Concepts of the subject area "Information protection"
The basic concepts of the subject area "Information protection" are established by the GOST R 50922-96 standard, as well as in the Governing Documents of the State Technical Commission of Russia.
Conventionally, the entire subject area can be divided into two subgroups. The first is the basic concepts in the field of information security. The second subgroup is the concepts related to the organization of information security.
Basic concepts in the field of information security (terms and definitions)
Protected information is information that is the subject of ownership and is subject to protection in accordance with the requirements of legal documents or requirements established by the owner of the information.
The owner of the information may be: a state, a legal entity, a group of individuals, or an individual.
Information protection - the adoption of legal, organizational and technical measures aimed at:
1) to ensure the protection of information from unauthorized access, destruction, modification, blocking, copying, provision, distribution, as well as from other illegal actions in relation to such information;
2) confidentiality of restricted access information;
3) the exercise of the right of access to information.
Information protection from leakage is an activity aimed at preventing the uncontrolled dissemination of protected information as a result of its disclosure, unauthorized access to information and receipt of protected information by intelligence agencies.
Protection of information from unauthorized influence is an activity aimed at preventing the impact on protected information in violation of established rights and (or) rules for changing information, leading to its distortion, destruction, blocking access to information, as well as loss, destruction or malfunction of the information carrier.
Protection of information from unintended impact is an activity aimed at preventing the impact on protected information of user errors, failures of technical and software tools of information systems, natural phenomena or other measures that are not aimed at changing information, leading to distortion, destruction, copying, blocking access to information, as well as loss, destruction or malfunction of the carrier information.
Information protection from disclosure is an activity aimed at preventing unauthorized communication of protected information to consumers who do not have the right to access this information.
Protection of information from unauthorized access is an activity aimed at preventing the receipt of protected information by an interested entity in violation of the rights or rules of access to protected information established by legal documents or by the owner, owner of the information.
An interested entity carrying out unauthorized access to protected information may be: a state; a legal entity; a group of individuals, including a public organization; an individual.
Protection of information from intelligence is an activity aimed at preventing the receipt of protected information by intelligence.
Note. Obtaining protected information can be carried out by both foreign and domestic intelligence.
Information protection from technical intelligence is an activity aimed at preventing the acquisition of protected information by intelligence using technical means.
Protection of information from intelligence agents is an activity aimed at preventing the receipt of protected information by intelligence agents.
The purpose of information protection is a pre-planned result of information protection. The purpose of information protection may be to prevent damage to the owner, owner, user of information as a result of possible information leakage and (or) unauthorized and unintended impact on information.
The concept of information protection is the main idea that reveals the composition, content, relationship and sequence of technical and organizational measures necessary to achieve the goal of information protection.
The effectiveness of information protection is the degree to which the results of information protection correspond to the set goal.
An information protection effectiveness indicator is a measure or characteristic for evaluating the effectiveness of information protection.
Information protection efficiency standards are the values of information protection efficiency indicators established by regulatory documents.
Concepts related to the organization of information protection
Information protection organization - the content and procedure of actions aimed at ensuring the protection of information.
Information protection system is a set of bodies and (or) performers, information protection techniques used by them, as well as objects of protection, organized and functioning according to the rules established by relevant legal, organizational, administrative and regulatory documents in the field of information protection.
An information protection event is a set of actions aimed at the development and (or) practical application of methods and means of information protection.
An information protection effectiveness control measure is a set of actions aimed at developing and (or) practical application of methods and means to control the effectiveness of information protection.
Information protection techniques - information protection tools, information protection effectiveness control tools, management tools and systems designed to ensure information protection.
The object of information protection is information or a medium of information, or an information process that must be protected in accordance with the intended purpose of information protection.
The method of information protection is the procedure and rules for the application of certain principles and means of information protection.
Categorization of protected information (object of protection) is the establishment of a gradation of the importance of protected information (object of protection).
Information security status control - checking the compliance of the organization and the effectiveness of information protection with the established requirements and (or) information security standards.
All the concepts considered are general methodological and are applicable in general to the theory of information security.
The basic concepts related to the protection of information in information systems are also defined in the Guidance Document of the State Technical Commission "Terms and definitions in the field of protection against access to information".
The established terms are mandatory for use in all types of documentation. There is one term for each concept. The use of its synonyms is not allowed.
