Москва
+7-929-527-81-33
Вологда
+7-921-234-45-78
Вопрос юристу онлайн Юридическая компания ЛЕГАС Вконтакте

The concept of comprehensive information protection

Обновлено 09.01.2024 05:22

 

Effective information security is possible only on the basis of the integrated use of all known methods and approaches to solving this problem. There are a number of requirements for the concept of comprehensive protection:

1. Development and bringing to the level of regular use of all necessary mechanisms to ensure the required level of information security;

2. The existence of mechanisms for the practical implementation of the required level of security;

3. The availability of means for the rational implementation of all necessary measures to protect information based on the achieved level of development of science and technology;

4. Development of ways to optimally organize and ensure the implementation of all security measures in the process of information processing.

In order to build a concept that meets the entire set of requirements, the theory of information protection has recently been actively developed, including the concepts of protection tasks, means of protection, and protection systems.

The protection function is a set of functionally homogeneous measures that are regularly carried out in an information system by various means and methods in order to create, maintain and ensure conditions objectively necessary for reliable information protection.

A complete set of protection functions:

preventing the occurrence of conditions conducive to the appearance of destabilizing factors;

prevention of the direct manifestation of destabilizing factors;

detection of emerging destabilizing factors;

prevention of the impact of destabilizing factors on the protected information;

detection of the effects of destabilizing factors;

localization of the impact of destabilizing factors;

elimination of the consequences of localized exposure to destabilizing factors.

The completeness of the set of security functions is important for optimizing information security systems. The implementation of protection functions involves the expenditure of resources. Let's denote the amount of resources (for example, cost) spent on the implementation of the i-th protection measure as Ci. The probability of successful implementation of this event Pi depends on the resources spent Pi = Pi (Ci).

If it is necessary to ensure a certain level (probability) of security of information Rz0, then such measures should be chosen that will ensure a level of security not less than the specified one: Rz0 > Rz0.

With this in mind, the task of information protection can be formulated as an optimization one: to determine a list of measures in which a given level of protection is provided at minimal cost. Another statement is also possible: to achieve the highest possible level of information security at a certain level of protection costs.

The implementation of protection functions is achieved by solving protection tasks.