Methodology for determining current threats to the security of personal data during their processing

There is a special program for processing personal data - the Personal Data Information System. Due to the fact that recently threats to the security of personal data in information systems have become more frequent, operators who work with personal information about citizens are liable to ensure the confidentiality of this information.

Security

All information processed by specialists is recorded not only in computer media, but also in special statements. To protect all recorded information from encroachments on confidential data, as well as to timely respond to real and potential threats from third parties, the Russian Government has developed a special regulatory document. It received the name "Methodology for identifying current threats to the security of personal data."

One of the main concepts in the document is “security”. According to the norms of the relevant federal law No. 390 of December 28, 2010, security is a state when the interests and rights of a person, society and the whole state that are important for life and health are protected from different types of threats.

The provisions of this regulatory legal act also determine that the objects of security include people, their rights, interests and freedoms, the preservation and development of society, the constitutional foundations of the state.

Since personal information is inseparable from a person, threats to the security of personal data are also types of attacks on the interests of citizens and the country as a whole. Therefore, the protection of personal information is indirectly enshrined in the said law and is one of the strategic directions for the development of society.

Threats

In a general sense, threats are considered to be a combination of factors and conditions that create a danger to the interests of citizens, society and the entire state that are important for life and reduce the degree of security.

In the methodology developed by the Government for determining current threats to the security of personal data, an appropriate definition has been given regarding information about entities. Threats to the security of personal information - a list of factors and conditions that create a danger of intentional or accidental unauthorized nature to data belonging to the category of personal.

As a result of penetration, a change, destruction, dissemination or copying of the personal data of civilians can occur, which entails the emergence of unpredictable consequences.

Also, the legislation in a separate order determines the nature of current threats to the security of personal data. By them is meant the implementation in various ways of information obtained from a particular Information System about a person (s) and its dissemination on Russian territory. The ban on data storage outside the Federation is established by the relevant law No. 152 of July twenty-seventh 2006 in article eighteenth.

The provisions of the relevant standards on the identification of current threats to the security of personal data and article 19 of Law No. 152 proclaim the need to protect personal information from accidental or intentional unauthorized access. In addition, these provisions determine the importance of protecting information from alteration, destruction, copying, blocking or distribution, as well as from other actions of an unlawful nature.

Various types of threats to the security of personal data during their processing in a certain information system in some cases are not only subject to encroachment from the outside, but also the result of unintentional actions by employees of the respective company or consumers who use the services that this organization provides.

In some cases, citizens use the information received for their intended purpose, without the goal of violating the principle of the inviolability of the privacy of a person. In other cases, we are talking about obtaining data through illegal actions carried out by individual citizens and organizations, criminal communities, foreign states or other types of sources.

Various types of current threats to the security of personal data can arise due to leakage of personal information through technical channels. Such channels can be specially created to collect confidential information that is processed in a specially adapted system for this. They can also be a means of intercepting information transmitted through linked channels. In addition, some entities create special channels of speech (acoustic) information for the unlawful use of other people's information.

In addition to technical channels, unauthorized access using the necessary software can be used as a means of stealing someone else’s information.

In order to present in detail all the threats associated with the leakage of personal information through technical channels, the Methodology under consideration establishes a basic model of threats to the security of personal data. This subsection considers not only the types of external intrusions, but also their detailed characteristics.

Based on the consideration of the type of urgent threats to the security of personal data, channels for the leakage of personal information are identified, methodological documents and standards are developed by a special body, the Federal Service for Technical and Expert Control in the Russian Federation.

The sources of various threats carried out by unauthorized gaining access to a list of personal information using a regular or specially created program are specific entities. These include persons who violate their actions regulated in the system for processing and protecting personal information, rules on the delineation of access to confidential information.

According to the methodology for determining the actual threats to the security of personal data, the subjects illegally gaining access to personal information are:

• violators;
• malware carriers;
• hardware bookmarks.

Violators - individuals who intentionally or accidentally commit actions that violate the security of personal data when processing this information using technical means in the information system.

Violators who use various models of threats to the security of personal data are distinguished by the presence of the right to legal access to the room in which the corresponding hardware is located (which provides access to the resource with personal information). According to this criterion, two types of subjects are distinguished:

1. Outsiders are individuals who do not have access to confidential information. Threats are carried out by them from external communication sources used for general use of networks used for international information exchange.
2. Intruders are persons who have access to confidential information. Also in this group are users of personal data processing systems who commit unlawful actions with information while in this system.

If it is a question of storing personal information in a system that works remotely, outsiders will be persons who have the opportunity to improperly access confidential information using special software interventions using internetwork communication protocols.

It consists in creating and using software or algorithmic bookmarks through an automated workstation or terminal device of a data processing system, if these devices are connected to shared access networks.

If there is a use of personal information by an internal intruder, the decisive role is played by the established procedure for admitting employees to the resources of the personal data processing information system and the types of measures used by the organization to control the procedure for conducting the relevant work.

Each of the considered subjects of threats and possible actions on their part are disclosed according to the appropriate methodology for determining the actual threats to the security of personal data.

The detection of threats of unauthorized access to personal information, which is implemented using software and hardware-software types, is based on expert methods. These include surveys of specialists and personnel working in the personal data processing system, as well as relevant officials.

Carrying out checks can be accompanied by the use of special tools (for example, a network scanner) to confirm the presence and location of vulnerable areas in the software and hardware of the system for working with confidential information. Based on the results of the checks, questionnaires of a special type are compiled.

The presence of any of the potential threats considered in the Methodology, as well as the detection of a weak point that can be used to carry out an unauthorized intrusion, confirms the presence of a threat. Based on a written survey indicating the list of sources of possible threats to personal data and the location of the problem links, the basic conditions for the existence of threats in the analyzed system are determined, and then a complete list of current threats to the security of personal data is compiled.

Hazard Classifications

According to documents disclosing the main provisions on the definition of threats to the security of personal data of current and potential types, dangers that threaten personal information from the outside can be classified on the following grounds:

• by places of origin: internal and external;
• based on the implementation: malicious and random;
• by degree of completion: incomplete and implemented;
• by objects of influence: aimed at part of the system for using personal information and those that intend to influence the entire complex.

Each of the considered groups may include actual and potential threats. If the system operator determines that there is even a possible threat, he is obliged to take all necessary actions to protect the information.

Determining the type of potentially dangerous threats

Threats to the security of sensitive data are identified using algorithms developed by computer experts. Two factors are subject to accounting and verification:

• degree of security of the system being checked;
• frequency of use of the specified factor (probability of threat).

First of all, the existing degree of security of a specific information computer network is checked. Based on the results of the audit, a report is drawn up using generalized indicators.

The degree of security of the system and the applicable evaluation criteria depend on the specific operational and technical characteristics. The check is carried out according to three criteria:

• on the territory of accommodation;
• by the presence of access to the Internet (connections to shared access networks);
• legal (built-in to the program) operations.

Security levels in the territory of accommodation

According to the Methodology under consideration, three levels of security of the confidential information processing system are distinguished:

1. Low.
2. Average.
3. Tall.

A low degree of protection is assigned to personal information processing systems that cover several districts, regions, territories and other units of an administrative type at once or the entire state. This also includes networks that integrate several systems within one of the settlements.

The average degree of protection is assigned to corporate systems for processing personal information, which cover various organizations owned by one legal entity and buildings located nearby (local structures).

A high degree of protection is assigned to personal information processing systems that are located in only one building. This situation occurs if the owner owns only one organization, or several organizations have different defense systems.

Availability of connection to shared access networks (access to the Internet)

According to the Methodology under consideration, this parameter also considers threats at three levels of security of the confidential information processing system:

• low;
• average;
• tall.

A low degree of protection is assigned to personal information processing systems that are used with multi-drop access to public networks from a single device.

An average degree of protection is assigned to personal information processing systems using a single-point type of network access.

A high degree of protection is assigned to personal information processing systems that are separated from shared access networks.

The presence of legal (built-in) operations

According to the Methodology under consideration, this criterion implies the allocation of similar three levels of security for the confidential information processing system:

1. Low.
2. Middle.
3. High.

A low degree of protection is assigned to personal data processing systems in which such operations as legal transfer (distribution) and change (modification) of data are present.

The average degree of protection is assigned to personal information processing systems, which have three main functions: recording, sorting and deletion.

A high degree of protection is assigned to personal information processing systems that exclusively search and read.

Frequency of use of the specified factor (probability of threat)

According to Government Decision No. 1119 of 1. 11. 2002, fixing the requirements for the protection of personal data when working with them in the relevant information systems, actual threats are divided into three types:

• threats that are associated with the presence of opportunities not recorded in writing that are carried out when working with information system software;
• threats that are associated with the presence of opportunities not recorded in writing when working with the application software of the information system;
• threats that are not related to the presence of opportunities not recorded in writing in one of the specified types of software information systems.

The type of actual threat is determined by comparing the degree of security of the system being checked and the probability of a threat. The calculation is performed according to the formula: Y = (Y ₁ + Y ₂ ) / 20.

The final value varies from 0 to 0.8 (from the lowest risk to the highest). After the calculations, the real danger of the threat is assessed using a survey of information sector employees.

Basic risk model

The basic model of threats to information security of personal data is an automated list of risks with an analysis of the basic characteristics of the system attached to it, an indication of the ways to implement the risks and highlight the types of relevance.

The specified document is created for the implementation of such purposes:

1. Conducting a subsequent analysis of the degree of protection of the investigated system.
2. Development of measures that will impede the implementation of threats.
3. Monitoring to ensure the appropriate level of protection at various stages of the mechanism.

Private risk model

A private model of threats to the security of personal data is created in order to verify a specific system for working with personal information. It includes the following provisions:

• description of the system under study;
• technical and structural features;
• predicted penetration options (intruder models);
• list of vulnerabilities of the confidential data processing system;
• list of options for implementing threats; consequences of the invasion;
• analysis of each threat (description, probability assessment, category of relevance and danger).

To develop models for a particular system, the personal information operator must analyze the company by checking the documents that characterize the information about the system, then study the purpose and ways of collecting information, as well as a list of operations that are carried out with personal data.

Principles of Risk Model

When creating a specific model of threats to the security of personal data, a sample of which is given below, the system operator must take into account the following principles:

1. – , , ( ).
2. .
3. -, , .
4. .

. . .