Systematization of concepts in the field of information security
The basic terms in the theory of information security are: "information security", "information security", "information protection". Their essence ultimately determines the policy and activities in the field of information protection.
Information security is the state of protection of information resources (information environment) from internal and external threats that can harm the interests of the individual, society, and the state (national interests).
Information security is the protection of information from undesirable (for the relevant subjects of information relations) disclosure (violation of confidentiality), distortion (violation of integrity), loss or decrease in the degree of accessibility of information, as well as its illegal replication.
It follows from the definitions of "information security" and "information security" that information protection is aimed at ensuring information security, information security is ensured through its protection.
A breach of information security ultimately damages its owner. Therefore, in order to establish what to protect, in whose interests to protect, how and with what to protect, a system of concepts in the field of information protection has been introduced, including:
concepts related to the definition of information, its legal regime, property rights and access to protected information (legal concepts in the field of information relations);
concepts directly related to the subject area of information security.
The concepts of the first group are used in legal documents, the concepts of the second group are used in normative ones.
Main legal documents:
Federal Law "On Information, Information Technologies and Information Protection" dated 07/27/06 No. 149-FZ;
Federal Law "On State Secrets" dated 09/21/93 No. 182;
"The Civil Code of the Russian Federation (Part four)" dated 12/18/2006 No. 230-FZ. Chapter 70. Copyright;
The National Security Strategy of the Russian Federation. Approved by Decree of the President of the Russian Federation No. 683 dated December 31, 2015;
Strategy for the development of the Information Society in the Russian Federation for 2017-2030 Approved by Decree of the President of the Russian Federation No. 203 dated 05.09.2017.
The main regulatory documents
are GOST R 50922-96. Information protection. Basic terms and definitions.
GOST R 50.1.053–2005 - Information technology. Basic terms and definitions in the field of technical information security.
GOST R ISO/IEC 15408-1-2008 - Information technology. Methods and means of ensuring security. Criteria for evaluating information technology security. Part 1. Introduction and general model.
GOST R ISO/IEC 15408-2-2008 - Information technology. Methods and means of ensuring security. Criteria for evaluating information technology security. Part 2. Functional safety requirements.
GOST R ISO/IEC 15408-3-2008 - Information technology. Methods and means of ensuring security. Criteria for evaluating information technology security. Part 3. Requirements for trust in security.
GOST R ISO/IEC 15408 - General criteria for evaluating information technology security.
GOST R ISO/IEC 27002 - Information technology. Practical rules of information security management.
GOST R ISO/IEC 27001 - Information Technology. Security methods. Information security management system. Requirements.
The governing documents of the State Technical Commission of Russia.
