On the problem of technical measures in the system of measures to ensure information security

In theory and in practice, there is a problem of removing uncertainty in the implementation of technical measures due to the unclear right-hand regulation of classification of measures to ensure the security of data automatically processed in information systems. In the article, based on the application of set theory, it is proposed to remove this uncertainty by selecting groups of measures to ensure the security of information. Information protection in the Federal law "on information, information technologies and information protection" is the adoption of legal, organizational and technical measures. However, in practice, in the system of measures to ensure the information security of objects of protection, they are found not only in a "pure" form, but also in a close relationship, interaction with each other (organizational-legal, organizational-technical, technical-legal), and very often can not be implemented independently.

Download Full-text

About cryptographic information protection measures in the implementation of information technology in the solution of management problems in the social and economic systems

National Security and Strategic Planning ◽

10.37468/2307-1400-2021-2020-4-68-78 ◽

2021 ◽

Vol 2020 (4) ◽

pp. 68-78

Author(s):

A. Metelkov

Keyword(s):

Information Technologies ◽

Legal Regulation ◽

Economic Systems ◽

Information Protection ◽

Federal Law ◽

Protection Measures ◽

Basic Law ◽

The Social ◽

Protection Information

In theory and in practice, there is uncertainty in the existence of measures for cryptographic protection of information due to the fuzzy legal regulation of the classification of information protection measures associated with the use of cryptographic methods and encryption (cryptographic) information protection tools to ensure the security of data automatically processed in information systems. Cryptographic methods are widely used not only to protect information from unauthorized access, but also as the basis for a number of modern information technologies. The author proposed to introduce the concept of "cryptographic measures of information protection" into scientific circulation, and to include this concept in the basic law on information protection. Information protection in the Federal Law "About Information, Information Technologies and Information Protection" is the adoption of legal, organizational and technical measures. In the article, based on the application of set theory, a model of groups of measures to ensure information security, including cryptographic ones, is proposed.

Download Full-text

CHOICE OF MEANS OF PROTECTION OF INFORMATION IN STATE INFORMATION SYSTEMS

Interexpo GEO-Siberia ◽

10.33764/2618-981x-2019-9-35-38 ◽

2019 ◽

Vol 9 ◽

pp. 35-38

Author(s):

Valentin Selifanov ◽

Sofya Stepanova ◽

Nikita Strigari

Keyword(s):

Information Systems ◽

Information Security ◽

Information Protection ◽

State Information

The article discusses the features of the choice of information security tools for state information systems. The main types of SPI, which were used on the territory of Russia before, as well as the means used now, are considered. The results of work, carried out by the FSTEC and FSB of Russia, on the introduction of the classification of SPI and measures taken by the GIS operator are presented. Tendencies of development and creation of new means of information protection are defined.

Download Full-text

CURRENT ISSUES OF INFORMATION SECURITY IN THE ACTIVITIES OF THE NATIONAL POLICE OF UKRAINE

Juridical science ◽

10.32844/2222-5374-2020-105-3.23 ◽

2020 ◽

pp. 183-190

Author(s):

І. Є. Іванов

Keyword(s):

Information Systems ◽

Law Enforcement ◽

Information Security ◽

Information Technologies ◽

Public Information ◽

Information Protection ◽

The Law ◽

Definition Of ◽

Definition Of Information ◽

National Police

The article considers topical issues of information security in the activities of the National Police of Ukraine. It is determined that the main problem of information security in the law enforcement sphere arose due to the global contradiction between the possibilities of information technologies and the threats of their use. The settlement of the existing public information relations alone is insufficient, as the legislation does not keep pace with technical progress. The definition of "information security" is considered and the author's definition of this concept is offered. The main normative legal acts regulating the activity of the National Police in this direction are analyzed. It is stated that information security of the National Police of Ukraine is provided in two forms: organizational (related to the circulation, collection, processing, storage, use and protection of information); legal (preparation and approval of regulations (orders, instructions), development of regulations, instructions, algorithms, plans, etc.). The key to information protection is the administration of information systems. The European experience of information protection in the law enforcement sphere is considered. Attention is drawn to the need to implement a system of modern international information security standards ISO / IES series 27000, which is constantly updated. It is theoretically substantiated that: increasing the efficiency of the National Police of Ukraine can be solved through the introduction of a reliable information security system; to achieve the highest level of information security of law enforcement agencies it is necessary not only to improve the current legislation, but also to have a mechanism for its implementation; Security and protection in the information systems of the National Police should be based on a comprehensive approach to building a protection system, which provides for the integration into a single set of necessary measures and means of information protection at all levels of the information system.

Download Full-text

PRACTICAL IMPLEMENTATION OF THE MODEL OF FORMATION OF CADETS' READINESS TO ENSURE INFORMATION SECURITY IN PROFESSIONAL ACTIVITIES

SOCIETY INTEGRATION EDUCATION Proceedings of the International Scientific Conference ◽

10.17770/sie2021vol1.6470 ◽

2021 ◽

Vol 1 ◽

pp. 119-129

Author(s):

Dmitry Dvoretsky ◽

Natalia Kolesnikova ◽

Oksana Makarkina ◽

Kira Lagvilava

Keyword(s):

Information Systems ◽

Information Security ◽

Information Technologies ◽

The State ◽

Practical Implementation ◽

Positive Trend ◽

Pedagogical Tools ◽

Professional Activities ◽

Security Issues ◽

The Stability

The mass introduction of information technologies in the activities of state structures has made it possible to transfer the efficiency of their functioning to a qualitatively new level. Unfortunately, as a means of action, they have characteristic vulnerabilities and can be used not only for good, but also for harm. For the state, as a guarantor of the stability of a civilized society, the issue of ensuring the security of information processing is particularly important. Despite the automation of many information processes, the most vulnerable link in the work of information systems remains a person. A person acts as an operator of information systems and a consumer of information. The entire service process depends on the competence of the operator and the quality of his perception. There are areas of government activity where the cost of error is particularly high. These include ensuring the life and health of citizens, protecting public order and the state system, and ensuring territorial integrity. The specifics of the spheres must be taken into account when ensuring the security of information. This study concerns official activities that are provided by paramilitary groups. Currently, there is a discrepancy in the level of competence of new personnel in the first months of service. The author traces the shortcomings of general and special professional qualities in the field of information security. The purpose of the study is to substantiate certain pedagogical means of forming cadets ' readiness to ensure information security. As forms of theoretical knowledge, we will use the traditional hypothesis and model, as well as functionally distinguishable judgments – problem, assumption, idea and principle. Empirical forms of knowledge will be observation (experimental method) and fixation of facts. To evaluate the effectiveness of the developed pedagogical tools, we use statistical methods: observation (documented and interrogated) and calculation of generalizing indicators. To formulate conclusions, we will use logical methods: building conclusions and argumentation. The approbation of certain pedagogical tools described in this article showed a significant positive trend in terms of competence in information security issues.

Download Full-text

Model and Technique for Abonent Address Masking in Cyberspace

Voprosy kiberbezopasnosti ◽

10.21681/2311-3456-2020-06-2-13 ◽

2020 ◽

pp. 2-13

Author(s):

Vadim Kuchurov ◽

◽

Roman Maximov ◽

Roman Sherstobitov ◽

◽

...

Keyword(s):

Information System ◽

Information Systems ◽

Information Security ◽

Information Exchange ◽

Information Technologies ◽

System Structure ◽

Security Requirements ◽

Kolmogorov Equation ◽

Basic Set ◽

Technical Solutions

Regulators charge to counter information security threats against the structural and functional characteristics of the information system to ensure the information security requirements. These requirements include information system structure and composition, information technologies and functioning characteristics, physical and logical, functional and technological interconnections between information system segments. They order false components of information system emulation as a basic step of protection, as well as information technologies hiding, information system configuration management and its switching to predetermined configuration that provides a protection. However that steps are not included into basic set and they protection aims are reached with compensative assets, formalizing and implementing inhibitory orders and set of organizational and technical measures on threat source. The purpose of research – to disclose and to state main ways of search of new technical solutions for structure masking of distributed information systems in cyberspace implementing masking traffic taking into account the requirements for the timeliness of information exchange. The method of research – operations research in the face of uncertainty, the application of the theory of Markov processes and Kolmogorov equation for solving the problem of increasing the efficiency of masking exchange. The result of research – finding the probabilistic and temporal characteristics of the functioning process of the data transmission network when applying technical solutions for information systems masking in cyberspace. The results obtained make it possible to explicitly implement protection measures aimed at forming persistent false stereotypes among violators about information systems and control processes implemented with their help.

Download Full-text

MODERN TOOLS FOR INFORMATION SECURITY SYSTEMS

NEWS OF THE NATIONAL ACADEMY OF SCIENCES OF THE REPUBLIC OF KAZAKHSTAN ◽

10.32014/2021.2518-1726.2 ◽

2021 ◽

Vol 335 (1) ◽

pp. 14-18

Author(s):

N. Baisholan ◽

K.E. Kubayev ◽

T.S. Baisholanov

Keyword(s):

Information System ◽

Risk Management ◽

Information Systems ◽

Information Security ◽

Information Technologies ◽

Business Processes ◽

Security Audit ◽

Security Systems ◽

Security Models ◽

Methods And Techniques

Efficiency of business processes in modern organizations depends on the capabilities of applied information technologies. The article describes and analyzes the role and features of audit tools and other methodological tools and models in ensuring the quality and security of information systems. The standard’s principles are reviewed, as well as the importance of meeting business needs. In order to protect virtual values in a company’s system environment, the importance of using information security models is revealed. Practical proposals in risk management and information security in information technology are analyzed through the COBIT standard. Measures for protecting the information system of an organization from accidental, deliberate or fake threats are considered. The possibility of using one of the real information security models by the information recipient or provider in accordance with the requirements of external processes is reported. Furthermore, in connection with increase in the number of attack methods and techniques and development of their new tools and vectors, the need to improve and ways to ensure information security are being considered. The essential tasks of security audit are considered, and the stages of their implementation are described. With regard to security of information systems, an analytical model is proposed for determining vulnerability’s numerical value.

Download Full-text

CONFORMITY ASSESSMENT OF INFORMATION PROTECTION TOOLS IN CRITICAL INFORMATION INFRASTRUCTURES OF THE RUSSIAN FEDERATION

Interexpo GEO-Siberia ◽

10.33764/2618-981x-2019-6-1-203-208 ◽

2019 ◽

Vol 6 (1) ◽

pp. 203-208

Author(s):

Julia Isaeva ◽

Valentin Selifanov

Keyword(s):

Information Systems ◽

Information Security ◽

Russian Federation ◽

Conformity Assessment ◽

Information Protection ◽

Critical Information ◽

Information Infrastructures ◽

The Russian Federation

The need for conformity assessment of information security tools at significant objects of critical information infrastructures is demonstrated. In the absence of necessary criteria description for information systems, a possibility of threats implementation appears, which will lead to disruption of functioning of significant objects.

Download Full-text

INFORMATION TECHNOLOGIES - THE CHALLENGE OF THE TIME

The rule-of-law state: theory and practice ◽

10.33184/pravgos-2020.4.2 ◽

2020 ◽

Vol 16 (4-1) ◽

pp. 11-21

Author(s):

Рушана Хазиева ◽

Розалия Юсупова

Keyword(s):

Information Systems ◽

Information Security ◽

Information Exchange ◽

Information Technologies ◽

Negative Consequences ◽

Scientific Methods ◽

Security Issues ◽

Advantages And Disadvantages ◽

General Scientific ◽

Close Cooperation

This article focuses on information technologies and gives their classification. The advantages and disadvantages of the introduction of the latest information, telecommunication and cybernetic technologies are highlighted. The authors draw attention to the necessity to unite efforts of all countries regarding information security. It is emphasized that in modern conditions the information systems of one country are part of the global system, which in turn leads to the vulnerability of information systems and the possibility of external influence on politics and the economy. Purpose of the article: to show the positive and negative consequences of the achievements of information exchange. Methods: general scientific methods of theoretical knowledge, as well as general logical methods and research techniques are used. Results: In modern conditions of globalization and integration of various world systems, information security issues should remain a priority and be considered in close cooperation of all countries.

Download Full-text

Problems of Law Enforcement Practice of Antimonopoly Regulation in Digital Markets as an Indicator of the Need for Legislative Reform on the Competition Protection [

Prologue Law Journal ◽

10.21639/2313-6715.2021.2.9. ◽

2021 ◽

Author(s):

A.V. Bychkov ◽

◽

D.V. Shram ◽

Keyword(s):

Law Enforcement ◽

Russian Federation ◽

Information Technologies ◽

Network Effects ◽

Statistical Data ◽

Digital Technologies ◽

Information Protection ◽

Federal Law ◽

Digital Platforms ◽

The Russian Federation

Based on the analysis of law enforcement practice in the field of antimonopoly regulation in digital markets, the authors justify the necessity of reforming the current legislation on the competition protection, and provide statistical data on the scale of the introduction of digital technologies. It is pointed out that the prevailing forms of competition in the global digital market are either an oligopoly or a duopoly. The article provides an overview of the practice of applying the current Russian competition law in relation to IT companies (Yandex N. V., Apple Inc., Google LLC). The article analyzes the shortcomings of the Draft Federal Law «On Amendments to the Federal Law «On Protection of Competition» («the Fifth Antimonopoly Package of Amendments»), prepared by the Federal Antimonopoly Service of the Russian Federation in 2018, and propose the ways to eliminate the shortcomings of some projected standards. The author points out the need to link the concept «digital platform» with the term «information system», designated in the Law of the Russian Federation «On Information, Information Technologies and Information Protection», and to take as a basis the definition enshrined in the French Law on the Digital Republic of 2016. According to the authors` opinion, the concept «network effects» can appear in the legislation only after they are supported by the results of experimentally tested methods for calculating network effects. It is proposed to legally «link» network effects with the use of big data that restricts competition. The results of successive attempts of the FAS (Federal antimonopoly Service) of Russia to limit or cancel «intellectual immunities» are considered, and the correctness of introducing a rule on the removal of such immunities in certain cases is justified. The cases of unfair competition of digital platforms associated with the manipulation of search results algorithms (including the use of interactive enriched responses) are investigated. The article describes the risks of digital ecosystems, the development of which may exacerbate the issues of dominance, in particular, due to the monopolization of data. It is concluded that the FAS legislative initiatives of the sample of 2018 need to be carefully revised in the context of the new realities of the development of IT markets.

Download Full-text

Methods of Developing Recommendations for Improving the Security of Information Systems

NBI Technologies ◽

10.15688/nbit.jvolsu.2020.3.3 ◽

2021 ◽

pp. 18-22

Author(s):

Natalia Golovacheva ◽

Keyword(s):

Information System ◽

Information Systems ◽

Information Security ◽

Information Technologies ◽

Business Processes ◽

Assessment Tools ◽

Security Assessment ◽

Malicious Attacks ◽

Growth Trend ◽

Security Breaches

With the advent of information technologies, information systems have been widely used in organizations and enterprises. The use of information systems allows optimizing the workforce, automating all or part of business processes. However, the use of information systems requires the development of an information security system to minimize malicious attacks. To reduce the likelihood of malicious attacks, there are a large number of software and hardware-based information security tools. The complexity of computing the distribution of the components of information systems complicates the process of creating and configuring protection systems, the number of threats to security are increasing every year. For a timely response to information security incidents, including attacks, it is necessary to use information system security assessment tools to reduce the risks of security breaches. InfoWath statistics show the growth trend of various types of attacks, both from an external attacker and from an internal one. Therefore, one of the most important tasks is to correctly determine the security of information systems. The paper implements a mathematical model for assessing the security of an information system based on the selected methods. The architecture of the software package for assessing the security of the information system is formed.

Download Full-text