodies and institutions of the Ministry of Internal Affairs of Russia with information about the experience of the internal affairs bodies of Russia, the activities of law enforcement agencies of foreign countries and the results of scientific research conducted in the system of the Ministry of Internal Affairs of Russia.

Structurally, the data bank consists of three sections:

domestic experience express information, bulletins, guidelines, analytical reviews, criminological forecasts;
foreign experience information publications, translations of foreign journal articles, reports on business trips abroad and other materials on the activities of law enforcement agencies of foreign countries;
scientific research reporting documents on research and development work, abstracts of defended dissertations prepared by employees of research and higher educational institutions of the Ministry of Internal Affairs of Russia.

As of January 1, 2010, the SNTI database contains over 5 thousand materials, of which 30% is about the experience of the Russian internal affairs department, 38% is about foreign law enforcement activities, and 32% is scientific research.

The data bank is installed at the communication node of the GIAC as part of the backbone data transmission network (MSTN) of the Ministry of Internal Affairs of Russia. All employees of the Ministry of Internal Affairs of Russia, the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate of the constituent entities of the Russian Federation, the Department of Internal Affairs, research and educational institutions that are subscribers of the GIAC node can directly access the SNTI database.

It is also possible to select materials in the pending request mode for all ISMT subscribers of the Ministry of Internal Affairs of Russia.

Along with the growing use of the SNTI database at the SIAC communication node in 65 regions of the Russian Federation, regional data banks of scientific and technical information have been created and are being formed on the basis of information arrays of the SNTI database 6 .

Services, departments and city district authorities have access to regional NTI data banks. In a number of regions (Republic of Sakha (Yakutia), Krasnodar region, Magadan region, etc.), occupying a significant territory, sub-regional NTI data banks are organized in remote cities. Information arrays for them are regularly replicated and distributed on CDs.

The creation and development of regional NTI data banks is one of the promising ways to solve the problem of bringing information to practical workers of territorial internal affairs bodies.

Together with interested departments and divisions of the Ministry of Internal Affairs of Russia, work is underway to create a Central Data Bank for the registration of foreign citizens and stateless persons temporarily staying and residing in the Russian Federation.

conclusions

The main directions of protection of the information sphere.

1. Protection of the interests of the individual, society and the state from the impact of harmful, poor-quality information. Such protection is provided by institutions: mass media, documented and other information.

2. Protection of information, information resources and information system from unlawful influence in various situations. This protection is provided by:

Institute of State Secrets;

personal data.

3. Protection of information rights and freedoms (Intellectual Property Institute).

The main task of information security is to ensure a balance of interests of society, the state and the individual. This balance should be adequate to the security goals of the country as a whole. Ensuring information security should be focused on the specifics of the information environment, determined by the social structure.

The focus of information security should be on the information environment of public authorities.

In the context of the globalization process, it is necessary to ensure a constant analysis of changes in the policy and legislation of other countries.

The last task is to take into account the fulfillment of factors in the process of expanding the legal attention of the Russian Federation in the peaceful information space, including cooperation within the CIS, and the practice of using the Internet.

List of used literature

Constitution of the Russian Federation. 1993

The concept of national security of the Russian Federation (as amended by Decree of the President of the Russian Federation of January 10, 2000 No. 24).

Doctrine of information security of the Russian Federation (approved by the President of the Russian Federation on September 9, 2000 No. Pr-1895).

Law of the Russian Federation of July 27, 2006 No. 149-FZ "On Information, Information Technologies and Information Protection".

E. Bot, K. Sichert. Windows Security. St. Petersburg: Peter, 2006.

Dvoryankin S.V. Information confrontation in the law enforcement sphere / In the collection: “Russia, XXI century anti-terror”. M.: "BIZON-95ST", 2000.

Karetnikov M.K. On the content of the concept "Information security of the internal affairs bodies" / In the collection: " international Conference"Informatization of law enforcement systems". M.: Academy of Management of the Ministry of Internal Affairs of Russia, 1998.

Nikiforov S.V. Introduction to network technologies. M.: Finance and statistics, 2005. 224c.

Torokin A.A. Engineering and technical protection of information: Tutorial. M.: "Helios ARV", 2005.

1 Beloglazov E.G. and others. Fundamentals of information security of internal affairs bodies: Textbook. M.: Moscow State University of the Ministry of Internal Affairs of Russia, 2005.

2 Yarochkin V.I. Information security: A textbook for university students. M.: Academic Project; Gaudeamus, 2007.

3 Karetnikov M.K. On the content of the concept "Information security of the internal affairs bodies" / In: "International conference "Informatization of law enforcement systems". M.: Academy of Management of the Ministry of Internal Affairs of Russia, 1998.

4 Dvoryankin S.V. Information confrontation in the law enforcement sphere / In: "Russia, XXI century anti-terror". M.: "BIZON-95ST", 2000.

5 Zhuravlenko N.I., Kadulin V.E., Borzunov K.K. Fundamentals of Information Security: Textbook. M.: Moscow State University of the Ministry of Internal Affairs of Russia. 2007.

6 Zhuravlenko N.I., Kadulin V.E., Borzunov K.K. Fundamentals of Information Security: Textbook. M.: Moscow State University of the Ministry of Internal Affairs of Russia. 2007.

480 rub. | 150 UAH | $7.5 ", MOUSEOFF, FGCOLOR, "#FFFFCC",BGCOLOR, "#393939");" onMouseOut="return nd();"> Thesis - 480 rubles, shipping 10 minutes 24 hours a day, seven days a week and holidays

Shvetsov Andrey Vladimirovich Protection of information in the field of official secrets in the activities of the Department of Internal Affairs: 05.13.19 Shvetsov, Andrey Vladimirovich Protection of information in the field of official secrets in the activities of the Department of Internal Affairs (Legal Aspect): Dis.... kand. ... cand. legal Sciences: 05.13.19 Voronezh, 2005 189 p. RSL OD, 61:06-12/185

Introduction

CHAPTER 1. Characteristics of confidential information of an official nature

1.1. The concept of confidential information of an official nature 13

1.2. Relationship between official secrets and other types of secrets 31

1.3. Peculiarities legal protection official secrets 59

CHAPTER 2 Legal measures for the protection of official secrets in the activities of internal affairs bodies

2.1. Disciplinary measures to protect official secrets 80

2.2. Civil Law Measures to Protect Official Secrets 100

2.3. Administrative and legal protection of official secrets 118

2.4. Protection of official secrets by the norms of criminal law 140

Conclusion 163

List of used literature

Introduction to work

Relevance of the research topic. IN Currently, Russia and the entire world community is on the wave of an information boom. As international practice and the current situation in Russia testify, the legal unregulated processes of information exchange lead to the fact that information that has limited access becomes publicly available. This causes serious damage not only to individual citizens and organizations, but also to the security of the entire state. In this regard, the President of the Russian Federation approved the "Information Security Doctrine of the Russian Federation" 1 , which today is the legal foundation for the formation of state policy in the information sphere, and its implementation is becoming one of the important tasks in ensuring national security and law and order in country.

It should be noted that the main burden of responsibility for ensuring information security falls on the system of executive authorities, and in certain areas specifically on the internal affairs bodies.

It is no secret that the activities of the internal affairs bodies are largely associated with the receipt and use of information limited access, the disclosure of which may lead to a violation of the constitutional rights of citizens, as well as a decrease in the effectiveness of law enforcement agencies in preventing, detecting and investigating crimes.

In the process of carrying out their activities, employees of the internal affairs bodies receive information about the mode and nature of the operation of enterprises located in the service area, information relating to the personal life of citizens, as well as other information (for example, of an official nature). This information, as well as information about individual

"RG, 09/28/2000, No. 187.

4 The methods, methods and results of the work of the internal affairs bodies constitute an official secret. The disclosure of such information, as well as the leakage of information about the measures planned and carried out by the internal affairs bodies for the protection of public order and the fight against crime, disrupts their normal activities and significantly reduces their effectiveness.

The ability to keep confidential information of an official nature is the most important professional quality of employees of the internal affairs bodies, necessary for the successful fulfillment of their tasks. At the same time, the manifestation of high vigilance is considered a legal obligation of employees of the internal affairs bodies, enshrined in legislative and departmental regulations. However, some employees often underestimate the danger of leaking such information. They show carelessness bordering on criminal negligence when handling official documents, which often leads to their loss and disclosure of official information.

Today, the Ministry of Internal Affairs of Russia attaches great importance to measures to protect proprietary information. However, all the existing shortcomings in the work of police officers, as well as the lack of the necessary legal framework that would ensure proper protection of confidential information of an official nature, do not allow the implementation of a mechanism for eliminating existing violations and bringing the perpetrators to justice. And this is at a time when the priority areas for the development of information support for the system of the Ministry of Internal Affairs of Russia, where it is necessary to apply measures to protect confidential information of an official nature, are:

Development of unified legal, methodological, software and technical and technological approaches in the organization of information support for internal affairs bodies;

2 Order of the Ministry of Internal Affairs of the Russian Federation of June 13, 2002 No. 562 "On Approval of the Concept for the Development of the Information and Computing System of the Ministry of Internal Affairs of the Russian Federation for 2002-2006" // Reference system "Garant". October 2005 update

formation of integrated data banks for collective use of operational-search and reference information based on modern computer technology with the organization of quick (no more than one minute) access to them by employees directly from their workplaces;

creation of a single technological scheme local computer networks in the services and divisions of the internal affairs bodies with their integration into regional information and computer networks.

The specialists of the Ministry of Internal Affairs of the Russian Federation were tasked with completing the formation of a unified methodology for collecting, processing, storing and protecting information for operational-search, reference, forensic and statistical purposes within the shortest period of time, and gradually introduce new methods of working with information. By 2006, complete the transition to paperless technologies for collecting, processing, storing and transmitting official information, provide remote access to databases and public data banks, as well as to federal records from terminals installed in the bodies and divisions of the Ministry of Internal Affairs of Russia, create a unified departmental information network .

The plans of the Ministry of Internal Affairs of the Russian Federation include: development of new and improvement of existing standard software and hardware solutions for computerization of the system of the Ministry of Internal Affairs of Russia; completion of the technical re-equipment of the information centers of the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate; equipping the city railing departments of internal affairs modern means computer technology; creation of a unified automated technology for processing surname and fingerprint cards of the federal and regional levels; putting into operation a federal integrated data bank of a surname file and operational-search records; ensuring, if necessary, the output of automated information systems of internal affairs bodies to external automated information systems.

Considering the foregoing, conducting an independent scientific study on the development and improvement of legal measures to protect information

formations in the field of official secrets in the activities of internal affairs bodies seems to be relevant and timely.

The degree of development of the research topic. An analysis of a significant number of literature sources devoted to the study of the legal and technical component of information security allows us to state that the problem of protecting official secrets in the activities of internal affairs bodies is poorly understood, and therefore needs separate study. Available to date scientific work, devoted to information security and information protection, only partially relate to the problem of protecting official secrets in general and, in particular, in the internal affairs bodies, and those publications that include consideration of the regulation of the studied area, only touch on general problems without the necessary specification.

This study examines the legal basis for classifying information as an official secret, as well as measures to ensure the protection of information in the field of official secrets in the activities of internal affairs bodies. At the same time, the main attention is paid to the doctrinal approach in the study of the legal protection of official secrets in the Department of Internal Affairs. The author of the dissertation research relied on the achievements of the theory of law and the state, as well as on the scientific results obtained by representatives of legal sciences dealing with the problems of ensuring information security and information protection.

It should be noted that the main provisions in establishing the legal framework for ensuring information security and information protection were developed by such scientists and specialists as I.L. Bachilo, A.B. Vengerov, V.A. Gerasimenko, SV. Dvoryankin, A.V. Zaryaev, V.A. Kopylov, V.N. Lopatin, A.A. Malyuk, V.A. Minaev, V.A. Pozhilykh, V.E. Potanin, M.M. Rassolov, V.N. Sablin, SV. Skryl, A.A. Streltsov, A.A. Fatyanov, M.A. Fedotov, O.A. Fedotova, A.P. Fisun, SG. Chubukova, A.A. Shiversky, V.D. Elkin and a number of others.

At the same time, the problems of establishing and improving the legal protection of official secrets in general and in the internal affairs bodies, in particular, have not yet become the subject of a separate monographic study.

Object and subject of research. IN quality object dissertation research is a set of social relations that develop in the process of legal regulation of ensuring the protection of confidential information of an official nature in the activities of internal affairs bodies.

Subject research is to study the content of the concept of "official secret" to determine the patterns of development of legal norms governing the relations in question in the information sphere in relation to ensuring the protection of official secrets in the activities of internal affairs bodies.

Purpose and objectives of the study. The purpose of the dissertation research is a comprehensive, systematic study of the existing regulatory framework governing the protection of confidential information of an official nature in the activities of the Department of Internal Affairs and the development of proposals for its improvement.

To achieve this goal, the following theoretical and scientific-practical tasks are solved in the study:

determine the essence and content of the concepts of "confidential information of an official nature", "official secret" in relation to the internal affairs bodies;

analyze the points of contact between information related to official secrets and other types of restricted information in order to establish distinctive features;

explore the problems of legal protection of official secrets, taking into account both the current regulatory legal acts and existing projects and proposals;

study the existing experience of the internal affairs bodies and legal acts that provide disciplinary measures for the protection of official secrets in the internal affairs department;

consider topical issues of civil law measures to protect official secrets in the activities of the Department of Internal Affairs;

reveal the main directions for the implementation of administrative and legal protection of official secrets in the activities of the Department of Internal Affairs;

to study the norms of the criminal law, which today provide protection of official secrets in the activities of the Department of Internal Affairs;

Methodological and source study bases of the research. The methodological basis of the study is the dialectical method of cognition, historical, systemic, complex, targeted approaches to the problem under study, as well as special cognition methods: formal logical, formal legal, comparative legal, as well as methods of abstraction, analogy and modeling.

In the course of work, the author of the dissertation analyzed the following sources: the Constitution of the Russian Federation, international legal acts, administrative, civil, criminal legislation, by-laws of the federal level, as well as other legal and technical material. The materials of articles, reports, inspections devoted to the analysis of the experience of the secretariats, special libraries and other departments of the internal affairs bodies were studied.

The theoretical basis of the dissertation was the works of domestic and foreign lawyers on the problems of information security, as well as scientists on the theory of law, constitutional, administrative, labor, criminal, civil law, management science and other scientific disciplines related to the research topic. In addition, the work used scientific

9 scientific developments in philosophy, sociology, political science, which made it possible to avoid a highly specialized approach to the problems under study. Provisions for defense:

1. Researched and proposed by the author, having scientific
methodological significance for the development and improvement of doctrinal
understanding of the problem, the definition of scientific categories of "confidential
al information", "official secret", as well as the established ratio
definition of the terms "official information" and "official secret".

Justification of the position that, while forming balancing mechanisms between the realization of the right of citizens to access information about the activities of public authorities and the right of the latter to restrict access in the interests of ensuring public interests, one should dwell on the formation of general departmental lists, having developed legislatively only general principles, general criteria , by which access to information can be restricted. But what undoubtedly needs to be legislated is a list of information that is not allowed to be classified as an official secret.

The conclusion is that information received by employees of the internal affairs bodies of the Russian Federation in the process of exercising their powers should be recognized as confidential information and constitute an official secret of the Department of Internal Affairs. Access to such information, its legal regime and protection conditions must be regulated by regulatory legal acts in various branches of legislation, where intersection with other types of secrets is inevitable, in connection with which it is necessary to clearly establish the properties and features that distinguish an official secret from other types of secrets. Such a division is legally necessary in order to finally determine the institution of official secrets and eliminate confusion in the interpretation of the norms of legal acts.

Conclusion that in the context of a sharp increase in the value of information, the rule-making practice of the state should strive to streamline relations in the field of attribution as much as possible

10 information classified as confidential and their protection. It is precisely to streamline, since in this area the interests of individuals, their associations and the state represented by power structures in terms of access and possession of various information of property or other value collide to the greatest extent. Because of this, the legal institution of official secrets in the activities of the Department of Internal Affairs should be considered not as another mechanism for restricting access to information of interest to the public about the activities of the state, but as one of the mechanisms aimed at ensuring the legitimate interests of the individual, society and the state in the information sphere.

The conclusion that the use of disciplinary measures to protect official secrets in the internal affairs department, with a sufficiently significant circulation of it, where, in addition to direct departmental secrets, other types of secrets circulate, should be reasonable, justified and justified from the point of view of law. Excessive protection of official secrets can lead to a decrease in the employee's work efficiency due to excessive formalization of relations.

Proposal of a conceptual vision of directions for improving civil law measures for the protection of official secrets, which makes it possible to increase the degree of responsibility of police officers for information constituting official secrets. The first step should be the delimitation in the Civil Code of the Russian Federation (Article 139) of the joint regulation of two independent legal institutions "official secrets" and "commercial secrets", which will help to avoid the current confusion in regulated legal relations.

Proposals for supplementing chapters 13 of the Code of Administrative Offenses of the Russian Federation "Administrative offenses in the field of communications and information" and 32 of the Criminal Code of the Russian Federation "Crimes against the order of management". The compositions formulated and proposed by the author have a sign of consistency and make it possible to adequately fill the legal vacuum in the area under consideration, which has arisen due to the narrowing of the area of legal impact of criminal law sanctions and ineffective

the effectiveness (and in some cases the lack of possibility) of applying disciplinary measures.

Scientific novelty of the research. The dissertation is the first monographic work that explores the legal basis for classifying information as official secrets, as well as measures to ensure the protection of information in the field of official secrets in the activities of internal affairs bodies. The author analyzes the theoretical provisions in the field of legal regulation of the mechanisms for protecting official secrets in the Department of Internal Affairs, critically assesses the state of the norms affecting relations in this important area of public relations for society and the state.

Theoretical and practical significance of the research results. IN in accordance with the goal and objectives of the dissertation research, all conclusions and proposals can be used to improve the current legislation governing the mechanisms for protecting confidential information of an official nature in the activities of internal affairs bodies, as well as in the development of new regulatory legal acts related to this area.

The author offers his own vision in the definition of the concept of an official secret, on the basis of which a set of measures should be developed to ensure mechanisms for protecting confidential information of an official nature in the activities of internal affairs bodies using legal norms. In this study, proposals and recommendations have been developed that can be used in the development of the conceptual apparatus of legal acts in the field of protection of official secrets in the Department of Internal Affairs.

The author proposes to add five new sentences to Chapter 13 of the Code of Administrative Offenses of the Russian Federation "Administrative offenses in the field of communications and information" and two sentences to Chapter 32 of the Criminal Code of the Russian Federation "Crimes against the order of management", as well as to make some changes and additions to certain articles of the Civil Code of the Russian Federation, the Criminal Code of the Russian Federation and other federal laws, which together will allow in a certain way to increase the level of information security in

12 sphere of official secrets in the activities of internal affairs bodies with the help of legal norms. In addition, normative legal acts are proposed in order to systematize the legislation on official secrets.

Theoretical and practical conclusions of the dissertation research, its content can be used in the system of higher professional education of a legal profile, advanced training of law enforcement officers and specialists in the field of ensuring the protection of official secrets.

Empirical base of research compiled an analysis of the study of the results of a survey of 140 employees of internal affairs bodies from nine constituent entities of Russia, of which one republic, two territories, five regions and one city of federal significance (Moscow), the experience of law enforcement practice of the personnel service of the Central Internal Affairs Directorate of the Voronezh Region, personal experience practical activities in the police department of the author of the study.

Approbation of the work and implementation of the research results. The main provisions of the dissertation were reported and discussed at the Department of Constitutional and Administrative Law of the Voronezh Institute of the Ministry of Internal Affairs of Russia, at practical classes with adjuncts of full-time education, at the IV All-Russian Scientific and Practical Conference "Protection, Security and Communication" (Voronezh, 2003), All-Russian scientific-practical conference "State, law, society: state of the art and problems of development" (Lipetsk, 2003), All-Russian scientific-practical conference of cadets, adjuncts and students "Modern problems of combating crime" (Voronezh, 2004).

The materials of the dissertation research are published in seven scientific articles, the total volume of publications amounted to 2.1 p.l. The methodological recommendations developed on the basis of the dissertation research have been introduced into the practical activities of the CID of the KM and the UOOP of the Central Internal Affairs Directorate of the Voronezh Region, as well as into the educational process of the Voronezh Institute of the Ministry of Internal Affairs of Russia.

Dissertation structure. The dissertation consists of an introduction, two chapters (including 7 paragraphs), a conclusion, a list of references and an appendix.

Correlation between official secrets and other types of secrets

Having defined in the previous paragraph of this study the basic concepts that ensure the legal process of regulating public relations in the sphere of circulation of official secrets, it is necessary to distinguish between official secrets and other types of secrets that, to one degree or another, intersect or are connected by legal norms with official secrets. As the analysis carried out shows, it is quite a difficult and difficult task to draw a clear line between official secrets and certain types of secrets, since in some cases other secrets permeate official secrets, however, such a separation is legally necessary in order to finally determine the institution of official secrets and eliminate confusion in interpretation of norms of legal acts.

In accordance with Art. 139 of the PS of the Russian Federation, official secrets are closely intertwined with commercial secrets. Following this rule, information constitutes official or commercial secrets in cases where this information has actual or potential commercial value due to its being unknown to third parties; if this information is not freely available on a legal basis; if the owner of the information takes appropriate measures to protect its confidentiality. From the above evaluation criteria that define commercial and official secrets, it is rather difficult to separate one type of secret from another. According to Decree of the President of the Russian Federation of March 6, 1997 No. 188, the difference between official and commercial secrets is that a commercial secret is information related to commercial activities ..., and an official secret is official information, access to which is limited by public authorities ... In order to understand the essence of official secrets in more detail, we should mention Decree of the Government of the Russian Federation of November 3, 1994 No. 1233, which approved the Regulations on the procedure for handling limited distribution of official information in federal executive bodies. The regulation is aimed at resolving issues related to the circulation of information in federal executive bodies, as well as in enterprises subordinate to them, in institutions and organizations. In accordance with the Regulations, restricted information includes non-classified information relating to the activities of organizations, the restrictions on the dissemination of which are dictated by official necessity.

The following cannot be classified as official information of limited distribution:

Acts of legislation establishing legal status state bodies, organizations, public associations, as well as the rights, freedoms and obligations of citizens, the procedure for their implementation;

Information about emergencies, natural hazards and processes, environmental, hydrometeorological, hydrogeological, demographic, sanitary and epidemiological and other information necessary to ensure the safe existence of settlements, citizens and the population as a whole, as well as production facilities;

Description of the structure of the executive authority, its functions, directions and forms of activity, as well as its address;

The procedure for considering and resolving applications, as well as appeals from citizens and legal entities;

Decisions on applications and appeals of citizens and legal entities, considered in the prescribed manner;

Information on the execution of the budget and the use of other state resources, on the state of the economy and the needs of the population;

Documents accumulated in the open funds of libraries and archives, information systems of organizations necessary for the realization of the rights, freedoms and duties of citizens.

In the opinion of the author, the above list of restrictions is not exhaustive. In confirmation of this, one can cite the judgment of A.A. Fat Yanov, who expresses concern that among the categories of information that cannot be subject to access restrictions, there is no information about violations of the law by state authorities and their officials. Such an "omission" allows officials to significantly restrict access to the materials of official investigations into the negative activities of the state apparatus and other shortcomings. Meanwhile, the maximum possible openness in this matter is one of the fundamental aspects of improving the activities of public authorities.

In accordance with the Regulations, the heads of federal executive bodies, within their competence, determine the category of officials authorized to classify official information as limited distribution, ensure the organization of protection of official information of limited distribution, etc.

Features of the legal protection of official secrets

To understand the essence of the legal institution of an official secret, first of all, as a system of secret formation (it is too early to talk about the formation of a sub-institution for classifying information as an official secret as a complete scheme), let us turn to the history of its development in domestic legislation. By and large this system gradually separated from state secrets due to the fact that not all information to which the state restricts access for one reason or another is so valuable that the damage from its dissemination should lead to criminal prosecution. The construction of this into a principle became, in the author's opinion, the criterion by which state and official secrets were distinguished. Their final normative separation occurred already in the 70s of the XX century. and received its clearest formalization in the legal structure proposed by the Instruction on Ensuring the Secrecy Regime in the Ministries and Departments of the USSR, approved by the Decree of the Council of Ministers of the USSR dated 12.05.87 No. and business secrets. This design fully reflected the system of views of that period on the role and place of official secrets in the functioning of the mechanism of the state.

The most striking refraction of the legal institution for the protection of official secrets in the conditions of a separate department is the institution of military secrets. Paragraph "d" of Article 259 of the Criminal Code of the RSFSR of 1960 contained, in relation to this institution, the following definition: military secret is military information that is not subject to disclosure, but is not a state secret. We find certain echoes of the presence of this institution in the legislation even now. For example, in Article 26 of the Federal Law "On the Status of Servicemen" among the general duties of servicemen there is such as "to be disciplined, vigilant, keep state and military secrets."

The institution of military secrets, like, in fact, the entire institution of official secrets, carried a rather significant positive load. The fact is that, as we already know, information constituting a state secret is most often of a generalized nature, i.e. go through several stages from absolutely public information (primary, elementary information) to integrated. At the same time, the process of converting open information into a state secret cannot and should not be of a spasmodic nature. In the process of integration, stages come when information cannot yet be classified as a state secret, but its open dissemination already poses a certain danger. Let's take an example. According to paragraph 4 of the List of information classified as state secrets, information describing the state of combat training of troops constitutes a state secret. Should they include the state of combat readiness of an individual motorized rifle platoon or company? Hardly. What about a battalion, a regiment? There are also doubts. But there will be no more doubts about the relevance of information about the combat readiness of the division to state secrets. But at the same time, hardly anyone would dare to disseminate information about the degree of combat readiness of an entire regiment. This is the "niche" of military secrets.

Having dealt with the concept of an official secret in the first two paragraphs of this study, the criteria for the relevance of information to the confidential information under study, as well as the properties and features that distinguish an official secret from other types of secrets, it is necessary to answer the fundamental question of what exists in modern Russian legal science legal institution of official secrets. In this regard, let us remind you that state secrets in the Soviet period were divided into state and official secrets according to the following criterion: to designate information constituting a state secret, the headings "special importance" and "top secret" were used, to designate official secrets - "secret". Behind such a gradation was a fairly clear qualitative assessment of the potential damage that could result from their illegal distribution: a sign of the relevance of information to state secrets was damage that could have a negative impact on the qualitative state of the military-economic potential of the country; in relation to official - simply damage to the interests of the state. In principle, the logic can be traced here: the state is personified by state authorities, therefore, damage to their interests is damage to the interests of the state.

Unfortunately, the adoption of the Law on State Secrets, having introduced a lot of positive aspects, entailed one significant negative consequence - the assignment of the heading "secret" in accordance with the said Law to designate only information constituting a state secret, de facto eliminated official secrets as an institution and at the same time, it created serious legal uncertainty regarding the qualification of the information he had previously indicated (that is, whether they fall under the regime of restrictions on state secrets or not). It is logical to assume that they do not. On the other hand, the modern approach to classifying information as a state secret, as we already know, sharply reduces the estimated threshold of damage when classifying information in this category to the interests of a single organization, institution, which allows us to draw the opposite conclusion.

Civil Law Measures for the Protection of Official Secrets

Consideration of civil law measures for the protection of official secrets by all authors80, without exception, who study the field of information law, boils down to comparing the definitions of official and commercial secrets established in Art. 139 of the Civil Code of the Russian Federation, and only a few of them provide some analysis of the legal norms for protecting the confidential information under study. This state of affairs cannot be considered acceptable, especially since Art. 139 of the Civil Code of the Russian Federation in part two directly establishes both the need to protect official and commercial secrets, and its methods. Following the legal norm h. 1 Art. 139 of the Civil Code of the Russian Federation, it can be concluded that the legislator does not distinguish between the categories of "official secret" or "commercial secret", assuming under them information that has actual or potential commercial value due to being unknown to third parties, to which there is no access on a legal basis and the owner which takes steps to protect its confidentiality. In turn, part 2 of Art. 139 of the Civil Code of the Russian Federation, proclaiming the need to protect the secrets in question, also does not distinguish between its methods. As the results of our study show, not all methods of protection provided for by the Civil Code of the Russian Federation and other laws can be applied to official secrets.

L.A. came to the same conclusion. Trakhtengerts, who points out that the legitimacy of extending the conditions for the protection of trade secrets to official secrets is questionable. These are diverse concepts. Keeping inside information secret, as a rule, is not due to its commercial value (although such information may contain information of a commercial nature).

In connection with this circumstance, not all methods of protecting official secrets in the internal affairs department can be used; they should be based only on the norms of individual articles of the Civil Code of the Russian Federation and regulatory legal acts that directly establish the responsibility of an internal affairs officer for violating the regime of official secrets. At the same time, it must be taken into account that general rule civil liability always comes later than other types of legal liability and therefore is only compensatory in nature, not in all cases affecting the level of protection of official secrets in a proactive manner.

Based on the norm of the second part of Art. 139 of the Civil Code of the Russian Federation, civil law measures to protect official secrets in the internal affairs department can be applied in the following cases: - if an internal affairs officer illegally obtained information that constitutes an official secret, then he is obliged to compensate for the losses incurred; - if an employee of the Department of Internal Affairs divulged an official secret contrary to the conditions set forth in the contract concluded with him, then he is obliged to compensate for the losses caused.

It is possible to hypothetically assume that an internal affairs officer obtained information that constitutes an official secret by illegal methods, but how in this situation to determine the amount of damages caused? The question is far from idle. However, first things first. First, let's determine how a police officer can illegally obtain information that constitutes an official secret. With regard to intra-system information containing official secrets, this can only happen if the police officer commits a criminal act (for example, theft, illegal entry into the premises, the use of physical force against another police officer, which entailed criminal consequences, etc.). It is also impossible to exclude the fact that information held by the police department and protected by the official secret regime may constitute a commercial secret. In particular, commentators of the Civil Code of the Russian Federation also come to this conclusion83. So, A.A. Tarasov points out that information that is a trade secret can become an official secret and vice versa. Following the above reasoning, civil law measures for the protection of official secrets can be applied both in connection with the establishment of a criminal law act and in view of determining the fact that official information contains a commercial secret.

Secondly, we will determine what losses and how the police officer must compensate in case of illegal receipt of information that constitutes an official secret. Based on the interpretation of Art. 15 and 16 of the Civil Code of the Russian Federation, losses are understood as expenses that a person whose right has been violated has made or will have to make to restore the violated right, loss or damage to his property (actual damage), as well as lost income that this person would have received under ordinary conditions of civil circulation, if his right had not been violated (lost profit). If the person who violated the right received income as a result of this, the person whose right was violated has the right to demand compensation, along with other losses, for lost profits in an amount not less than such income.

Administrative and legal protection of official secrets

The transfer of information constituting an official secret to computer networks and systems that have access to public information and telecommunication networks without providing appropriate measures to protect information, shall entail the imposition of an administrative fine on officials in the amount of from forty to fifty times the minimum wage; for legal entities - from four hundred to five hundred times the minimum wage".

Having outlined his proposals for improving the system of protection of relations arising in the sphere of official secrets by establishing administrative responsibility, the author cannot ignore the issue of the types and magnitude of sanctions for these unlawful acts.

Some general theory of the magnitude of the sanction, depending on the degree of danger of the coming harmful consequences in relation to the system of the current Code of Administrative Offenses of the Russian Federation, has not yet been created, therefore, the author, formulating the above elements of administrative offenses, proceeded from the following considerations.

1. The main type of sanction applied in the current Code of Administrative Offenses of the Russian Federation is an administrative fine. In accordance with the third part of Article 3.5. of this legislative act "the amount of an administrative fine imposed on citizens and calculated on the basis of the minimum wage may not exceed twenty-five minimum wages, on officials - fifty minimum wages, on legal entities - one thousand minimum wages ". There is an exception to this rule in relation to legal entities (in the direction of increasing the amount of the fine), but it affects only economic relations, when the amount of the fine should significantly affect the termination of illegal activities, making it unprofitable.

Based on the foregoing, the author also chose a fine as the main administrative sanction. Of all the proposed offenses, the least public danger is the transfer of information constituting an official secret to unaccounted for media. The application of an administrative sanction in this case is of a preventive and suppressive nature. Because of this, along with a fine, the author chose the mildest type of punishment - a warning, and, as an alternative, an administrative fine of an average level (for citizens - from 10 to 15 times the minimum wage, for officials - from 20 to 30 minimum wages.

In other cases, the degree of public danger of the act, according to the author, is higher, however, not for all offenses the maximum level of administrative fine is proposed, but only for such offenses when there is a real threat of leakage of information constituting an official secret (loss of media containing such information; use of computer equipment for processing this information without appropriate verification; transfer of information to computer systems that have access to a public network; familiarization of a person who has not passed the procedure for admission to official secrets with such information).

2. In a number of the above compositions, it is proposed to involve legal entities in administrative responsibility. In the current Code of Administrative Offenses of the Russian Federation, the level of sanctions against these entities is traditionally increased. As a result of the analysis of the norms of the Code, the author came to the conclusion that the usual practice of constructing sanctions is to increase the amount of the fine applied to legal entity, ten times higher than that applied to an official. It is this approach that was chosen to determine the lower and upper limits of such measures of legal influence.

3. With regard to the issue under consideration, the system for vesting the jurisdictional powers of the Internal Affairs Directorate should differ somewhat from that provided for by the Code of Administrative Offenses of the Russian Federation in relation to the current compositions.

Due to the absence of the fundamental Federal Law of the Russian Federation "On official secrets", which could clarify the establishment of the powers and obligations of state authorities to protect official secrets, as well as the absence of such powers in the regulatory legal acts regulating the activities of the Department of Internal Affairs, we consider it appropriate to make an addition to the Law "On the Police", concerning the powers of the Department of Internal Affairs to protect official secrets and the corresponding duties to fulfill the established requirements. If such changes are made, then, in the author's opinion, the drawing up of protocols on administrative offenses and the consideration of cases on administrative offenses within the framework of the compositions proposed above should be attributed to the jurisdiction of the Department of Internal Affairs. And with regard to such administrative offenses as "Use for processing information constituting an official secret, computer equipment that has not passed mandatory verification" and "Illegal transfer of information constituting an official secret to computer systems that have access to public information and telecommunication networks" the right to draw up protocols and consider cases on these administrative offenses should be assigned to the Department of Internal Affairs and the bodies of the State Technical Commission of Russia within their competence.

Send your good work in the knowledge base is simple. Use the form below

Students, graduate students, young scientists who use the knowledge base in their studies and work will be very grateful to you.

Posted on http://www.allbest.ru/

INTRODUCTION

1. Main threats to information security

2. Information security of ATS

CONCLUSION

BIBLIOGRAPHY

INTRODUCTION

The development of more and more new information technologies, and total computerization have led to the fact that information security has become mandatory, and is one of the characteristics of IS. There is a relatively large class of information processing systems, where the security factor plays an important role (for example, banking information systems).

The security of the information sphere is the protection of the system from accidental or deliberate interference in the normal process of its functioning, from attempts to steal information, modify or physically destroy its components. In other words, it is a way to counteract various IP impacts.

Threats to information security include activities that lead to tampering, unauthorized use, and possibly even destruction of information resources or software and hardware.

Among the threats to information security, random or unintentional ones are singled out. Their consequences can be both hardware failure and incorrect user actions, involuntary software errors, etc. The damage from them can be significant and therefore it is important to keep such threats in mind. But in this work we will turn our attention to threats deliberate. They then, unlike random ones, have the goal of causing damage to the managed system or users. This is often done for personal gain.

A person who seeks to disrupt the operation of an information system or gain unauthorized access to information is usually called a cracker or hacker. Crackers try to find those sources of confidential information that will give them reliable information in maximum volumes With minimal cost to obtain it, using various tricks and techniques. The source of information is a material object that has certain information and is of interest to attackers or competitors. Currently, to ensure the protection of information, it is necessary not only to develop protection mechanisms, but undoubtedly to implement a systematic approach, using interrelated measures. Today it can be argued that a new modern technology-- information security technology in computer information systems and data transmission networks. The implementation of this technology requires increasing costs and efforts. Nevertheless, with the help of such measures, it is possible to avoid significant losses and damage in the actual implementation of threats to IP and IT.

Goal of the work:

Familiarize yourself with the information security of the police department.

Tasks:

1. Identify the main threats to information security.

2. Consider the classification of information security threats.

1. Main threats to information security

In this work, a more complete coverage of threats to the security of subjects of information relations is considered. However, it should be understood that scientific and technical progress does not stand still, and this can lead to the emergence of new types of threats, and attackers are able to come up with new ways to overcome security systems, access to data and disrupt the operation of the AS. (1)

As a rule, a threat is understood as a potentially acceptable event or action, process or phenomenon, as a result of which damage to someone's interests may occur.

The main threats include:

* leakage of confidential information;

* compromise of information;

* unauthorized use of information resources;

* incorrect use of information resources;

* unauthorized exchange of information between subscribers;

* refusal of information;

* violation of information service;

* illegal use of privileges.

Quite a few reasons and conditions that create the prerequisites and the likelihood of misappropriation of confidential information appear due to simple shortcomings of the organization's management and their employees. At present, the fight against information infections causes significant difficulties, since in addition to the absent-mindedness of managers, there is and is constantly being developed a considerable number of malware, the purpose of which is to damage the database and computer software. A huge number of varieties of such programs does not allow the development of permanent and reliable weapons of defense against them.

Classification of such programs:

* logic bombs;

* Trojan horse;

* computer virus;

* password hijacker.

This classification does not cover all possible threats of this type. And since there are simply a huge number of threats, it would be wiser to focus on one of the most common, such as a computer virus.

The architecture of the data processing system (DPS) and the technology of its functioning allow the criminal to find or deliberately create loopholes for hidden access to information, and the variety of even known facts of malicious actions gives sufficient reason to assume that there are or can be formed quite a few of these loopholes. (2)

Unauthorized access to information is:

1. Indirect - without physical access to the elements of the SOD.

2. Direct - with physical access to the elements of the SOD.

To date, there are the following ways of such access to information: security information internal business

* use of listening devices;

*remote photography;

* interception of electromagnetic radiation;

* theft of storage media and industrial waste;

* reading data;

* copying media;

* disguise as a registered user by stealing passwords;

* application of software traps;

* acquisition of protected data through a series of authorized requests;

* the use of shortcomings of programming languages and operating systems;

* Deliberate introduction to the program libraries of special blocks such as "Trojan horses";

* illegal connection to the communication lines of the computer system;

* Malicious disabling of protection devices.

AS consist of the main structural and functional elements:

* workstations; servers or host machines; gateway bridges; communication channels.

From the workstations, information processing is controlled, programs are launched, and data is corrected. They are the most accessible components of networks. Here they can be used when trying to commit unauthorized actions.

Both servers (Host - machines) and bridges need protection. The first - as carriers of considerable amounts of information, and the second - as elements where data is converted when negotiating exchange protocols in different parts of the network.

2. Information security of ATS

IN modern world, built on the widespread use of computer technology, the approach to understanding information has completely changed. The emergence of computers information began to be perceived as one of the integral components of the life of any person. Along with this, the view of information has changed from enthusiastic to mundane. (3)

What is information? Why does it need processing and, moreover, legal protection?

Information can be divided into legal and non-legal. The first is normative and non-normative.

Regulatory is formed in the sequence of law-making activities and is contained in regulatory legal acts. It includes the Constitution of the Russian Federation, Federal constitutional laws, Federal laws, Legislative acts of the constituent entities of the Russian Federation, Decrees of the President of the Russian Federation, Decrees of the Government of the Russian Federation, various regulatory acts of executive authorities at all levels, acts of local governments.

non-normative formed in the order of law enforcement and law enforcement activities. With its help, the prescriptions of normative legal acts will be fulfilled. Such information is divided into several large groups:

1. Information about the state of law and order:

2. Information about civil law relations, contractual and other obligations (contracts, agreements, etc.).

3. Information representing administrative activities executive authorities and local self-government for the implementation of regulatory requirements.

4. Information of courts and judicial authorities (court cases and court decisions).

5. Law enforcement information.

As you can see, the information security of the internal affairs bodies is the state of protection of the interests of the internal affairs bodies in the information sphere in accordance with the tasks assigned to them. (4)

Essential elements of the information sphere:

1. departmental information and information resources;

2. departmental information infrastructure - means and systems of informatization;

3. subjects of execution of information activities - employees of internal affairs bodies;

4. system of legal regulation.

The most significant objects of ensuring information security in law enforcement and judicial spheres include:

1. Resources of the federal executive authorities that implement law enforcement functions, the judiciary, their information and computing centers, which contain information and operational data;

2. information and computing centers, their information, technical, software and regulatory support;

3. information infrastructure.

The greatest danger, in law enforcement and judicial spheres, is borne by external and internal threats.

Co. external relate:

* intelligence activities of special services of foreign states, international criminal communities, organizations and groups that collect information about the disclosure of tasks, activity plans, work methods and locations of special units and internal affairs bodies;

* the functioning of foreign public and private commercial structures trying to gain unauthorized access.

internal, are:

*violation of the established regulations for the collection, processing, storage and transmission of information stored in file cabinets and automated data banks and used to investigate crimes;

* lack of legislative and regulatory regulation of information exchange in law enforcement and judicial spheres;

*lack of a holistic methodology for collecting, polishing information, as well as storing information of a forensic, statistical and operational-investigative nature;

*software failures in information systems;

*intentional acts, as well as errors of personnel working on and maintaining file cabinets and automated data banks.

The security of information resources and information infrastructure of the internal affairs bodies is expressed through the security of their most important properties. Since the damage can be caused to the subjects of information relations by the impact on the processes and means of processing critical information for them, it becomes a complete necessity to ensure the protection of the entire information system from illegal intrusion, methods of theft and / or destruction of any components of this system in the course of its activity.

The safety of each component of an automated system (AS) is formed from the provision of three of its characteristics:

*confidentiality, which consists in accessibility only to those subjects (users, programs, processes) that have special permissions.

* integrity - a property of information, characterized by the ability to resist unauthorized or involuntary destruction, or distortion.

* accessibility, it is possible to get access to the necessary system component with the appropriate permissions at any time without any problems.

Violation of such characteristics is a threat to the information security of the internal affairs bodies.

We emphasize once again that the most important goal of protecting the AS and, accordingly, the information rotating in it is expressed in preventing or minimizing the damage caused, as well as disclosure, distortion, loss or illegal reproduction of information.

Information security means is a set of legal, organizational and technical means designed to ensure information security. (5)

All information security tools can be divided into two groups:

*formal - these are means that perform their functions of protecting information formally, that is, mainly without human participation.

*informal are those based on the activities of people.

Formal means are divided into physical, hardware and software.

Physical - mechanical, electrical, electronic, electronic-mechanical and devices and systems that operate autonomously, creating various kinds of obstacles in the way of destabilizing factors.

Hardware - these are those that are built into the hardware of a data processing system intentionally to solve problems of information protection.

So, along with the above, a number of measures necessary for the implementation of information security are carried out. These include:

* Distribution and replacement of access control details (passwords, encryption keys, etc.).

* Measures to review the composition and construction of the protection system.

*Performed during personnel changes in the staff of the system;

* On the selection and placement of personnel (control of recruits, training in the rules for working with information, familiarization with the measures of responsibility for violating the rules of protection, training, organizing conditions under which it would be unprofitable for personnel to violate their duties, etc.).

*Fire protection, security of premises, access control, measures to ensure the safety and physical integrity of equipment and storage media, etc.;

* Open and covert verification of the work of the system personnel;

* Check behind the use of protective measures.

*Measures to revise the rules for restricting user access to information in the organization.

And a number of other measures aimed at protecting classified information. In addition to organizational measures, all kinds of technical measures (hardware, software and complex

From this work, we have already understood that in the internal affairs bodies special attention is paid to the preservation of secret information, the development of great vigilance among employees. Nevertheless, some of them often underestimate the severity of leaking such information. They show dishonest attitude and negligence when handling secret documents, and this often leads to the disclosure of secret information, and sometimes to the loss of secret products and documents. At the same time, some employees maintain dubious connections, divulge important information about the methods and forms of work of the internal affairs bodies. The low professional qualities of some employees often lead to a violation of the secrecy of the events being held.

CONCLUSION

Statistics show that in all countries the damage from malicious acts is constantly growing. Moreover, significant reasons are associated with the lack of a systematic approach. As a result, comprehensive protection measures need to be improved. One of the most important tasks for is the organization of anti-virus protection of autonomous workstations, local and corporate computer networks that process restricted access information.

It can be noted that ensuring information security is a complex task. This is determined by the fact that the information environment is not a simple mechanism where components such as electronic equipment, software, personnel work. (6)

In order to solve this problem, it is necessary to use legislative, organizational and software and hardware measures. Neglecting at least one of the points can lead to the loss or leakage of information, the price and role of which in the life of modern society is gaining more and more significant meaning.

The use of more efficient information systems is manifested in a prerequisite for successful activities modern organizations and enterprises. Information security is one of the most important indicators of the quality of an information system. We can say that the most successful methods in automated systems are virus attacks. They account for about 57% of information security incidents and about 60% of the implemented threats from among those recorded and included in statistical reviews.

LISTUSEDLITERATURE

1. Beloglazov E.G. and others. Fundamentals of information security of internal affairs bodies: Textbook. - M.: MosU of the Ministry of Internal Affairs of Russia, 2012.

2. Emelyanov G. V., Streltsov A. A. Information security of Russia. Basic concepts and definitions. Textbook / Under the general. ed. prof. A. A. Prokhozheva. M.: RAGS under the President of the Russian Federation, 2009.

3. Zegzhda D.P., Ivashko A.M. Fundamentals of information systems security. - M.: Hotline-Telecom, 2010.

4. N.I. Zhuravlenko, V.E. Kadulin, K.K. Borzunov. Fundamentals of Information Security: Study Guide. - M.: Moscow State University of the Ministry of Internal Affairs of Russia. 2012.

5. Prokhoda A.N. Ensuring Internet security. Workshop: Textbook for universities. - M.: Hotline-Telecom, 2010.

6. Stepanov OA Legal basis for ensuring the protective function of the state in the context of the use of new information technologies: Textbook. M.: Academy of Management of the Ministry of Internal Affairs of Russia, 2012.

Hosted on Allbest.ru

Protection of information in the internal affairs bodies. Fundamentals of information security. If we talk about threats of an information technology nature, we can distinguish such elements as information theft, malware, hacker attacks, spam, employee negligence

Send your good work in the knowledge base is simple. Use the form below

2. The concept and goals of conducting special inspections of informatization objects; the main stages of the audit

Informatization object - a set of informatization tools together with the premises in which they are installed, designed for processing and transmitting protected information, as well as dedicated premises Partyka T. L., Popov I. I. Information security - M .: Forum, 2012.

Means of informatization - means computer science and communications, office equipment designed to collect, accumulate, store, search, process data and issue information to the consumer.

Computer facilities - electronic computers and complexes, personal electronic computers, including software, peripheral equipment, data teleprocessing devices.

The objects of computer technology can also include individual computer equipment that perform independent functions of information processing.

Dedicated room (VP) - a special room designed for meetings, meetings, conversations and other speech events on secret or confidential issues.

Events of a speech nature can be held in allocated premises with the use of technical means of processing speech information (TSOTI) and without them.

Technical Information Processing Tool (ITP) is a technical tool designed to receive, store, search, convert, display and/or transmit information via communication channels.

Automated system (AC) - a set of software and hardware designed to automate various processes associated with human activities. At the same time, a person is a link in the system.

A special check is a check of a technical means of information processing carried out in order to search for and withdraw special electronic embedding devices (hardware embeddings).

Separate premises certificate - a document issued by the attestation (certification) body or another specially authorized body, confirming the existence of the necessary conditions to ensure reliable acoustic protection of the allocated premises in accordance with established norms and rules.

Instruction for operation - a document containing requirements for ensuring the security of a technical means of processing information during its operation.

Certificate of certification tests - a document containing the necessary information about the test object, the methods used, means and test conditions, as well as the conclusion on the test results, drawn up in the prescribed manner.

Basic technical means and systems (OTSS) - technical means and systems, as well as their communications, used for processing, storing and transmitting confidential (secret) information.

Auxiliary technical means and systems (VTSS) - technical means and systems not intended for the transmission, processing and storage of confidential information, installed jointly with OTSS or in dedicated premises.

These include:

3. Hardware and firmware data cryptoprotection

Integrity and restriction of access to information are provided by specialized system components that use cryptographic protection methods. In order for a computer system to be fully trusted, it must be certified, namely:

- determine the set of functions performed;

- prove the finiteness of this set;

- determine the properties of all functions Gafner V. V. Information security - Rostov-on-Don: Phoenix, 2010 .

When using the system, its functionality should not be violated, in other words, it is necessary to ensure the integrity of the system at the time of its launch and during operation.

The reliability of information protection in a computer system is determined by:

- a specific list and properties of the CS functions;

- methods used in CS functions;

- a way to implement the functions of the COP.

Here are some examples of hardware-software CIPF:

In practice, often the user authentication functions, integrity checks, cryptographic functions that form the core of the security system are implemented in hardware, all other functions are implemented in software.

Conclusion

Threat - a set of conditions and factors that create a potential or real danger of violating the confidentiality, availability and (or) integrity of information.

If we talk about threats of an information technology nature, we can distinguish such elements as information theft, malware, hacker attacks, SPAM, employee negligence, hardware and software failures, financial fraud, equipment theft.

As can be seen from the above data, information theft and malware are the most common.

Knowledge of the main methods of committing and preventing computer crimes, methods of combating computer viruses, as well as modern methods information protection is necessary to develop a set of measures to ensure the protection of automated information systems of internal affairs bodies.

All this will contribute to increasing the efficiency of the activities of the internal affairs bodies as a whole.

Listliterature

Similar Documents

Introduction

1 Types and content of information security threats

2 Technical implementation of the ATS information security concept

conclusions

List of used literature

Correlation between official secrets and other types of secrets

Features of the legal protection of official secrets

Civil Law Measures for the Protection of Official Secrets

Administrative and legal protection of official secrets

Send your good work in the knowledge base is simple. Use the form below

Similar Documents