Means of implementing comprehensive information protection
Let's look at the main tools used to create protection mechanisms.
All means of protection are divided into formal (performing protective functions strictly according to a predetermined procedure without direct human participation) and informal (determined by purposeful human activity or regulate this activity).
Technical means are implemented in the form of electrical, electromechanical and electronic devices. The whole set of technical means is divided into hardware and physical.
Hardware is commonly understood as devices that are embedded directly into telecommunications equipment, or devices that are interfaced with similar equipment via a standard interface.
Of the most well-known hardware, it is possible to note schemes for controlling information by parity, schemes for protecting memory fields by key, etc.
Physical means are implemented in the form of autonomous devices and systems. These can be, for example, locks on the doors of rooms where equipment is located, grilles on windows, electronic and mechanical security alarm equipment.
Software tools are software specifically designed to perform information security functions.
The above-mentioned tools formed the basis of protection mechanisms in the first phase of the development of communication security technology in telecommunications channels. At the same time, it was believed that the main means of protection were software. Initially, software protection mechanisms were usually included in the OS, control computers, or database management systems. Practice has shown that the reliability of such protection mechanisms is clearly insufficient. Password protection turned out to be a particularly weak link. Therefore, in the future, the protection mechanisms became more and more complex, involving other means of ensuring security.
Organizational means of protection are organizational, technical and organizational-legal measures carried out in the process of creating and operating telecommunications equipment to ensure the protection of information. Organizational measures cover all structural elements of the system at all stages of their life cycle (construction of premises, system design, installation and commissioning of equipment, testing and operation).
Legislative remedies are determined by the legislative acts of the country, which regulate the rules for the use, processing and transmission of restricted access information and establish liability measures for violation of these rules.
Moral and ethical means of protection are implemented in the form of all kinds of norms that have developed traditionally or are being formed as computing and communications equipment spread in a given country or society. For the most part, these norms are not mandatory, like legislative measures, but failure to comply with them usually leads to a loss of authority and prestige of a person.
So, information security is an important component of Russia's national security. The State's policy in this area of activity is primarily aimed at organizing the protection of state secrets and developing the legal framework for information protection. Legal protection of information acts as one of the most important ways and methods of information protection.
Knowledge of the basics of information security theory will contribute to the competent solution of practical issues of information protection, will be the basis for the professional activity of an information security specialist; The problem of information protection was formulated differently in different historical epochs and is related to politics, economics, technology.
The problem of information security in automated (information) systems was formulated in the mid-70s of the twentieth century and has since undergone significant changes related to the level of development of systems;
A promising way is to provide comprehensive information security, combining a formal and informal approach to solving the problem;
An unambiguous definition of basic concepts in the field of information security is necessary in the interests of both manufacturers and consumers of information systems, as well as for a complete and consistent description of the information protection process.
