In any legal reference book, law is traditionally defined as a system of formally accepted and generally binding rules governing the behavior of people in a given society with certain moral principles, the implementation of which ensures the necessary authority of the state. The legal basis for the protection of information is regulated by such state and regulatory acts as the Constitution and laws of the Russian Federation, as well as administrative, civil and criminal law.
Organizational protection of information of an enterprise is based on the norms of information law. Compliance with these can be seen by creating a specialized document on the legality of applying data protection, on the duties of personnel to strictly follow protection measures , as well as on personal responsibility for failure to comply with established measures.
The legal document contains the following rules:
- The presence of obligations and provisions for the protection of information in all organizational documents - in job descriptions, in labor contracts and in the internal rules.
- Informing all employees and obligatory bringing to their attention the provisions on responsibility for the dissemination and disclosure of classified data, for the falsification of documents and their unauthorized destruction.
Legal protection of information obliges any enterprise to persons who begin to work to clarify all the provisions on the restrictions associated with their obligations in this area.
Legal protection of information implies the following regulatory rules:
- At any functioning facility, the confidentiality regime must be established without fail.
- Access to data must be distinguished.
- Legal protection of information should have material support.
- Confidential data should be clearly identified as the main subject of protection.
Each specific enterprise independently develops legal and regulatory documents that ensure its information security. These include the following:
- Regulation on trade secrets.
- Regulation on the protection of personal data.
- Information Security Policy.
- Instructions on the procedure for admission to information constituting confidential information.
- Obligations of employees to maintain confidential data.
- Memos to workers on maintaining trade secrets.
- Regulation on information document management and paperwork.
The above acts prevent cases of unlawful disclosure of classified information.
Data protection. Ways
Legal protection of information is carried out using various techniques and means that ensure confidentiality, accessibility and completeness of information, as well as counteract external and internal threats. Each type of threat has at its disposal certain tricks that the system must be able to recognize.
Information security is ensured by a system of measures that address:
- To prevent threats, that is, the use of preventive measures to ensure information security.
- To neutralize threats that are detected during systematic monitoring and analysis, to the possibility of potential or real danger, to take timely measures to prevent it.
- Differentiation of threats into real and potential, having a criminal orientation.
- Taking appropriate measures to eliminate danger or criminal acts.
- Elimination of illegal actions and the consequences of threats, as well as the return of the status quo.