Information security levels: concept, basic principles, risk analysis and their elimination

To begin with, we will determine what information is and what is the concept - information protection levels? Information is defined as a reflection of the material (material) world in systems or in the subject in the form of signals and signs. It exists in different forms: as a document, drawing, or text. And also in other forms: sound and light signals, energy and other impulses, etc. Knowledge of the environment, messages about the "world" that a person perceives, can also be safely attributed to the field of information.

We can present information protection or information security (IS) as a combination of measures and technical means aimed at preventing false distortions, destruction and illegal use of information, which can harm the user. The most important goal of information security is to provide security to the system as a whole, its protection and guarantee of accuracy. If it is modified or destroyed, then these destruction must be minimized.

Basic principles

Comprehensive information protection is both the imperative of the time and the most important direction of the development of intelligent systems. It should be built on an integrated approach. This means that all means of information protection should be taken in a single set of interactions.

The first sign of systemic information protection (ISS) against accidental or targeted threats is the principle of "reasonable sufficiency". Since 100% protection does not exist anywhere, therefore, we must strive for the minimum necessary level of protection against accidental external threats. The principle of information integrity is expressed in the safety of its content and structure. Only the user can create and modify data. Confidentiality indicates a restriction of access by external persons to factual information. The principle of accessibility is the ability to obtain the required information for a certain time. The principle of reliability is expressed in the fact that the information is valid belongs to the subject from whom it is received.

Information security measures. Security policy

In order to protect the interests of entities that are united informationally, it is necessary to identify and agree on the following levels of protection:

1. The legislative level of information protection, including the development of laws and documents that promote compliance with security rules.

2. The administrative level of information security (this includes orders and effective actions by the leadership of organizations to protect information systems).

3. The procedural level of systemic protection of information, i.e., security measures focused exclusively on people.

4. The software and hardware level of information security (ZI), which provides control over information systems. Control is implemented by hardware and software.

The basis of a system-object approach to information security is a security policy. It is based on an analysis of the risks inherent in the organization's system. If risks and a strategy are indicated, then a protection program and methods of execution in the field of information security are drawn up.

Formal Protection Features

Features of the study of problems in this area are manifested in the fact that information security levels can be represented both in the form of ZI tools and in the form of additional protection levels. This article discusses the first. The mentioned levels of information protection can be divided into regulatory and technical methods. Normative means include moral and ethical factors and administrative means. Technical are divided into physical, hardware, software and cryptographic methods.

Level Security

The levels of information security are usually divided into:

• Regulatory support (documents and provisions that are mandatory in the field of ZI).
• Organizational support - IS security is provided by the organization’s security service.
• Technical support - the use of technical means to protect information.

The strategic levels of the information security system are formulated as follows:

1. Providing protection to individuals, society and the state.

2. Development of programs and implementation of problems of state governance.

3. Installation of barriers and prohibitions against unwanted access to the sphere of information systems.

Types of levels. Software method

To summarize, the software level of information protection forms the main and important milestone in the policy of current information security. Only software and hardware measures are able to withstand ignorance when legal users use information tools. The software aspect of information security clearly implies such security measures as:

1. Recognition and authentication (authentication) of all active users in terms of education.

2. The use of firewalling to protect network information channels from external threats.

3. Management of access to information at the user level and protection against intrusions into the information network.

4. Cryptographic remedies.

5. Logging and audit of the protection of factual information.

6. Antivirus protection with anti-virus packages.

The present classification of information protection levels is divided according to implementation methods into hardware and software methods; by protection methods (techniques that promote data protection functions); on the stages of installation and execution of programs that are implemented by BIOS.

It is implemented by hardware devices that are schematically integrated into operating systems by other auxiliary applications for various purposes.

Implementation of the main levels

Having analyzed the main levels of information protection, we can focus on the fact that the tasks of information protection are divided into such control types as:

1. The protection of state secrets (secret and other documentary information) regulated by law from all types of destruction and substitution, access to it.
2. The law permits the protection of human rights (of a citizen) on declared informational property. As well as the disposal and management of confidential information.
3. The law provides for the protection of the rights of an entrepreneur in carrying out trade and other activities.
4. The law conciliatory protection of technological and software measures of informatization from malicious influences.
5. The law provides notification protection of fundamental constitutional rights to the secrecy of exclusive correspondence, to comradely negotiations and personal secrets.

Level Definition Aspects

As a factor in understanding and the result of the implementation of security measures, we note that it is customary to determine the levels of information protection in such aspects as:

• Consistency, which involves taking into account all the basic elements, conditions and risks that affect the profitability of the system.
• Complexity, which requires the coordinated use of different means to block the channel of external threats and eliminate weaknesses in the system architecture.
• Continuity, which involves the adoption of functional measures at all positions of the life cycle of the protected system.
• Openness, which implements the effectiveness of classes of algorithms and personal protection mechanisms (but passwords and keys are entered secretly). The source code for all versions of programs can be presented in open form.
• Flexibility of management and application, which is an indisputable advantage for the active user.
• Ease of use of protective crypto signs in such a way that a legal user may not have specialized knowledge.

Conclusion

It must be understood that no formal solutions can ensure complete security in the areas of information systems. But in general, the risks of external threats can be significantly reduced. Defining safety margins is the main condition of the ZI. Maintaining the system in a healthy state is another protection condition.

We hope this article has been informative for our readers.