Integrity as an Aspect of Information Security: an Overview of Modern Apрroaches

2021 ◽  
Vol 12 (8) ◽  
pp. 420-424
Author(s):  
V. A. Galatenko ◽  
◽  
K. A. Kostyukhin ◽  
G. L. Levchenkova ◽  
◽  
...  
Keyword(s):  
Information Security ◽  
Personal Data ◽  
Network Access ◽  
Quality Of Data ◽  
Financial Flows ◽  
Personal Data Protection ◽  
Navigation Data ◽  
Internet Resources ◽  
Everyday Problems

There are three main aspects of the information security: • confidentiality; • availability; • integrity. Nowadays ensuring the confidentiality has ceased to be the dominant requirement, but privacy as an element of confidentiality (or as an independent aspect) attracts, perhaps, the greatest attention both at the legislative (personal data protection) and at the technical (depersonalization of big data) levels. The Internet of Things has defined a new level of accessibility requirements. Network access has come to the fore, without it a (too) smart kettle will not boil water. (Attempts to block some Internet resources led to similar everyday problems.) The number of entities whose integrity needs to be ensured has grown. These are data flows, hardware configurations, logistics chains, and much more. Integrity began to be understood not only as security against unauthorized modification, but also as the quality of data, their completeness and validity. This was the reason for writing this article. In our opinion, there is no systematic presentation of modern approaches to ensuring integrity in the literature and therefore it would be appropriate. It makes no sense to rank the aspects of information security according to their importance, but we would like to emphasize the role of integrity. Integrity turns out to be the most important aspect of information security in those cases when information is a "guide to action" and serves to make decisions. The prescription of medicines, prescribed medical procedures, the set and characteristics of components, the course of the technological process — all these are examples of information, the violation of the integrity of which can literally be fatal. It is also unpleasant to distort official information, whether it is the text of the law or the page of the website of a government organization. Compromising the integrity of the electronic voting process casts doubt on the legitimacy of the authorities. Unauthorized influence on financial flows leads to material losses. Distortion of navigation data can lead to accidents. The article is an overview of modern approaches to ensuring integrity as an aspect of information security. An attempt is made to analyze the relevant models, policies and security mechanisms, as well as their application in different subject areas.

scholarly journals Balancing Personal Data Protection with Other Human Rights and Public Interest: Between Theory and Practice

2020 ◽  
Vol 13 (1) ◽  
pp. 140-162
Author(s):  
Viktoras Justickis
Keyword(s):  
Data Protection ◽  
Real Life ◽  
Personal Data ◽  
Legal Regulation ◽  
Theory And Practice ◽  
Quality Of Data ◽  
Legal Cases ◽  
Personal Data Protection

Abstract The role of balancing in the development and application of European data protection is enormous. European courts widely use it; it is the basis for harmonization of pan-European and national laws, plays a crucial role in everyday data protection. Therefore, the correctness of a huge number of critical decisions in the EU depends on the perfection of the balancing method. However, the real ability of the balancing method to cope with this mission has been subjected to intense criticism in the scientific literature. This criticism has highlighted its imperfections and casts doubt on its suitability to optimize the relation between competing rights. Paradoxically, the everyday practice of balancing tends to ignore this criticism. The limitations of the balancing method are typically not discussed and are not taken into account when considering legal cases and solving practical issues. Thus, it is tacitly assumed that the shortcomings and limitations of the balancing method, which the criticism points out, are irrelevant when making real-life decisions. This article discusses the scope of this phenomenon, its manifestations, and its impact on the quality of data protection decisions based on the balancing method:sub-optimality of these decisions, their opacity, public dissatisfaction with the legal regulation, its instability and low authority The ways of bridging the gap between the practice of balancing and science and broader consideration by the practice of the shortcomings of the balancing method identified during scientific discussions are considered.

scholarly journals National approaches towards implementation of artificial intelligence: Singapore’s experience

2020 ◽  
pp. 62-73
Author(s):  
Ella Gorian
Keyword(s):  
Artificial Intelligence ◽  
Private Sector ◽  
Self Regulation ◽  
National Level ◽  
Personal Data ◽  
Role Of Government ◽  
Normative Documents ◽  
Personal Data Protection ◽  
The Government

The object of this research is the relations in the area of implementation of artificial intelligence technologies. The subject of this research is the normative documents of Singapore that establish requirements towards development and application of artificial intelligence technologies. The article determines the peculiarities of Singaporean approach towards regulation of relations in the indicated sphere. Characteristic is given to the national initiative and circle of actors involved in the development and realization of normative provisions with regards to implementation of digital technologies. The author explores the aspects of private public partnership, defines the role of government in regulation of relation, as well as gives special attention to the question of ensuring personal data protection used by the artificial intelligence technologies. Positive practices that can be utilized in Russian strategy for the development of artificial intelligence are described. Singapore applies the self-regulation approach towards the processes of implementation of artificial intelligence technologies, defining the backbone role of the government, establishing common goals, and involving representative of private sector and general public. Moreover, the government acts as the guarantor of meeting the interests of private sector by creating an attractive investment regime and citizens, setting strict requirements with regards to data usage and control over the artificial intelligence technologies. A distinguishing feature of Singaporean approach consists in determination of the priority sectors of economy and instruments of ensuring systematicity in implementation of artificial intelligence. Singapore efficiently uses its demographic and economic peculiarities for proliferation of the technologies of artificial intelligence in Asian Region; the developed and successfully tested on the national level model of artificial intelligence management received worldwide recognition and application. Turning Singapore into the international center of artificial intelligence is also instigated by the improvement of legal regime with simultaneous facilitation in the sphere of intellectual property. These specificities should be taken into account by the Russian authors of national strategy for the development of artificial intelligence.

scholarly journals Information Security Of Estonia: Experience For Ukraine

2019 ◽  
pp. 26-38
Author(s):  
L.V. Zinych
Keyword(s):  
Information Security ◽  
Critical Infrastructure ◽  
Personal Data ◽  
Information Infrastructure ◽  
Administrative Services ◽  
Personal Data Protection ◽  
The Creation ◽  
The Republic ◽  
The Individual ◽  
Concept Of Information

The article deals with features of information security in the Republic of Estonia. It is noted that the main factors that have helped to increase the level of information security in Estonia are the developed information infrastructure, effective cybersecurity policy and reliable protection of personal data. Cybersecurity depends on a combination of cybercrime, provision of critical infrastructure and e-services, and national defense. In the area of personal data protection, it is reasonable to create a private data market where companies and researchers propose to submit a date of use and license / lease / sale related to offers or license, lease, sell or withdraw their data from use. Analyzing the experience of the Republic of Estonia in information security, there are several factors that have become the basis for the creation of a secure information environment. First, only a comprehensive information policy enables the security of enterprises, institutions, organizations and the state as a whole. Secondly, Estonia has made every effort to ensure cybersecurity (as a component of information security) and has created favorable conditions for the arrival of foreign IT companies with significant capital and innovation. Third, in the context of information security, considerable attention in Estonia is given to the protection and use of personal data, which is carried out as transparently as possible, using digital signatures and encrypted messages. Practical recommendations for Ukraine’s acquisition of Estonia’s information security experience are provided. We believe that raising the level of information security will help a number of the following activities: 1) Create a working group with the involvement of international experts to develop the concept of information security and regulatory support for its activities 2) Ensure the creation of a single national electronic information resource in the concept of information security. 3) Enter a unique national ID for the individual. 4) Create a single secure web portal for electronic services with the possibility of creating electronic offices of individuals for receiving administrative services. Keywords: information security, cybersecurity, information infrastructure, personal data.

scholarly journals Personal data protection as an element of management security of information

2019 ◽  
Vol 2 (1) ◽  
pp. 515-522
Author(s):  
Justyna Żywiołek
Keyword(s):  
Information Security ◽  
Data Protection ◽  
Security Management ◽  
Personal Data ◽  
Systemic Approach ◽  
Information Security Management ◽  
Personal Data Protection ◽  
Standards Of Conduct

Abstract The article highlights the importance of information and the need to manage its security. The importance of information requires a systemic approach, which is why the standards of conduct for managing information security have been approximated. The results of research on information security management in the field of personal data protection have been presented. The research was carried out on a sample of 110 enterprises. The survey was extended to include an analysis of one of the companies subject to the survey. In the following, the case study regarding the production enterprise was also presented.

scholarly journals Personal Data Protection in Russia

2020 ◽  
pp. 95-113
Author(s):  
Alexander Gurkov
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Legal Framework ◽  
Fundamental Rights ◽  
Special Role ◽  
State Control ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
General Data

AbstractThis chapter considers the legal framework of data protection in Russia. The adoption of the Yarovaya laws, data localization requirement, and enactment of sovereign Runet regulations allowing for isolation of the internet in Russia paint a grim representation of state control over data flows in Russia. Upon closer examination, it can be seen that the development of data protection in Russia follows many of the steps taken at the EU level, although some EU measures violated fundamental rights and were invalidated. Specific rules in this sphere in Russia are similar to the European General Data Protection Regulation. This chapter shows the special role of Roskomnadzor in forming data protection regulations by construing vaguely defined rules of legislation.

QUANTITATIVE ASSESSMENT OF OPERATING CHARACTERISTICS OF PERSONAL DATA PROTECTION SYSTEMS IN MEDICAL INFORMATION SYSTEMS

2021 ◽  
pp. 92-102
Author(s):  
Владимир Павлович Гулов ◽  
Виктор Анатольевич Хвостов ◽  
Айжана Михайловна Каднова ◽  
Галина Владимировна Сыч
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Data Protection ◽  
Medical Information ◽  
Personal Data ◽  
Security System ◽  
Medical Information Systems ◽  
Personal Data Protection ◽  
Operational Characteristics ◽  
Protection Systems

На основе анализа практических аспектов защиты персональных данных при автоматизированной обработке в организациях здравоохранения определен круг проблем, касающихся потребительского качества систем защиты информации. Одной из главных проблем защиты персональных данных в медицинских информационных системах является обеспечение своевременной настройки систем защиты информации администратором в соответствии с установленной политикой в организации. При этом ключевой проблемой является формирование условий работы администратора обеспечивающих стопроцентную гарантию реакции администратора на поступление заявок по настройке систем защиты информации, управлению пользователями, правами доступа, парированию угроз различной природы. В условиях отсутствия в настоящее время методических подходов к оценке временных (вероятностных) параметров деятельности администратора безопасности медицинских информационных систем, известных как операционные характеристики систем защиты информации, обеспечить стопроцентное соответствие настроек систем защиты информации текущей политике проблематично. В статье предложен вероятностный показатель для оценки операционных характеристик систем защиты информации. Разработана методика его оценки на основе эксперимента по фиксации движения курсора мыши при выполнении основных действий администратором и распределения его внимания (тепловой карты) по элементам интерфейса системы защиты информации. Представлены результаты оценок операционных характеристик системы защиты информации «Страж NT 3.0», выполненные с использованием предложенной экспериментальной методики Based on the analysis of the practical aspects of personal data protection (PD) during automated processing in healthcare organizations, a range of problems related to the consumer quality of information protection systems (ISS) has been identified. One of the main problems of PD protection in medical information systems (MIS) is to ensure the timely configuration of the information security system by the administrator in accordance with the established policy in the organization. At the same time, the key problem is the formation of the administrator's working conditions that provide one hundred percent guarantee of the administrator's reaction to the receipt of requests for setting up the information security system, managing users, access rights, and countering threats of various nature. In the absence of methodological approaches to assessing the temporal (probabilistic) parameters of the MIS security administrator's activities, known as the operational characteristics of the ISS, it is problematic to ensure that the ISS settings are 100% consistent with the current policy. The article proposes a probabilistic indicator for assessing the operational characteristics of the information security system. A methodology for its assessment was developed on the basis of an experiment on fixing the movement of the mouse cursor when performing basic actions by the administrator and distributing his attention (heat map) among the elements of the information security interface. The results of evaluations of the operational characteristics of the SZI "Ctrazh NT 3.0" carried out using the proposed experimental method are presented

scholarly journals Theoretical aspects of the protection of personal data of employees of the enterprise by the method of pseudonymization

2020 ◽  
Vol 210 ◽  
pp. 11001
Author(s):  
Andrey Gazizov ◽  
Evgeny Gazizov ◽  
Svetlana Gazizova
Keyword(s):  
Information Security ◽  
Data Protection ◽  
General Trend ◽  
Low Cost ◽  
Enterprise Systems ◽  
Personal Data ◽  
Ideal Solution ◽  
Deep Dive ◽  
Personal Data Protection ◽  
Tools And Methods

The topic of pseudonymization of personal data has shown, that theoretical and methodological basics in sphere of automatized systems have just started to gain general trend. The majority of studies in this sphere are, commonly, about personal data in general, rarely touching the topic of pseudonymization and depersonalization. Therefore, the topic of pseudonymization has not fully assimilated in enterprise systems and has not grown any popularity, because enterprises tend to choose reliable tools and methods of information security while depersonalization is only beginning its way and is not common for big corporations. This leads to disinterestedness in solving known issues and goals of pseudonymization, universal methods have not been researched. However, low cost and simplicity of this method of personal data protection is turning our attention on it and ask ourselves a question: “Should we have a deep dive in it?”. Answer is obvious – yes. Certainly, this method has its disadvantages and it is not an ideal solution. But it certainly should be distributed worldwide.

scholarly journals Personal data protection and access to information: interfaces of Civil Society role in Brazilian legislative process

2021 ◽  
Vol 7 (1) ◽  
pp. 50-66
Author(s):  
Ana Claudia Farranha Santana ◽  
Murilo Borsio Bataglia ◽  
Amanda Nunes Lopes Espiñeira Lemos
Keyword(s):  
Civil Society ◽  
Data Protection ◽  
Personal Data ◽  
Legislative Process ◽  
Access To Information ◽  
Personal Data Protection ◽  
Public Hearings ◽  
Information Law ◽  
The Relationship

The relationship between access to information and personal data protection leads to the relativization of transparency under the argument of a false tradeoff between these two concepts. Based on that, this study’s objective is to understand the role of civil society movements in maintaining the rights of access to information and personal data protection. This research made a qualitative analysis, with a documentary survey and bibliographic review of the main categories presented in the Executive-Legislative relationship and in the theme of advocacy. We observe the role of civil society lobby groups in the Brazilian Access to Information Law legislative process, between 2003 and 2011, and the Brazilian Data Protection Act, between 2012 and 2018, perceive the change of these groups with the foundation of Rights in Network Coalition, in 2016. As a result, the active participation of Civil Society in public hearings has intensified increasingly in public hearings since 2018, specifically on the LGPD, while LAI had participation of civil society in the body’s scope institutionalized.

scholarly journals Development of a Method for Conducting an Audit of the Information Security System

2021 ◽  
pp. 18-27
Author(s):  
Pavel Zaporotskov ◽  
Keyword(s):  
Information Security ◽  
Data Protection ◽  
Personal Data ◽  
Information Resources ◽  
Security System ◽  
Security Audit ◽  
Personal Data Protection ◽  
State Security ◽  
Information Processes ◽  
Innovative Model

Information processes, as well as information resources, manage information of varying degrees of importance for the enterprise. In this regard, the protection of such information is one of the most important procedures in the field of state security, the importance of which is growing every year. The problem of information security – the reliable provision of its safety and the established status of use – is one of the most important problems of our time. The paper considers the existing standards in the field of information security audit. The author has developed an innovative model of audit of the information security system based on the comparison of demand measures of order no. 21 of the FSTEC of Russia and ways of implementation in the subsystem of the information system of personal data protection, the recommendations for inspections of specific measures of protection and used technology audit technical means. The developed method is tested on the example of conducting an audit in “Lama” LLC company. The choice was made to establish the compliance of the organization’s personal data protection system with the requirements of order no. 21 of the FSTEC of Russia. Recommendations have been developed to eliminate the existing shortcomings and inconsistencies by re-equipping the anti-virus protection subsystem and the subsystem of inter-network shielding and protection of communication channels.

PERSONAL DATA PROTECTION IN GENERAL ADMINISTRATIVE PROCEEDINGS

2018 ◽  
Vol 2 (XVIII) ◽  
pp. 199-213
Author(s):  
Agnieszka Kręcisz-Sarna
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
General Data ◽  
Administrative Proceedings

This article aims to draw attention to the duties of personal data protection in general administrative proceedings in the context of the General Data Protection Regulation, which came into force on 25 May 2018. It depicts the subjective, the objective, as well as the territorial scope of the application of GDPR, subsequently referring it to certain procedural steps taken in the course of administrative proceedings. Moreover, deliberations concerning the processing of personal data which takes place within the scope of administrative proceedings, as well as the role of the parties in such proceedings have been presented.

Sign in / Sign up

Export Citation Format

Share Document