Methods of protection against unauthorized access
There are several generalized categories of methods of protection against unauthorized access, in particular:
organizational (including administrative);
technological (or engineering);
legal;
financial;
moral and ethical (or socio-psychological).
The first category includes measures and measures regulated by the internal instructions of the organization operating the information system. An example of such protection is the assignment of secrecy labels to documents and materials stored in a separate room, and control of access to them by employees.
The second category consists of protection mechanisms implemented on the basis of software and hardware, for example, identification and authentication systems or security alarms.
The third category includes measures to control the implementation of regulations of national importance, mechanisms for the development and improvement of the regulatory framework governing information protection issues.
Financial protection methods involve the introduction of special surcharges when working with protected information, as well as a system of deductions and fines for violation of regime requirements.
Moral and ethical methods are not mandatory, but they are quite effective in combating internal violators.
The methods implemented in practice, as a rule, combine elements of several of the listed categories. Thus, access control to premises may represent a relationship between organizational (issuance of permits and keys) and technological (installation of locks and alarm systems) methods of protection.
