Send your good work in the knowledge base is simple. Use the form below

Students, graduate students, young scientists who use the knowledge base in their studies and work will be very grateful to you.

Posted on http://www.allbest.ru/

INTRODUCTION

1. The main threats to information security

2. Information security of ATS

CONCLUSION

BIBLIOGRAPHY

INTRODUCTION

The development of more and more information technologies, and universal computerization have led to the fact that information security is becoming mandatory, and is one of the characteristics of IP. There is a relatively large class of information processing systems, where the security factor plays an important role (for example, banking information systems).

The security of the information sphere is the protection of the system from accidental or deliberate interference in the normal process of its functioning, from attempts to steal information, modify or physically destroy its components. In other words, it is a way to counter multiple IP impacts.

Information security threat implies actions that lead to distortion, unauthorized use, and possibly even destruction of information resources or software and hardware.

Among the threats to the security of information, there are accidental or unintentional ones. Their consequence can be both hardware failure and incorrect actions of users, involuntary errors in software, etc. The damage from them can be important, and therefore it is important to keep such threats in mind. But in this work we will turn our attention to intentional threats. They then, unlike random ones, have the goal of harming the managed system or users. This is often done for personal gain.

A person seeking to disrupt the operation of an information system or gain unauthorized access to information is usually called a cracker, a hacker. Hackers are trying to find those sources of confidential information that will give them reliable information in maximum volumes with minimum cost to obtain it, using various tricks and techniques. The source of information means a material object that has certain information and which is of interest to intruders or competitors. At present, in order to ensure the protection of information, it is necessary not only to develop protection mechanisms, but undoubtedly to implement a systematic approach using interrelated measures. Today it can be argued that a new modern technology is being born - a technology for protecting information in computer information systems and data transmission networks. Implementation of this technology requires increasing costs and efforts. Nevertheless, with the help of such measures, it is possible to avoid significant losses and damage, with the real implementation of threats to IP and IT.

Purpose of work:

Get acquainted with the information security of the ATS.

Tasks:

1. Identify the main threats to information security.

2. Consider the classification of information security threats.

1. The main threats to information security

In this work, a more complete coverage of threats to the security of subjects of information relations is considered. Nevertheless, it should be understood that scientific and technological progress does not stand still, and this can lead to the emergence of new types of threats, and attackers are able to come up with new ways to overcome security systems, data NSD and disorganization of the NPP operation. (1)

A threat is usually understood as a potentially permissible event or action, process or phenomenon, as a result of which damage to someone's interests may occur.

The main threats include:

* leakage of confidential information;

* compromising information;

* unauthorized use of information resources;

* incorrect use of information resources;

* unauthorized exchange of information between subscribers;

* refusal of information;

* violation of information services;

* illegal use of privileges.

Quite a lot of reasons and conditions that create the prerequisites and the likelihood of misappropriation of confidential information appear due to simple shortcomings of the organization's bosses and their employees. Currently, the fight against information infections presents significant difficulties, since in addition to the absentmindedness of managers, there is and is constantly developing a considerable number of malicious programs, the purpose of which is to damage databases and computer software. The huge number of varieties of such programs does not allow the development of permanent and reliable defense weapons against them.

Classification of such programs:

* logic bombs;

* Trojan horse;

* computer virus;

* password hijacker.

This classification does not cover all possible threats of this type. And since there are simply a huge number of threats, it would be wiser to stop your interest on one of the most common, such as a computer virus.

The architecture of the data processing system (DDS) and the technology of its functioning allow the criminal to find or deliberately form loopholes for hidden access to information, and the variety of even known facts of malicious actions gives sufficient grounds to assume that there are many loopholes or can be formed. (2)

Unauthorized access to information is:

1. Indirect - without physical access to the elements of ODS.

2. Direct - with physical access to the elements of the ODS.

Today, there are the following ways of such access to information: security information internal business

* use of eavesdropping devices;

* remote photography;

* interception of electromagnetic radiation;

* theft of storage media and industrial waste;

* reading data;

* copying of information carriers;

* disguise as a registered user by stealing passwords;

* the use of software traps;

* Acquisition of protected data through a series of legitimate requests;

* the use of shortcomings of programming languages and operating systems;

* deliberate introduction of special blocks such as "Trojan horses" into the program libraries;

* illegal connection to communication lines of a computer system;

* malicious disabling of protection devices.

AU consists of the main structural and functional elements:

* workstations; servers or Host machines; network bridges; communication channels.

From workstations, information processing is controlled, programs are launched, and data is corrected. They are the most accessible network components. So they can be used when trying to commit unauthorized actions.

Both servers (Host - machines) and bridges need protection. The first - as carriers of considerable amounts of information, and the second - as elements where data transformation is performed when agreeing exchange protocols in different parts of the network.

2. ATS information security

In the modern world, built on the widespread use of computer technology, the approach to understanding information has completely changed. The emergence of computers, information began to be perceived as one of the integral parts of the life of any person. Along with this, the outlook on information has changed from enthusiastic to mundane. (3)

What is information? Why does she need processing and, moreover, legal protection?

Information can be divided into legal and non-legal. The first is normative and non-normative.

Regulatory is formed in the sequence of lawmaking activities and is contained in regulatory legal acts. It includes the Constitution of the Russian Federation, Federal Constitutional Laws, Federal Laws, Legislative acts of the constituent entities of the Russian Federation, Decrees of the President of the Russian Federation, Resolutions of the Government of the Russian Federation, various normative acts of executive authorities at all levels, acts of local self-government bodies.

Non-normative formed in the order of law enforcement and law enforcement. With its help, the prescriptions of regulatory legal acts are fulfilled. This information is divided into several large groups:

1. Information about the state of law and order:

2. Information about civil law relations, contractual and other obligations (contracts, agreements, etc.).

3. Information representing the administrative activities of executive bodies and local self-government for the implementation of regulatory requirements.

4. Information from courts and judicial authorities (court cases and court decisions).

5. Law enforcement information.

As you can see, the information security of the internal affairs bodies is the state of protection of the interests of the internal affairs bodies in the information sphere in accordance with the tasks assigned to them. (4)

Essential elements of the information sphere:

1. departmental information and information resources;

2. departmental information infrastructure - means and systems of informatization;

3. the subjects of the execution of information activities - employees of the internal affairs bodies;

4. system of legal regulation.

Particularly significant objects of information security in the law enforcement and judicial spheres include:

1.Resources of federal executive bodies that implement law enforcement functions, judicial bodies, their information and computing centers, which contain information and operational data;

2. information and computing centers, their information, technical, software and regulatory support;

3. information infrastructure.

The greatest danger, in law enforcement and judicial spheres, is carried by external and internal threats.

NS external relate:

* intelligence activities of special services of foreign states, international criminal communities, organizations and groups that collect information about the disclosure of tasks, plans of activities, methods of work and locations of special units and internal affairs bodies;

* functioning of foreign public and private commercial structures trying to gain unauthorized access.

Internal are:

* disruption of the established regulations for the collection, processing, storage and transmission of information stored in filing cabinets and automated data banks and used to investigate crimes;

* lack of legislative and regulatory regulation of information exchange in law enforcement and judicial spheres;

* lack of a holistic methodology for collecting, polishing information, as well as storing information of a forensic, statistical and operational-investigative nature;

* software failures in information systems;

* deliberate acts, as well as errors of personnel working on and maintaining filing cabinets and automated data banks.

The security of information resources and information infrastructure of internal affairs bodies is expressed through the security of their most important properties. Since the subjects of information relations can be damaged by impact on the processes and means of processing information that is critical for them, it becomes absolutely necessary to ensure the protection of the entire information system from illegal intrusion, methods of theft and / or destruction of any components of this system in the process of its activity.

The safety of each component of an automated system (AS) is formed by ensuring its three characteristics:

* confidentiality, which consists in accessibility only to those subjects (users, programs, processes) who have special powers.

* integrity - a property of information, characterized by the ability to resist unauthorized or involuntary destruction, or distortion.

* accessibility, it is possible to get access to the required system component with the appropriate authority at any time without any problems.

Violation of these characteristics poses a threat to the information security of the internal affairs bodies.

We emphasize once again that the most important goal of protecting the AU and, accordingly, the information rotating in it is expressed in the prevention or minimization of damage, as well as disclosure, distortion, loss or illegal duplication of information.

Information security means are a set of legal, organizational and technical means designed to ensure information security. (5)

All information security tools can be divided into two groups:

* formal - these are means that perform their functions to protect information formally, that is, mainly without human participation.

* informal are those based on the activities of people.

Formal means are divided into physical, hardware and software.

Physical - mechanical, electrical, electronic, electronic-mechanical and devices and systems that work autonomously, creating various kinds of obstacles in the way of destabilizing factors.

Hardware rooms are those that are intentionally built into the hardware of a data processing system to solve information security problems.

So, along with the above, a number of measures are taken to implement information security. These include:

* Distribution and replacement of access control details (passwords, encryption keys, etc.).

* Measures to revise the composition and construction of the protection system.

* Executable with personnel changes in the personnel of the system;

* On the selection and placement of personnel (control of those hired, training in the rules of working with information, familiarization with the measures of responsibility for violation of the rules of protection, training, organization of conditions under which it would be unprofitable for personnel to violate their duties, etc.).

* Fire protection, security of premises, access control, measures to ensure the safety and physical integrity of equipment and media, etc .;

* Open and hidden check of the work of the personnel of the system;

* Verification of the use of protection measures.

* Measures to revise the rules for delimiting user access to information in the organization.

And a number of other measures aimed at protecting classified information. In addition to organizational measures, all kinds of technical measures (hardware, software and complex

From this work, we have already understood that in the internal affairs bodies, special attention is paid to the safety of secret information, and the development of great vigilance among workers. Nevertheless, some of them often underestimate the severity of the leakage of such information. They show dishonest attitude and negligence when handling classified documents, and this often leads to the disclosure of classified information, and sometimes to the loss of classified items and documents. At the same time, some employees maintain dubious connections, disclose important information about the methods and forms of work of the internal affairs bodies. The low professional qualities of some workers often lead to a violation of the secrecy of the activities carried out.

CONCLUSION

Statistics show that in all countries the damage caused by malicious acts is constantly growing. Moreover, significant reasons are associated with the lack of a systematic approach. As a consequence, it is necessary to improve complex protection measures. One of the most important tasks for is the organization of anti-virus protection of stand-alone workstations, local and corporate computer networks that process information of limited access.

It can be noted that ensuring information security is a complex task. This is determined by the fact that the information environment is not a simple mechanism where such components as electronic equipment, software, personnel work. (6)

In order to solve this problem, it is necessary to use legislative, organizational, software and technical measures. Neglect of at least one of the points can lead to loss or leakage of information, the price and role of which in the life of modern society is gaining more and more significant meaning.

The use of more efficient information systems is manifested as a prerequisite for the successful operation of modern organizations and enterprises. Information security is one of the most important indicators of the quality of an information system. We can say that the most successful methods in automated systems are virus attacks. They account for about 57% of information security incidents and about 60% of implemented threats from among those recorded and included in statistical reviews.

LISTUSEDLITERATURE

1. Beloglazov E.G. and other Fundamentals of information security of internal affairs bodies: Textbook. - M .: MosU of the Ministry of Internal Affairs of Russia, 2012.

2. Emelyanov G. V., Streltsov A. A. Information security of Russia. Basic concepts and definitions. Study guide / Under total. ed. prof. A. A. Prokhozheva. M .: RAGS under the President of the Russian Federation, 2009.

3. Zegzhda D.P., Ivashko A.M. Fundamentals of information systems security. - M .: Hotline-Telecom, 2010.

4. N.I. Zhuravlenko, V.E. Kadulin, K.K. Borzunov. Fundamentals of Information Security: A Tutorial. - M .: MosU of the Ministry of Internal Affairs of Russia. 2012.

5. The passage of A.N. Ensuring internet security. Workshop: Textbook for universities. - M .: Hotline-Telecom, 2010.

6. Stepanov OA Legal basis for ensuring the protective function of the state in the context of the use of new information technologies: Textbook. Moscow: Academy of Management of the Ministry of Internal Affairs of Russia, 2012.

Posted on Allbest.ru

Correlation of official secrets with other types of secrets

Having defined in the previous paragraph of this study with the basic concepts that ensure the legal process of regulating public relations in the sphere of the turnover of official secrets, one should distinguish between official secrets and other types of secrets that, to one degree or another, intersect or are connected by legal norm with official secrets. As the analysis carried out shows, it is quite a difficult and difficult task to draw a clear line between official secrets and certain types of secrets, since official secrets in some cases are permeated by other secrets, however, such a division is legally necessary in order to finally determine the institution of official secrets and eliminate confusion in interpretation of the norms of legal acts.

In accordance with Art. 139 of the RF PS, an official secret is closely intertwined with a commercial secret. Following the specified norm, information constitutes official or commercial secrets in cases where this information has actual or potential commercial value due to its being unknown to third parties; if there is no free access to this information on a legal basis; if the owner of the information takes appropriate measures to protect its confidentiality. From the above evaluation criteria defining commercial and official secrets, it is rather difficult to separate one type of secret from another. According to the Decree of the President of the Russian Federation of March 6, 1997 No. 188, the difference between official and commercial secrets is that a commercial secret is information related to commercial activities ..., and an official secret is official information, access to which is limited by state authorities ... In order to get a more detailed understanding of the essence of official secrets, one should mention the Decree of the Government of the Russian Federation of November 3, 1994, No. 1233, which approved the Regulation on the procedure for handling official information of limited distribution in federal executive bodies. The regulation is aimed at resolving issues related to the circulation of information in federal executive bodies, as well as in their subordinate enterprises, institutions and organizations. In accordance with the Regulations, non-classified information concerning the activities of organizations, restrictions on the dissemination of which are dictated by official necessity, refers to proprietary information of limited distribution.

Cannot be classified as proprietary information of limited distribution:

Legislative acts establishing the legal status of state bodies, organizations, public associations, as well as the rights, freedoms and obligations of citizens, the procedure for their implementation;

Information about emergency situations, dangerous natural phenomena and processes, environmental, hydrometeorological, hydrogeological, demographic, sanitary-epidemiological and other information necessary to ensure the safe existence of settlements, citizens and the population in general, as well as production facilities;

Description of the structure of the executive authority, its functions, directions and forms of activity, as well as its address;

The procedure for considering and resolving applications, as well as appeals of citizens and legal entities;

Decisions on applications and appeals of citizens and legal entities, considered in the prescribed manner;

Information about the execution of the budget and the use of other state resources, about the state of the economy and the needs of the population;

Documents accumulated in open collections of libraries and archives, information systems of organizations, necessary for the implementation of the rights, freedoms and duties of citizens.

According to the author, the above list of restrictions is not exhaustive. This can be confirmed by the judgment of A.A. Fat Yanova, who expresses concern about the fact that among the categories of information that cannot be subject to restrictions on access, information about the facts of violation of the law by state authorities and their officials is not indicated. This "omission" allows officials to significantly limit access to the materials of official investigations of the negative activities of the state apparatus and other shortcomings. Meanwhile, the maximum possible openness in this matter is one of the fundamental points in improving the activities of public authorities.

In accordance with the Regulations, the heads of federal executive bodies, within their competence, determine the category of officials authorized to classify official information as limited distribution, ensure the organization of protection of official information of limited distribution, etc.

Features of legal protection of official secrets

To understand the essence of the legal institution of official secrets, first of all, as a system of secret education (it is too early to speak about the formation of a subinstitute of referring information to official secrets as a complete scheme), let us turn to the history of its development in domestic legislation. By and large, this system has gradually been isolated from state secrets due to the fact that not all information to which the state restricts access for one reason or another is so valuable that damage from its dissemination should lead to criminal prosecution. The elevation of this into a principle became, in the author's opinion, the yardstick by which state and official secrets were differentiated. Their final normative division took place already in the 70s of the XX century. and received its clearest form in the legal structure proposed by the Instruction on ensuring secrecy in the ministries and departments of the USSR, approved by the Resolution of the Council of Ministers of the USSR dated 05.12.87 No. 556-126, which introduced the integrated concept of state secrets, which were subdivided into state secrets according to their importance and official secrets. This design fully reflected the system of views of that period on the role and place of official secrets in the functioning of the state mechanism.

The most striking refraction of the legal institution for the protection of official secrets in a separate department is the institution of military secrets. Clause "d" of Article 259 of the Criminal Code of the RSFSR 1960 contained, in relation to this institution, the following definition: military secret is military information that is not subject to disclosure, but is not a state secret. We find certain echoes of the existence of this institution in legislation even now. For example, in Article 26 of the Federal Law "On the Status of Servicemen", among the general duties of servicemen there is such as "to be disciplined, vigilant, to keep state and military secrets."

The institution of military secrecy, like the entire institution of official secrecy, carried a rather substantial positive load. The fact is that, as we already know, information constituting a state secret is most often of a generalized nature, i.e. go through several stages from absolutely publicly available information (primary, elementary information) to integrated. At the same time, the process of transforming open information into state secrets cannot and should not be of an abrupt nature. In the process of integration, such stages come when information cannot yet be classified as a state secret, but their open dissemination already poses a certain danger. Let's give an example. According to clause 4 of the List of information classified as a state secret, information describing the state of combat training of troops is a state secret. Should we refer to them as the state of combat readiness of a separate motorized rifle platoon or company? Unlikely. And the battalion, the regiment? There are also doubts. But there will be no doubts about the relevance of information about the division's combat readiness to state secrets. But at the same time, hardly anyone would dare to spread information about the degree of combat readiness of an entire regiment. This is the "niche" of military secrets.

Having understood in the first two paragraphs of this study with the concept of official secrets, the criteria for the relevance of information to the confidential information under study, as well as the properties and features that distinguish official secrets from other types of secrets, one should answer the fundamental question of whether there exists in modern Russian legal science legal institution of official secrets. In this regard, let us remind ourselves that state secrets in the Soviet period were subdivided into state and official secrets according to the following criterion: to designate information constituting a state secret, the stamps "of special importance" and "top secret" were used, to designate official secrets - "secret". Behind such a gradation was a fairly clear qualitative assessment of the potential damage that could result from their illegal dissemination: a sign of the relevance of information to a state secret was damage that could have a negative impact on the qualitative state of the country's military-economic potential; in relation to the official one, it is simply damage to the interests of the state. In principle, the logic can be traced here: the state is personified by the organs of state power, therefore, damage to their interests is damage to the interests of the state.

Unfortunately, the adoption of the Law on State Secrets, having introduced a lot of positive moments, entailed one significant negative consequence - the classification, in accordance with the said Law, of the stamp "secret" to designate exclusively information constituting a state secret, de facto eliminated official secrets as an institution and at the same time created a serious legal uncertainty regarding the qualification of the information previously indicated by him (that is, whether they fall under the regime of restrictions on state secrets or not). It is logical to assume that they do not. On the other hand, the modern approach to classifying information as a state secret, as we already know, sharply reduces the estimated threshold of damage when classifying information to this category to the interests of a particular organization, institution, which allows us to draw the opposite conclusion.

Civil law measures for the protection of official secrets

The consideration of civil law measures for the protection of official secrets by all, without exception, authors80 who study the field of information law, boils down to comparing the definitions of official and commercial secrets established in Art. 139 of the Civil Code of the Russian Federation, and only a few of them provide some analysis of the legal norms for the protection of the studied confidential information. This state of affairs cannot be considered acceptable, especially since Art. 139 of the Civil Code of the Russian Federation in part two directly establishes both the need to protect official and commercial secrets and its methods. Following the legal norm of Part 1 of Art. 139 of the Civil Code of the Russian Federation, it can be concluded that the legislator does not distinguish between the categories "official secret" or "commercial secret", assuming under them information that has actual or potential commercial value due to unknown to third parties, to which there is no legal access and the owner which takes measures to protect its confidentiality. In turn, part 2 of Art. 139 of the Civil Code of the Russian Federation, proclaiming the need to protect the secrets in question, also does not distinguish between its methods. As the results of our research show, not all methods of protection provided for by the Civil Code of the Russian Federation and other laws can be applied to official secrets.

L.A. came to the same conclusion. Trakhtengerts, who points out that the legality of extending the terms of protection of commercial secrets to official ones is questionable. These are diverse concepts. The secrecy of proprietary information, as a rule, is not due to its commercial value (although such information may contain information of a commercial nature).

In this regard, not all methods of protecting official secrets in the internal affairs department can be used, they should be based only on the norms of individual articles of the Civil Code of the Russian Federation and regulatory legal acts that directly establish the responsibility of an internal affairs officer for violation of the official secrecy regime. It should be borne in mind that, as a general rule, civil liability always occurs later than other types of legal liability and therefore is only compensatory in nature, not in all cases affecting the level of protection of official secrets in a proactive manner.

Based on the norms of the second part of Art. 139 of the Civil Code of the Russian Federation, civil law measures for protecting official secrets in the police department can be applied in the following cases: - if an police officer has obtained information that constitutes an official secret by illegal methods, he is obliged to compensate for the losses caused; - if an ATS officer divulged an official secret contrary to the conditions set forth in the contract concluded with him, then he is obliged to compensate for the losses caused.

Hypothetically, it is possible to assume that the police officer obtained information that constitutes an official secret by illegal methods, but how in this situation can one determine the amount of damage caused? The question is far from idle. However, first things first. First, we will determine how an ATS officer can illegally obtain information that constitutes an official secret. With regard to intra-system information containing official secrets, this can only happen if an IAB officer commits a criminal act (for example, theft, illegal entry into the premises, the use of physical force against another IAB officer, which entailed criminal consequences, etc.). Also, it cannot be ruled out that the information located in the ATS and protected by the official secret regime may constitute a commercial secret. This is the conclusion, in particular, of the commentators of the Civil Code of the Russian Federation83. So, A.A. Tarasov points out that information that is a trade secret can become an official secret and vice versa. Following the above reasoning, civil law measures to protect official secrets can be applied, both in connection with the establishment of a criminal law act, and in view of the determination of the fact that there is a commercial secret in the official information.

Secondly, we will determine what losses and how the police officer must compensate in the event of illegal receipt of information that constitutes an official secret. Based on the interpretation of the provisions of Art. 15 and 16 of the Civil Code of the Russian Federation, losses mean expenses that a person whose right has been violated has made or will have to make to restore the violated right, loss or damage to his property (real damage), as well as lost income that this person would have received under normal conditions of civil turnover, if his right had not been violated (lost profits). If the person who violated the right received income as a result, the person whose right was violated has the right to demand compensation, along with other losses, for lost profits in an amount not less than such income.

Administrative and legal protection of official secrets

The transfer of information constituting an official secret to computer networks and systems that have access to public information and telecommunication networks without ensuring appropriate measures to protect information, entails the imposition of an administrative fine on officials - from forty to fifty times the minimum wage; for legal entities - from four hundred to five hundred times the minimum wage ".

Having stated his proposals for improving the system of protecting relations arising in the sphere of official secrets by establishing administrative responsibility, the author cannot ignore the issue of the types and amount of sanctions for these illegal acts.

Some general theory of the magnitude of the sanction, depending on the degree of danger of the coming harmful consequences in relation to the system of the current Code of Administrative Offenses of the Russian Federation, has not yet been created, therefore, the author, formulating the above compositions of administrative offenses, proceeded from the following considerations.

1. The main type of sanction applied in the current Code of Administrative Offenses of the Russian Federation is an administrative fine. In accordance with part three of Article 3.5. of this legislative act "the amount of an administrative fine imposed on citizens and calculated on the basis of the minimum wage may not exceed twenty-five times the minimum wage, for officials - fifty times the minimum wage, for legal entities - one thousand times the minimum wage ". There is an exception to this rule, as applied to legal entities (in the direction of increasing the amount of the fine), but it only affects economic relations, when the amount of the fine should significantly affect the termination of illegal activity, making it unprofitable.

Based on the foregoing, the author also chose a fine as the main administrative sanction. Of all the proposed offenses, the least social danger is the transfer of information constituting an official secret to unaccounted media. The application of an administrative sanction in this case is of a preventive and suppressive nature. Due to this, along with a fine, the author chose the mildest of the types of punishments - a warning, as well as, as an alternative, a medium-level administrative fine (for citizens - from 10 to 15 times the minimum wage, for officials - from 20 to 30 times the minimum wage.

In other cases, the degree of public danger of the act, in the author's opinion, is higher, however, the maximum administrative fine is not offered for all compositions, but only for such offenses when a real threat of leakage of information constituting an official secret is created (loss of media containing such information; use of computer equipment for processing this information without appropriate verification; transfer of information to computer systems that have access to the public network; familiarization of a person who has not passed the procedure for admitting to an official secret with such information).

2. In a number of the above structures, it is proposed to involve legal entities in administrative responsibility. In the current Code of Administrative Offenses of the Russian Federation, the level of sanctions in relation to these subjects is traditionally increased. As a result of the analysis of the norms of the Code, the author came to the conclusion that the usual practice of designing sanctions is to increase the amount of the fine applied to a legal entity ten times higher than that applied to an official. This is the approach that was chosen to determine the lower and upper boundaries of such legal measures.

3. With regard to the issue under consideration, the system of vesting jurisdictional powers for the Internal Affairs Directorate should slightly differ from that provided for by the Code of Administrative Offenses of the Russian Federation in relation to the existing compositions.

Due to the absence of the fundamental Federal Law of the Russian Federation "On Official Secrets", which could clarify the establishment of the powers and duties of state authorities to protect official secrets, as well as the absence of such powers in the regulatory legal acts regulating the activities of the Department of Internal Affairs, we consider it expedient to make an addition in the Law "On the Police", concerning the powers of the Department of Internal Affairs to protect official secrets and the corresponding obligations to fulfill the established requirements. If such changes are made, then, according to the author, it is advisable to refer the drafting of protocols on administrative offenses and the consideration of cases on administrative offenses within the framework of the above compositions to the jurisdiction of the Department of Internal Affairs. And in relation to such a composition of administrative offenses as "Use for processing information constituting an official secret, computer equipment that has not passed mandatory verification" and "Unlawful transfer of information constituting an official secret to computer systems that have access to public information and telecommunication networks" the right to draw up protocols and consider cases of these administrative offenses should be assigned to the Department of Internal Affairs and the bodies of the State Technical Commission of Russia within their competence.

Information security in the activities of internal affairs bodies: theoretical and legal aspect

As a manuscript

Velichko Mikhail Yurievich

INFORMATION SECURITY IN OPERATIONS

BODIES OF THE INTERNAL AFFAIRS: THEORETICAL AND LEGAL ASPECT

Specialty 12.00.01 - theory and history of law and

states; history of doctrines about law and state

PhD in Law

Kazan - 2007 2

The work was carried out at the Department of Theory and History of State and Law of the State Educational Institution of Higher Professional Education “Kazan State University named after IN AND. Ulyanov-Lenin "

supervisor Doctor of Law, Professor Gorbachev Ivan Georgievich

Official opponents:

Honored Lawyer of the Russian Federation, Doctor of Law, Professor Aleksandrov Aleksey Ivanovich Doctor of Law, Professor Medvedev Valentin Grigorievich

Leading organization State educational institution of higher professional education "Moscow University of the Ministry of Internal Affairs of Russia"

The defense of the thesis will take place on September 20, 2007 at 14:00 at a meeting of the Dissertation Council K 212.081.01 on the defense of dissertations for the degree of candidate of legal sciences at the State Educational Institution of Higher Professional Education “Kazan State University named after IN AND. Ulyanov-Lenin "(420008, Kazan, Kremlevskaya st., 18, room 324).

The thesis can be found in the scientific library. N.I.

Lobachevsky State Educational Institution of Higher Professional Education “Kazan State University named after

Scientific Secretary of the Dissertation Council, Candidate of Legal Sciences, Associate Professor G.R. Khabibullina

I.

GENERAL DESCRIPTION OF WORK

Relevance topics of dissertation research. As a result of the implementation of socio-economic transformations over the past years, society and public relations in Russia have moved to a qualitatively new state, characterized, in particular, by a strong coalescence of government bodies, business organizations and criminals, which dictates an urgent need to revise the functions and tasks of law enforcement agencies, security agencies national security, economic security and law enforcement forces.

The transition to a new state of Russian society is inextricably linked with the emergence of new challenges and threats to both national security in general and its most important components - economic and public security. The emergence of these threats against the background of a strong backwardness and insufficient development of the Russian legislative framework is associated, first of all, with the accelerated capitalization of economic relations of society, the rapid development of market relations, the close integration of Russia into global world economic relations, the globalization of the world economy, globalization and transnationalization of crime in the main important spheres of public relations, the emergence and development of international terrorism, etc.

All this requires serious reflection and the development of new mechanisms for organizing counteraction to national and transnational crime.

A necessary condition for the socio-economic development of the Russian Federation is a decrease in the crime rate. The existing state, the applied law enforcement mechanisms and means of combating modern crime do not fully correspond to the state and dynamics of the spread of organized crime, the shadow economy and economic crime, drug trafficking and human trafficking, terrorism and extremism, and corruption.

The information revolution contributes to the creation and inclusion in the socio-economic system of such flows of information that may be quite sufficient for the effective resolution of most modern global and regional socio-economic problems, to ensure rational nature management, harmonious economic, political, social and cultural-spiritual development of society and its safety. The same advances in the field of information are fully used by crime, which is basically large-scale and organized, covering entire regions and even the entire territory of the country, going beyond its borders, has great opportunities to access information, technical and financial resources, their build-up and use in their illegal activities.

These circumstances necessitate a radical rethinking of existing views and the development of new conceptual approaches to the problem of information security, the fight against such new phenomena as cybercrime and cyberterrorism in order to ensure national security.

The relevance of the study of legal and organizational and managerial mechanisms for ensuring information security of internal affairs bodies in the context of the integration of information systems of law enforcement agencies and special services is also due to the fact that issues of the theory of information protection were traditionally considered, as a rule, from a technical standpoint or in relation to previously existing and well-established organizational systems.

A number of studies note that the problem of ensuring the protection of information is often narrowed down to the problem of ensuring the protection of only computer information. So, O.V. Genne rightly believes that a coherent consideration of a number of aspects of information security is necessary to implement an effective approach 1.

The formation of an information security regime is a complex problem in which four levels can be distinguished: legislative (laws, regulations, standards, etc.); administrative (general actions taken by management); procedural (security measures aimed at monitoring compliance by employees with measures aimed at ensuring information security); software and hardware (technical measures).

Based on this, there is a need to develop theoretical provisions and methodological principles for ensuring information security by internal affairs bodies. The scientific and practical problem of complex consideration of issues of state and legal regulation and organizational management in the field of ensuring information security of law enforcement agencies is of particular importance. All this determined the relevance of the research topic and the range of issues under consideration.

The state of knowledge of the problem. The issues of state regulation in the information sphere began to be largely addressed in scientific publications only in the second half of the 20th century, when the international exchange of scientific and technical achievements began to develop at an accelerated pace. The following Russian scientists have made a great contribution to this area: V.D. Anosov, A.B. Antopolsky, G.T. Artamonov, P.I. Asyaev, Yu.M. Baturin, I.L. Bachilo, M. Boer, A.B.

Vengerov, M.I. Dzliev, G.V. Emelyanov, I.F. Ismagilov, V.A. Kopylov, V.A.

Lebedev, V.N. Lopatin, G.G. Pocheptsov, M.M. Rassolov, I.M. Rassolov, A.A.

Streltsov, A.D. Ursul, A.A. Fatyanov, A.P. Fisun and others. Among foreign See: OV Genne. Basic Provisions steganography // Information protection Confidential. S.20-25.

scientists in this direction can be noted the work of R. Goldsheider, I. Gerard, J. Mayer, B. Markus, J. Romari, S. Phillips and others.

Purpose and tasks dissertation research. The purpose the research is to clarify the theoretical and legal provisions, methodological principles of ensuring information security of internal affairs bodies, information confrontation and effective information counteraction to criminal structures using legal and law enforcement mechanisms.

In accordance with the formulated goal, the following tasks were set in the work:

Research and clarify the theoretical and methodological foundations of state and legal regulation in the field of information protection and organization of information security of internal affairs bodies;

Determine ways to improve legal mechanisms for protecting information, organizational measures and management decisions to combat computer crimes;

Reveal the role of legal and organizational mechanisms for protecting information in information support systems for the activities of internal affairs bodies;

To develop proposals on the formation of organizational and legal mechanisms for ensuring information security of internal affairs bodies.

The object of the dissertation research is the information security of the internal affairs bodies.

The subject of research are the legal and organizational management mechanisms for ensuring the information security of the internal affairs bodies.

The theoretical and methodological basis of the dissertation research was the theoretical and methodological development of economic and information security, information protection.

The research is based on the systemic methodology developed by V.N. Anischenko, B.V. Akhlibininsky, L.B. Bazhenov, R.N. Baiguzin, B.V. Biryukov, V.V. Bordyuzhe, V.V. Verzhbitsky, G.G. Vdovichenko, V.A.

Galatenko, A.P. Gerasimov, I.I. Grishkin, D.I. Dubrovsky, L.A. Petrushenko, M.I. Setrov, A.D. Ursul, G.I. Tsaregorodtsev and others.

The theoretical and legal basis of the dissertation research was the works of scientists in the field of criminal law, criminology, the theory of law of informatics, including the works of S.S. Alekseeva, Yu.M. Baturina, N.I. Vetrova, V.B. Vekhova, B.V. Zdravomyslova, V.V. Krylova, V.N.

Kudryavtseva, Yu.I. Lyapunova, A.V. Naumova, S.A. Pashina, A.A. Piontkovsky, N.A. Selivanova, A.N. Trainina, O.F. Shishova.

During the research, dialectical, formal-legal, comparative-legal, abstract-logical, analytical methods were used, methods of applied, special disciplines (criminal law, statistics, computer science, information security theory) were used.

The normative and legal basis of the study was the provisions of international legislation, the legal framework of the Russian Federation on the protection of information, the Criminal Code of the Russian Federation and regulatory legal documents based on them.

a comprehensive analysis of the legal and organizational mechanisms for ensuring the information security of the internal affairs bodies.

Scientific novelty research consists in the very formulation of the problem and the choice of the range of issues to be considered. This dissertation is the first work in domestic legal science devoted to information security of law enforcement agencies of the Russian Federation, the basis of which is formed by the internal affairs bodies of the Ministry of Internal Affairs of Russia. For the first time, it analyzes modern threats to national security in the information sphere, emanating from organized national and transnational crime, corruption, terrorism, extremism and the criminal economy, substantiates the role and place of information security in the overall system of ensuring national security. For the first time, a comprehensive analysis of the goals, tasks, functions and powers of the internal affairs bodies in the field of combating computer crimes and cyber terrorism, ensuring information security in operational and service activities has been carried out. On the basis of an interrelated assessment of the state of the operational situation and the nature of crimes in the information sphere, the scale, forms, methods and means of information counteraction to law enforcement agencies from the side of criminality, the position on finding the internal affairs bodies in a state of information war with various types of crime, primarily organized and economic. Proposals are formulated on the directions of improving the state and legal regulation of relations in the field of ensuring information security of internal affairs bodies and the development of current legislation.

research lies in their focus on solving the problems facing the internal affairs bodies to ensure the rule of law and law and order, the security of the state, society and the individual.

contribute to the implementation of a coordinated state policy in the field of ensuring national and information security, the gradual improvement of state and legal regulation of relations between the internal affairs bodies in the field of information protection, countering computer crime and cyber terrorism.

The conclusions and recommendations of the applicant were used to substantiate state-legal measures and mechanisms for ensuring information security of internal affairs bodies, to prepare reports to the leadership of the Ministry of Internal Affairs of Russia and to the highest executive bodies of the Russian Federation on security issues.

The theoretical developments of the applicant can serve as the basis for further scientific research in the field of ensuring the national security of the Russian state and society, and can also be used in the educational process of higher educational institutions and research institutions of the Ministry of Internal Affairs of Russia.

Provisions for Defense... In the course of the research, a number of new theoretical provisions were obtained, which are submitted for defense:

In modern conditions, the information security of society, the state and the individual is, along with other types of security, including economic, the most important component of national security.

Threats to the country's information security, the sources of which are modern national and transnational criminal communities, in their totality and scale of impact, covering the entire territory of the country and affecting all spheres of the life of society, undermine the foundations of the national security of the Russian Federation, causing significant damage to it.

The internal affairs bodies of the Ministry of Internal Affairs of Russia are an important component of the forces and means of countering information encroachments by criminal communities on the rights and freedoms of citizens, the security of the state, society and the individual.

In the current state of crime, which is basically large-scale and organized, covers entire regions and even the entire territory of the country, going beyond its borders, it has great opportunities to access information resources and weapons, build them up and use them in their illegal activities, it is impossible ensure information security of internal affairs bodies only through the use of protective equipment and mechanisms. In these conditions, it is necessary to conduct active offensive (combat) actions from offensive means in order to ensure superiority over crime in the information sphere.

information warfare with both national and transnational criminal communities, the specific content and main form of which is information warfare using information and computing and radio equipment, radio intelligence, information and telecommunication systems, including space communication channels, geoinformation systems and other information systems , complexes and means.

The evolution of the legal regime, organizational foundations and the actual activities of the internal affairs bodies to provide information to cyber terrorism has been strongly affected by changes in the political and socio-economic situation of the country. The developed and implemented approaches to "forceful" enforcement of law and order and security in conditions of high activity of organized criminal communities require a radical rethinking of existing views and the development of new conceptual approaches to the problem of state-legal regulation of relations in the field of information security, the fight against cyber terrorism in order to ensure national security ...

The general social nature of the activities of the internal affairs bodies, the need for clear legal regulation of their activities in the special conditions of waging an information war against large-scale organized crime require the creation of an appropriate state-legal regime and its reflection in the fundamental political and regulatory legal documents. Therefore, the information security of the Russian Federation, the law of the RSFSR "On security" seems to be logically justified by the provisions regarding the concept of "information war" and the conditions for the use of information weapons in the fight against cyber crime and cyber terrorism, as well as the expansion of the range of powers of employees of the internal affairs bodies in the law of the RSFSR "On police "in terms of special conditions for the use of information weapons in order to effectively counter organized crime in the event of direct threats to the information security of society and the state.

the provisions of this work were discussed at the scientific-practical conference "Institutional, economic and legal foundations of financial investigations in the fight against terrorism" (Academy of Economic Security of the Ministry of Internal Affairs of Russia, 2006), the interdepartmental round table "Actual problems of legislative regulation of operational investigative activities of law enforcement agencies" and interdepartmental scientific conference "Topical issues of the theory and practice of operational investigative activities of the internal affairs bodies to combat economic crimes", the All-Russian scientific-practical conference "Counteracting the legalization of proceeds of crime: problems and their ways All-Russian Research Institute of the Ministry of Internal Affairs of Russia, 2007).

The material of the dissertation research was used in the preparation of specialized lectures on the problems of responsibility for committing crimes in the field of computer information at advanced training courses for bodies to combat economic crimes.

The main provisions and conclusions of the dissertation are presented in six scientific publications.

The volume and structure of the dissertation research. The structure and scope of the thesis determined by the purpose and objectives of the study. It consists of an introduction, three chapters with eight paragraphs, a conclusion and a bibliography.

II. BASIC THE CONTENT OF THE WORK

the degree of its scientific elaboration is revealed, the object, subject, purpose and objectives of the research are determined, the main provisions for defense are formulated, the theoretical and methodological foundations are substantiated, the scientific novelty and practical significance of the research are revealed, information on the approbation of its results is provided.

Chapter I. Theoretical and legal foundations of information security Chapter 1 is devoted to the study and theoretical understanding of the category of "information security", as well as the legal nature of this phenomenon, the principles that form the content of information security, which is an independent research area.

national security: nature, essence, place in the categorical apparatus of the general theory of law ”- is a general theoretical legal basis for the concept of information security.

information security of the Russian Federation, approved by the Decree of the President of the Russian Federation dated September 9, 2000 No. Pr-1895. Information security is understood as the state of protection of national interests in the information sphere, which are determined by a set of balanced interests of the individual, society and the state.

develops the Concept of National Security of the Russian Federation, approved by the Decree of the President of the Russian Federation of December 17, 1997 No.

No. 1300 (as amended by the Decree of the President of the Russian Federation of January 10, 2000 No. 24), in relation to the information sphere. The National Security Concept notes that the most important tasks of ensuring the information security of the Russian Federation are:

implementation of constitutional rights and freedoms of citizens of the Russian Federation in the field of information activities;

infrastructure, integration of Russia into the global information space;

information sphere.

The importance of ensuring the information security of the state can be demonstrated by any examples of a negative nature observed in the process of the deformation of the Russian economy, it is enough to point out the default of 1998. Solving the problems of ensuring the security of the struggle in the information sphere is not limited only to protecting channels and government communications, information and other issues, which are usually considered when analyzing a set of threats and a system of measures to ensure information security. Information security in the economic sphere also includes the security of information systems for managing industry, industries (including the defense complex), enterprises, and banks.

represent information technologies, a new direction in science has appeared - information security. The influence of threats in the information sphere is increasingly directed at the interests of the individual, society and the state. At the same time, the impact on the personality in order to reduce the activity of communications. The informational impact on the economic system is growing, including the financial sphere (for example, information attacks against national currencies and stock markets that swept the world in the late 1990s), stock markets with a game to reduce the capitalization of enterprises, and then buy them at a lower price combined with the dissemination of information to create a negative image of a competitor, etc.

Information threats to the state through the spread and implementation of the ideology of international terrorism and separatism pose a particular danger.

The second paragraph - "Organizational and legal basis for ensuring information security" - provides an analysis of organizational decisions that regulate the sphere of ensuring information security of the individual, society and the state.

Organizational and legal support of information security of information security, as well as the creation, functioning of systems of organizational and legal support are: development of the basic principles for classifying information of a confidential nature as protected information; determination of the system of bodies and officials responsible for ensuring information security in the country, and the procedure for regulating the activities of an enterprise and organization in this area; creation of a full complex of regulatory and legal guidance and methodological materials (documents) regulating the issues of ensuring information security both in the country as a whole and at a specific facility; determination of liability measures for violations of protection rules and the procedure for resolving disputes and conflict situations on information protection issues.

The legal aspects of the organizational and legal support for the protection of information is understood as a set of laws and other normative legal acts, with the help of which the following goals would be achieved: all rules for the protection of information are mandatory for all persons dealing with confidential information; all measures of responsibility for violation of information protection rules are legalized;

legalized (gaining legal force) technical and mathematical solutions to issues of organizational and legal support for the protection of information, and also legalized procedural procedures for resolving situations that develop during the functioning of the protection system.

The development of a legislative base for information security of any state is a necessary measure that satisfies the primary need for information protection in determining the socio-economic, political, and military directions of development of this state. Special attention on the part of Western countries to the formation of such a base is caused by all crimes, which forces them to seriously deal with issues of legislation on the protection of information. So, the first law in this area in the United States was adopted in 1906, and by now there are already more legislative acts on the protection of information, liability for its disclosure and computer crimes.

Legal support for the protection of information in the Russian Federation is being developed in three areas: protection of individual rights to private life, protection of state interests and protection of entrepreneurial and financial activities.

The structure of the regulatory framework on information security of the Russian Federation includes: the Constitution of the Russian Federation, constitutional federal laws, federal laws, decrees of the Government of the Russian Federation; departmental regulations, GOSTs, governing documents. Federal laws include:

informatization and information protection ”,“ On the legal protection of programs for electronic computers and databases ”,“ On participation in international information exchange ”,“ On communication ”,“ On commercial secrets ”, etc.

Chapter II. Information security threats in business In the second chapter the factors, conditions and phenomena that are or may be sources of threats to information security in the activities of internal affairs bodies are analyzed.

criminality "- is devoted to the study of the mechanisms of criminal impact, the forecasting and assessment of criminal situations.

led to the fact that modern society is largely dependent on the management of various processes through computer technology, electronic processing, storage, access and transmission of information. According to the Bureau of Special Technical Measures of the Ministry of Internal Affairs of Russia, more than 14 thousand crimes related to high technologies were recorded last year, which is slightly higher than the year before last. Analysis of the current situation shows that about 16% of cybercriminals operating in the "computer" area of crime are young people under the age of 18, 58% - from 18 to 25 years old, and about 70% of them have higher or incomplete higher education ...

Studies have shown that 52% of the identified offenders had special training in the field of information technology, 97% were employees of state institutions and organizations using computers and information technologies in their daily activities, 30% of them were directly related to the operation of computer equipment.

According to unofficial expert estimates, out of 100% of criminal cases initiated, about 30% go to court, and only 10-15% of the defendants serve their sentences in prison. Most cases are re-qualified or terminated due to insufficient evidence. The real state of affairs in the CIS countries is a question from the realm of fantasy. Computer crimes refer to crimes with high latency, reflecting the existence in the country of that real situation when a certain part of the crime remains unaccounted for.

In the second paragraph - "Information terrorism: concept, legal qualification, means of counteraction" - a theoretical and legal analysis of the category "information terrorism" is carried out, the threats and methods of cyber terrorism are determined.

The increasingly spreading technological terrorism, of which information or cyber terrorism is an integral part, poses a serious threat to the entire world community.

The targets of terrorists are computers and specialized systems created on their basis - banking, stock exchange, archival, research, management, as well as means of communication - from direct television broadcasting and communication satellites to radio telephones and pagers.

The methods of information terrorism are completely different from the traditional ones: not the physical destruction of people (or its threat) and the elimination of material assets, not the destruction of important strategic and economic objects, but a large-scale disruption of the operation of financial and communication networks and systems, partial destruction of the economic infrastructure and the imposition of power structures of your will.

The danger of information terrorism is growing immeasurably in the context of globalization, when telecommunications are acquiring an exclusive role.

In the conditions of cyber terrorism, a possible model of terrorist influence will have a "three-stage" appearance: the first stage is the advancement of political demands with a threat, if they are not met, to paralyze the entire economic system of the country (at least, that part of it that uses computer technology in its work), the second is to carry out a demonstration attack on the information resources of a sufficiently large economic structure and paralyze its action, and the third is to repeat the demands in a more severe form, relying on the effect of a demonstration of force.

A distinctive feature of information terrorism is its cheapness and complexity of detection. The Internet system, which linked computer networks around the planet, changed the rules for modern weapons. The anonymity provided by the Internet allows a terrorist to become invisible, as a result, practically invulnerable and not risking anything (primarily life) during a criminal action.

The situation is aggravated by the fact that crimes in the information sphere, including cyber terrorism, entail significantly less punishment than for the implementation of "traditional"

terrorist attacks. In accordance with the Criminal Code of the Russian Federation (Art.273), the creation of computer programs or changes to existing ones, destruction, blocking, modification or copying of information, disruption of the operation of computers, computer systems or their networks, as well as the use or distribution of such programs or machine media with such programs is punishable by up to seven years' imprisonment.

For comparison, in the United States, laws punish unauthorized entry into computer networks with imprisonment for up to 20 years.

terrorism is the creation of an effective system of interrelated measures to identify, prevent and suppress such activities. Various anti-terrorist bodies are working to combat terrorism in all its manifestations. The developed countries of the world pay special attention to the fight against terrorism, considering it to be almost the main danger to society.

The third paragraph - "Information war: organizational and legal support of state countering cyber crime" - examines the concept, nature, means of waging information war and ways to ensure effective information countermeasures to crime.

Threats to the country's information security, the sources of which are transnational communities, in their totality and scale of impact covering the entire territory of the country and affecting all spheres of life of society, make it necessary to consider the struggle between organized crime and law enforcement agencies called upon to resist it, primarily the internal affairs bodies, as an information war, the main form of waging which and its specific content are information warfare with the use of information and computing and radio equipment, means of electronic intelligence, information and telecommunication systems, including space communication channels, geographic information systems and other information systems, complexes and means.

In the conditions of the current state of crime, it is impossible to ensure information security in the activities of the internal affairs bodies only on the basis of the use of protective means and mechanisms. In these conditions, it is necessary to conduct active offensive (combat) actions from offensive means in order to ensure superiority over crime in the information sphere.

The emergence and development of new large-scale phenomena in the life of the country and society, new threats to national security from the underworld, which has at its disposal modern information weapons, and new conditions for the implementation of operational and service activities of the internal affairs bodies, determined by the needs of waging information war with national and transnational basically organized crime, determine the need for appropriate legislative, state-legal regulation of relations in the field of information security of the state in general and the internal affairs bodies in particular.

the implementation of law enforcement activities in the context of an information war with the underworld is proposed, in particular:

Expand the range of powers of employees of internal affairs bodies in the Law of the Russian Federation "On Militia" in terms of special conditions for the use of information weapons in order to effectively counter organized crime in the event of direct threats to the information security of society and the state, as well as supplement the Concept of National Security of the Russian Federation and the Doctrine of Information Security Of the Russian Federation regarding the concept and conditions for the use of information weapons in the fight against cyber crime and cyber terrorism.

Chapter III. The main directions of improving the regulatory and organizational support of information security in the activities of internal affairs bodies; improvement of legal regulation and organizational and management support of information security in the activities of internal affairs bodies.

The first paragraph - "State legal regulation in the field of combating computer crimes" - defines the measures of passive and active counteraction to cybercrime.

The main measures of a state-legal nature to ensure information security, carried out, among other things, by the internal affairs bodies, are proposed to include: the formation of a regime and protection in order to exclude the possibility of secret penetration into the territory where information resources are located; determination of methods of working with employees in the selection and placement of personnel; work with documents and documented information, including the development and use of documents and carriers of confidential information, their accounting, execution, return, storage and destruction;

determination of the procedure for using technical means for collecting, processing, accumulating and storing confidential information; creation of a technology for analyzing internal and external threats to confidential information and developing measures to ensure its protection; systematic control over the work of personnel with confidential information, the procedure for accounting, storage and destruction of documents and technical media.

information security and the state information protection system allows us to highlight the most important powers of the internal authorities for the comprehensive protection of information resources, as well as the information and telecommunications structure of the state; prevention and resolution of offenses in the information sphere; protection of other important interests of the individual, society and the state from external and internal threats.

In the second paragraph - "Improvement of the legal framework for the protection of information of the internal affairs bodies" - directions and ways of improving the legislation on the protection of information of the internal affairs bodies are determined.

Legal protection of information as a resource is recognized at the international and state levels. At the international level, it is determined by interstate treaties, conventions, declarations and implemented by patents, copyright and licenses for their protection. At the state level, legal protection is regulated by state and departmental acts.

The main directions of the development of Russian legislation in order to protect the information of the internal affairs bodies should be attributed to:

information infrastructure of the internal affairs bodies to critical and ensuring their information security, including the development of these objects used in the information infrastructure;

Improvement of the legislation on operational-search activities in terms of creating the necessary conditions for conducting operational-search activities in order to identify, prevent, suppress and disclose computer crimes and crimes in the field of the use by the internal affairs bodies of information about the private life of citizens, information constituting personal, family, official and commercial secrets; clarification of the composition of operational-search measures;

Strengthening responsibility for crimes in the field of computer information and clarifying the elements of crimes, taking into account the European Convention on Cyber Crime;

Improvement of criminal procedural legislation in order to create conditions for law enforcement agencies to ensure the organization and implementation of prompt and effective crime prevention, carried out using information and telecommunication technologies to obtain the necessary evidence.

The third paragraph - "Organizational, managerial and legal mechanism for protecting information in the activities of internal affairs bodies: ways of further development" - discusses the main directions of improving the organizational and legal aspects of information protection in the activities of internal affairs bodies.

Organizational and managerial measures are a decisive link in the formation and implementation of comprehensive information protection in the activities of internal affairs bodies.

When processing or storing information, the internal affairs bodies are recommended to carry out the following organizational measures within the framework of protection against unauthorized access: identification of confidential information and its documentation in the form of a list of information to be protected; determination of the procedure for establishing the level of authority of the subject of access, as well as the circle of persons to whom this right is granted;

establishment and execution of access control rules, i.e. a set of rules governing the access rights of subjects to protected objects;

familiarization of the subject of access with the list of protected information and its level of authority, as well as with organizational, administrative and working confidential information; receiving from the access object a receipt on non-disclosure of confidential information entrusted to it.

In accordance with the Law of the Russian Federation "On the Police", to the nationwide reference and information funds of operational and forensic accounting. The performance of these functions is carried out by information and technical units of the services of the Ministry of Internal Affairs of Russia in cooperation with units of the criminal police, public security police, penitentiary institutions, other law enforcement agencies, government agencies and organizations in charge of public security issues, as well as law enforcement agencies (police) of other states.

Information interaction in the field of combating crime is carried out within the framework of the laws of the Russian Federation "On operational and investigative activities", "On security", "On accounting and accounting activities in law enforcement agencies", the current criminal and criminal procedural legislation, international agreements of the Ministry of Internal Affairs of Russia in the field of exchange information, Regulations on the Ministry of Internal Affairs of Russia, orders of the Minister of Internal Affairs of Russia.

Research has shown that the conceptual provisions for ensuring information security of law enforcement agencies should include requirements for the transition to a unified legal framework governing the use of information in the fight against crime. At the same time, in the system of the Ministry of Internal Affairs, instead of a large group of departmental acts, it is proposed to introduce three groups of normative legal documents on information support: sectoral, general use; branch, by service lines; regulatory and legal documentation of the local level of government on local applied problems of information support of the territorial body of internal affairs.

the ways of further improving the mechanism of ensuring information security in the activities of the internal affairs bodies are outlined.

1. Velichko M.Yu. Topical issues in the fight against cybercrime:

legal aspects / M.Yu. Velichko // Legal world. - 2007. - No. 8. - P.87- (0.4 pp.).

2. Velichko M.Yu. Information security in the activities of internal affairs bodies: Scientific. ed. / M.Yu. Velichko. - M .: Publishing house of INION RAN, 2007 .-- 130 p. (8.125 pp.).

security in the activities of internal affairs bodies (theoretical and legal aspect) / M.Yu. Velichko // Anti-money laundering:

Sat. scientific. works. - M .: RIO AEB of the Ministry of Internal Affairs of Russia, 2007. - S. 132-136 (0.275 pp.).

4. Velichko M.Yu. Computer crimes on the Internet / M.Yu.

Velichko // Topical issues of theory and practice of operational-search activity of internal affairs bodies to combat economic crimes: Collection of articles. scientific. works. - M .: RIO AEB of the Ministry of Internal Affairs of Russia, 2007. - S. 220p.l.).

Institutional, economic and legal foundations of financial investigations in the fight against terrorism: Sat. scientific. works. - M .: RIO AEB of the Ministry of Internal Affairs of Russia, 2006 .-- S.205-218 (0.8 pp.).

6. Velichko M.Yu. Possible threats to economic security in the informatization of society / M.Yu. Velichko // Problems of ensuring economic security, counteracting the shadow economy and undermining the economic foundations of terrorism: Sat. scientific. report - M .: RIO AEB of the Ministry of Internal Affairs of Russia, 2005. - P.192-199 (0.45 pp.).

Similar works:

“Obukhova Natalya Igorevna STATE POLICY AND REALITIES OF DEVELOPMENT OF HIGHER AND SECONDARY SPECIAL EDUCATION OF UDMURTIA IN THE POST-WAR DECADE (1946-1956). Udmurt Republic Scientific adviser: Doctor of Historical Sciences, Professor - K. A. Ponomarev Official ... "

"FARRAKHOVA Aigul Yurisovna PEDAGOGICAL CONDITIONS OF ORGANIZATION OF JOINT EDUCATIONAL ACTIVITIES OF CHILDREN WITH VARIOUS STATES OF PHYSICAL HEALTH 13.00.01 - general pedagogy, history of pedagogy and education ABSTRACT State of the dissertation of a candidate of higher education in a pedagogical institution of higher education in a pedagogical institution of higher education in 2004 in a pedagogical institution of higher education. Medical University Scientific adviser ... "

«Pozdeev Igor Leonidovich Problems of ethnic socialization (on the example of the Udmurt ethnos) Specialty - 07.00.07 - ethnography, ethnology, anthropology Abstract of the dissertation for the degree of candidate of historical sciences Izhevsk - 2005 The work was done at the Udmurt Institute of History, Language and Literature of the Ural Branch of the Russian Academy Science Supervisor: Doctor of Historical Sciences, Professor Nikitina Galina Arkadyevna Official opponents: Doctor ... "

“Ibneeva Guzel Vazykhovna Formation of the imperial policy of Russia in the second half of the 18th century: the experience of political interaction between Catherine II and the imperial space Specialty 07.00.02 - Domestic history Author's abstract of the dissertation for the degree of Doctor of Historical Sciences Kazan - 2007 The work was done at the Department of National History until the 20th century of the State educational institution of higher professional education Kazan State ... "

“TUMAKOV Denis Vasilievich CRIMINAL CRIME AND FIGHT AGAINST IT IN THE YEARS OF THE GREAT PATRIOTIC WAR 1941-1945. (ON THE MATERIALS OF THE YAROSLAVSK REGION) Specialty 07.00.02 - Domestic history ABSTRACT of the dissertation for the degree of candidate of historical sciences Yaroslavl-2010 P.G. Demidova Doctor of Historical Sciences, Professor Scientific Supervisor: Fedyuk ... "

«Historical research ABSTRACT of the thesis for the degree of Candidate of Historical Sciences Kazan 2006 The work was carried out at the Center for the History of Russian Feudalism of the Institute of Russian History of the Russian Academy of Sciences. Scientific adviser: Doctor of Historical Sciences, V. n. with. Institute of Russian History RAS Bychkov ... "

“Anna Sergeevna Klimutina PROSE POETICS BY ANATOLY KOROLYOVA: TEXT AND REALITY Specialty 10.01.01 - Russian literature Author's abstract of the dissertation for the degree of candidate of philological sciences Tomsk - 2009 The work was done at the Department of the History of Russian Literature of the XX century, GOU HPE Tomsk State University. Scientific adviser: candidate of philological sciences, associate professor Tatyana Leonidovna Rybalchenko Official opponents: doctor of philological sciences, professor ... "

«VODKIN MIKHAIL YURIEVICH Problems of reception of the Roman property right in the European codifications of the XIX-XX centuries. Specialty: 12.00.01 - Theory and history of law and state; history of doctrines about law and state Abstract of a dissertation for the degree of candidate of legal sciences Kazan, 2007 The work was done at the Department of Theory and History of State and Law of the Municipal Educational Institution Nayanova University, Samara. Scientific adviser: doctor ... "

"Gumirova Nadezhda Mikhailovna Organizational and pedagogical conditions for the formation of college students' readiness for correctional work in preschool educational institutions. Specialty 13.00.01 General pedagogy, history of pedagogy and education. educational systems Supervisor: Doctor of Pedagogical Sciences, ... "

“TUKTAROVA Roza Ibragimovna PEDAGOGICAL CONDITIONS OF HUMANIZATION OF LIFE AND PEDAGOGICAL EDUCATIONAL SPACE OF FUTURE PREVOLOGICAL PUPILS 13.00.01 - general pedagogy, history of pedagogy and education ABSTRACT of the dissertation of the candidate of the scientific degree pedagogical sciences, ... "

"MAKSIMOVA SVETLANA NIKOLAEVNA DEVELOPMENT TRENDS OF THE TEACHING OF ANCIENT LANGUAGES IN THE RUSSIAN CLASSICAL COLLEGE OF THE XIX - BEGINNING OF THE XX CENTURY 13.00.01 - general pedagogy, history of pedagogy and education ABSTRACT of the dissertation for the degree of candidate of pedagogy and pedagogy university. Scientific adviser: Candidate of Pedagogical Sciences, Associate Professor Kondratyeva Marina ... "

“Abstract of the dissertation for the degree of candidate of legal sciences Kazan - 2007 2 The work was carried out at the Department of Theory and History of State and Law of the State Educational Institution of Higher Professional Education Kazan State University named after IN AND. Ulyanov-Lenin Scientific adviser: ... "

"Bayazitova Rozaliya Rafkatovna Traditional etiquette in a Bashkir family. Specialty 07.00.07 - ethnography, ethnology, anthropology. Thesis abstract for the degree of candidate of historical sciences. Izhevsk - 2006. Of the Russian Academy of Sciences Supervisor - Candidate of Historical Sciences, Honored Worker of Culture of the Republic ... "

“Roman Sergeevich Markunin LEGAL RESPONSIBILITY OF DEPUTIES AND REPRESENTATIVE AUTHORITIES: GENERAL THEORETICAL ASPECT 12.00.01 - theory and history of law and state; history of doctrines about law and state ABSTRACT of the thesis for the degree of candidate of legal sciences Saratov - 2013 2 The work was done in the Federal State Budgetary Educational Institution of Higher Professional Education Saratov State Law Academy ... "

"Kalachikova Olga Nikolaevna MANAGEMENT SUPPORT OF EDUCATIONAL INNOVATIONS IN THE ACTIVITIES OF TEACHERS OF A GENERAL EDUCATIONAL SCHOOL 13.00.01 - general pedagogy, history of pedagogy and education Abstract of a dissertation for the degree of candidate of state pedagogical sciences Tomsk 2009 The work was done at the Department of Education Management, GOU professor Scientific adviser Prozumentova Galina Nikolaevna doctor ... "

SALIMOVA SULPAN MIDKHATOVNA Implementation of the principle of conformity to nature in the preparation of a future teacher 13.00.01 - general pedagogy, history of pedagogy and education ABSTRACT of the dissertation for the degree of candidate of pedagogical sciences Izhevsk - 2005 Doctor of Pedagogy Professor Kozlova ... "

"Zolotareva Natalya Vladimirovna THE PHENOMENON OF ANTHROPOMORPHIZATION IN THE TRADITIONAL CULTURE OF OB UGROVS (XVIII - XX centuries) Specialty 07.00.07 - Ethnography, Ethnology and Anthropology ABSTRACT of the dissertation for the degree of Candidate of Historical Sciences Tomsk 2012 Work performed at the Department of Natural History state budgetary educational institution of higher professional education National research ... "

“Strelkova Irina Vitalevna Formation of the philological culture of students in educational activities 13.00.01 - general pedagogy, history of pedagogy and education ABSTRACT of the dissertation for the degree of candidate of pedagogical sciences Izhevsk 2004 The work was done at GOU VPO Udmurt State University Scientific adviser: Doctor of Pedagogy, Professor A .N. Utekhina Official opponents: Doctor of Pedagogy, Professor M.A. Kondratyev; ... "

"Historical research ABSTRACT of the dissertation for the degree of candidate of historical sciences KAZAN - 2006 2 The work was carried out at the Department of National History until the XX century of the Faculty of History of the State Educational Institution of Higher Professional Education Kazan State ..."

“Strelnikova Anna Borisovna F. SOLOGUB - TRANSLATOR OF POETRY P. VERLEN Specialty: 10.01.01 - Russian literature Abstract of the dissertation for the degree of candidate of philological sciences Tomsk - 2007 The work was done at the Department of the History of Russian Literature of the XX century, Faculty of Philology, GOU VPO Tomsk State University, Candidate Philological Sciences, Associate Professor Scientific Supervisor: Zinaida Anatolyevna Chubrakova Official opponents: Doctor of Philology ... "

Fundamentals of Information Security

Introduction

National security is the state of protection of the vital interests of the individual, society and the state from internal and external threats.

Vital interests are a set of needs, the satisfaction of which reliably ensures the existence and opportunities for the progressive development of the individual, society and the state.

Security threat - a set of conditions and factors that create a threat to the vital interests of the individual, society and the state.

Ensuring security is a unified state policy, a system of measures of an economic, political, law-making (other) nature, adequate to threats to the vital interests of the individual, society and the state.

Security protection - direct impact on the object of protection.

Security protection - a set of ensuring and protecting security measures.

Information security is the state of protection of the country's national interests (the country's national interests are vital interests based on a balanced basis) in the information sphere from internal and external threats.

That is why information security issues are relevant especially recently.

The purpose and objectives of the work is a detailed study of individual aspects of information security.

1 Types and content of threats to information security

Sources of threats to the information security of the Russian Federation are divided into external and internal. External sources include:

activities of foreign political, economic, military, intelligence and information structures directed against the interests of the Russian Federation in the information sphere;
the desire of a number of countries to dominate and infringe on Russia's interests in the global information space, to oust it from the external and internal information markets;
aggravation of international competition for the possession of information technologies and resources;
activities of international terrorist organizations;
increasing the technological gap between the leading powers of the world and building up their capabilities to counter the creation of competitive Russian information technologies;
activities of space, air, sea and ground technical and other means (types) of intelligence of foreign states;
the development by a number of states of concepts of information wars, providing for the creation of means of dangerous influence on the information spheres of other countries of the world, disruption of the normal functioning of information and telecommunication systems, the safety of information resources, obtaining unauthorized access to them 1 .

Internal sources include:

the critical state of domestic industries;
an unfavorable crime situation, accompanied by tendencies for the merging of state and criminal structures in the information sphere, for criminal structures to gain access to confidential information, increase the influence of organized crime on the life of society, reduce the degree of protection of the legitimate interests of citizens, society and the state in the information sphere;
insufficient coordination of the activities of federal government bodies, government bodies of the constituent entities of the Russian Federation in the formation and implementation of a unified state policy in the field of ensuring information security of the Russian Federation;
insufficient elaboration of the regulatory legal framework governing relations in the information sphere, as well as insufficient law enforcement practice;
underdevelopment of civil society institutions and insufficient state control over the development of the information market in Russia;
insufficient funding of measures to ensure information security of the Russian Federation;
insufficient economic power of the state;
decrease in the efficiency of the education and training system, insufficient number of qualified personnel in the field of information security;
insufficient activity of the federal bodies of state power, bodies of state power of the constituent entities of the Russian Federation in informing the society about their activities, in explaining the decisions made, in the formation of open state resources and the development of a system of citizens' access to them;
Russia's lag behind the leading countries in the world in terms of informatization of federal government bodies, government bodies of constituent entities of the Russian Federation and local government bodies, credit and finance, industry, agriculture, education, health care, services and everyday life of citizens 2 .

2 Technical implementation of the ATS information security concept

The information used in the internal affairs bodies contains information about the state of crime and public order in the serviced territory, about the bodies and units themselves, their forces and means. In the duty units, operatives, district police inspectors, investigators, employees of forensic departments, passport and visa machines, and other divisions, on primary registration documents, in accounting journals and on other media, data arrays of operational search and operational reference purposes are accumulated, which contain information:

about offenders and criminals;
about the owners of motor vehicles;
about the owners of firearms;
about events and facts of a criminal character, offenses;
about stolen and confiscated things, antiques;
as well as other information to be stored.

Services and divisions of the internal affairs bodies are characterized by the data:

about the forces and means at the disposal of the body;
on the results of their activities.

The above information is used when organizing the work of units and taking practical measures to combat crime and delinquency.

In the information support of the internal affairs bodies, the central place is occupied by records, which are used to register primary information about crimes and the persons who committed them.

Accounting Is a system for registering and storing information about persons who have committed crimes, about the crimes themselves and related facts and objects.

Accounting for crimes subordinate to the Ministry of Internal Affairs of Russia covers 95% of criminal manifestations and gives a fairly complete picture of the operational situation in the country and its regions.

In Russia as a whole, in recent years, using the information contained in the records, from 19 to 23% of crimes committed, or almost every fourth of the total, have been disclosed through the criminal investigation.

In the USSR, in 1961, the Instructions for registration in the internal affairs bodies were introduced. Under the Ministry of Internal Affairs of the USSR in 1971, the Main Scientific Information Center for Information Management (GNITSUI) was created, later renamed into the Main Information Center (GIC), and information centers (IC) were created in the Ministry of Internal Affairs and the Internal Affairs Directorate.

The main information center is the largest bank of operational reference and search information in the system of the Ministry of Internal Affairs of Russia. It is entrusted with the task of providing bodies and institutions of internal affairs with various information - statistical, search, operational reference, forensic, production and economic, scientific and technical, archival. These are unique, multidisciplinary centralized arrays of information, with a total of about 50 million accounting documents.

In the surname operational reference file on convicted persons, over 25 million registration documents are concentrated, and in the fingerprint card file - 17 million, the GIC has a unique database on computer media containing statistical reports of the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate, the Internal Affairs Directorate for 50 forms for the period from 1981 to 1992 and in retrospect until 1974 3 .

Information centers of the Ministry of Internal Affairs, ATC are the most important link in the information support system of the internal affairs bodies of the Russian Federation. They bear the main burden in providing information support to the internal affairs bodies in the disclosure and investigation of crimes, and the search for criminals.

Information centers are the main divisions in the system of the Ministry of Internal Affairs, ATC, UVTD in the field of informatization: providing statistical, operational reference, operational investigative, forensic, archival and other information, as well as computerization and construction of regional information and computer networks and integrated data banks. Information centers perform their duties in close cooperation with the departments of the Ministry of Internal Affairs, the Internal Affairs Directorate, the Internal Affairs Directorate and the Gorrailin organs, as well as the Main Information Center of the Ministry of Internal Affairs of Russia.

With the help of the accounts, information is obtained that helps in the disclosure, investigation and prevention of crimes, the search for criminals, the identification of unknown citizens and the ownership of the seized property. They are formed in the municipal authorities, the IC of the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate according to the territorial (regional) principle and form the federal accounts of the Main Information Center of the Ministry of Internal Affairs of Russia. In addition, registrations are available in passport machines.

Along with the records in the internal affairs bodies, forensic centralized collections and card indexes are kept, which are created and stored in the forensic centers (EKTs) of the Ministry of Internal Affairs of Russia (federal) and forensic departments (EKU) of the Ministry of Internal Affairs, GUVD, ATC (regional). EKU and EKC collections and filing cabinets are focused primarily on ensuring the detection and investigation of crimes.

The operational reference, search and forensic information accumulated in records, collections and card files is called criminal information.

Accounting is classified according to functional and object characteristics.

Functionally, the accounts are divided into three groups: operational reference, search, forensic.

On the basis of the object, the accounts are divided into persons, crimes (offenses), objects.

The main operational reference and search information is formed in the city railing authorities. Part of it settles on the spot, and the other is sent to the IC and GIC to form a single data bank.

The information base of the Ministry of Internal Affairs system is built on the principle of centralized accounting. It is made up of operational reference, search and forensic records and card indexes, concentrated in the Main Information Center of the Ministry of Internal Affairs of Russia and the Information Center of the Ministry of Internal Affairs, ATC, UVDT, and local records of Gorrailin organs. In general, their arrays are estimated at about 250-300 million accounting documents.

Centralized operational reference, forensic and search records have the following information about Russian citizens, foreigners and stateless persons:

conviction, place and time of serving the sentence, date and grounds for release;
movement of convicts;
death in places of imprisonment, change of sentence, amnesty, number of the criminal case;
place of residence and place of work prior to conviction;
detention for vagrancy;
blood group and fingerprint formula of convicts.

Fingerprint registration makes it possible to establish the identity of criminals, arrested, detained, as well as unknown sick and unidentified corpses. Fingerprint card indexes have 18 million fingerprint cards. They receive over 600 thousand requests, for which about 100 thousand recommendations are issued. The information in the files contributed to the disclosure of crimes or the identification of a person in 10 thousand cases. Nowadays, these are mainly hand-held filing cabinets. 4 .

The accounts of the internal affairs bodies, depending on the method of information processing, are divided into three types: manual, mechanized, automated.

Automated records consist of a number of automated information retrieval systems (AIPS). The accumulation and processing of criminal information with the help of AIPS is carried out in regional banks of criminal information (RBKI).

In accordance with the new tasks, the GIC of the Ministry of Internal Affairs of Russia in November 2004 was transformed into the Main Information and Analytical Center of the Ministry of Internal Affairs of Russia. In the system of internal affairs bodies, the Main Information and Analytical Center (GIAC) of the Ministry of Internal Affairs of Russia is the head organization in the following areas:

information support with statistical, operational reference, investigative, forensic, archival and scientific and technical information;
operational-analytical and information support of operational-search activity, as well as information interaction for the exchange of operational information with other subjects of operational-search activity;
planning, coordination and control of the processes of creation, implementation, use, development in the system of the Ministry of Internal Affairs of Russia of modern information technologies, automated information systems of general use and operational-investigative nature, integrated public data banks, computer equipment and system software for them;
maintenance and development of the Unified system of classification and coding of technical, economic and social information.

The main tasks of the GIAC of the Ministry of Internal Affairs of Russia are:

providing the leadership of the Ministry, subdivisions of the system of the Ministry of Internal Affairs of Russia, state authorities of the Russian Federation, law enforcement agencies of other states with statistical information on the state of crime and the results of operational and service activities of internal affairs bodies, as well as operational reference, search, forensic, archival, scientific technical and other information;
formation in the internal affairs bodies of a unified system of statistical, operational reference, investigative, forensic accounting, automated data banks of centralized accounting, all-Russian and sectoral classifiers of technical, economic and social information;
creation, implementation and development of modern information technologies in the system of the Ministry of Internal Affairs of Russia in order to increase the efficiency of using the accounts by the internal affairs bodies;
control over the activities of the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate of the constituent entities of the Russian Federation, UVDT in terms of the timeliness of the submission, completeness and reliability of informationin statistical, operational reference, search, forensic, operational and other records, the maintenance of which is attributed to the competence of information departments of the internal affairs bodies;
pursuing a unified scientific and technical policy within the framework of the development of the information and computing system of the Ministry of Internal Affairs of Russia;
coordination and support of activities for the implementation in the internal affairs bodies and internal troops of the Ministry of Internal Affairs of Russia of the legislation of the Russian Federation on archival affairs and on the rehabilitation of citizens who have been subjected to political repression in the administrative order;
organizational and methodological guidance and provision of practical assistance to subdivisions of the system of the Ministry of Internal Affairs of Russia, the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate of the constituent entities of the Russian Federation on issues related to the competence of the GIAC.

To implement the assigned tasks, the GIAC of the Ministry of Internal Affairs of Russia carries out:

the formation and maintenance of centralized operational reference, investigative and forensic records, automated data banks of centralized records, the Interstate Information Bank - within the framework of agreements concluded between law enforcement agencies; databases of statistical information on the state of crime and the results of the fight against it;
collection, accounting and analysis of operational information; information and analytical support of operational and search activities of operational units of the Ministry of Internal Affairs of Russia. Providing operational and analytical materials to the leadership of the Ministry and operational units of the Ministry of Internal Affairs of Russia;
formation and maintenance of records of persons declared on the federal and interstate wanted list, preparation and distribution to the internal affairs bodies of the Russian Federation and other states in accordance with the established procedure of materials on the announcement and termination of the search, bulletins of operational-search information and collections of orientations;
establishing, at the request of the NCB of Interpol under the Ministry of Internal Affairs of Russia, the Ministry of Foreign Affairs of Russia, the Central Committee of the Russian Red Cross Society, the location (fate) of foreign citizens (subjects) and stateless persons arrested and convicted on the territory of Russia and the states of the former USSR;
formation and maintenance of a data bank of the system of scientific and technical information of the Ministry of Internal Affairs of Russia about the experience of the internal affairs bodies of the Russian Federation and law enforcement agencies of other states; issuance of this information in accordance with the established procedure at the request of subdivisions of the system of the Ministry of Internal Affairs of Russia;
formation and maintenance of a fund of all-Russian classifiers of technical and economic information in the part related to the Ministry of Internal Affairs of Russia, development and registration of sectoral and intra-system classifiers operating in the internal affairs bodies;
reception, registration, preservation and use in the prescribed manner of archival documents of units of the Ministry of Internal Affairs of Russia and internal affairs bodies;
analysis of the processes of formation and use of statistical, operational reference, investigative, forensic records of the internal affairs bodies, the creation, implementation, development of modern information technologies in the system of the Ministry of Internal Affairs of Russia, provision of information and analytical materials to the leadership of the Ministry and divisions of the Ministry of Internal Affairs of Russia.

The structure of the Main Information and Analytical Center of the Ministry of Internal Affairs of Russia includes:

Center for Statistical Information;
Criminal Information Center;
Operational reference center;
Center for Operational Investigative Information;
Center for Information Technologies and Systems of Internal Affairs;
Computing Center;
Center for Rehabilitation of Victims of Political Repression and Archival Information;
Department of Scientific and Technical Information;
Department of Documentation and Security Regime;
Organizational and Methodological Department;
Human Resources Department;
Financial and economic department;
Second department (special communications);
Fifth department (information interaction with the CIS FSO of Russia);
Logistics Department;
Legal group.

All operational and preventive measures and the overwhelming majority of operational and search activities carried out in the internal affairs bodies are provided with information support carried out by the GIAC and the IC.

The role of information departments is increasing from year to year, as evidenced by the following facts. If in 1976 with the help of our records 4% of the total number of solved crimes were solved, in 1996 - 25%, in 1999 - 43%, in 2002 - 60%, then in 2009 - over 70% 5 .

Today, GIAC carries out fully automated collection and generalization of statistical information. The information is summarized as a whole for Russia, for federal districts and subjects of the Russian Federation. The automated database of statistical indicators of the GIAC contains information since 1970.

Public data banks have been deployed in the GIAC and information centers of the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate, and a standard integrated data bank of the regional level has been introduced.

At the regional and federal levels, a set of measures was carried out to equip all information centers of the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate and the GIAC with standard software and hardware complexes.

The centralized equipping of the regions with modern information processing complexes made it possible to purposefully carry out measures to integrate open information resources at the regional and federal levels.

Completed work on the creation of an integrated data bank of the federal level. It combined the resources of 9 existing systems ("Kartoteka", "ABD-Center", "ASV-RIF" and "Crime-Inostranets", "Antiques", "FR-Alert", "Weapons", "Autopoisk" and "Dossier- scammer"). This made it possible, by one request of operational workers, investigators and interrogators, to receive the information available in the automated records of the GIAC in the form of a "dossier" and to increase the effectiveness of assistance in solving crimes.

The integrated bank of the federal level systematizes information about issued, lost, stolen passports (passport blanks) of citizens of the Russian Federation; about foreign citizens staying and residing (temporarily and permanently) in the Russian Federation; about registered vehicles.

Phased interaction of the Federal Automated Fingerprint System "AFIS-GIC" with similar interregional systems of federal districts, regional systems of information centers and NCB of Interpol is being carried out. The possibility of obtaining fingerprint information in electronic form allows in the shortest possible time to identify the identity of suspects, to increase the efficiency of disclosing and investigating crimes.

On the basis of the GIAC of the Ministry of Internal Affairs of Russia, an interdepartmental automated system for maintaining the Register of the Federal Integrated Information Fund was created, providing for the integration of information resources and information interaction between ministries and departments (Ministry of Internal Affairs, FSB, Ministry of Finance, Ministry of Justice, Prosecutor General's Office, Supreme Court of the Russian Federation, etc.).

Using the mode of direct access to the data bank (within 7-10 minutes without breaking the communication line) and the mode of deferred request (within 1 hour using e-mail) will greatly facilitate the work of employees of operational services, investigation and inquiry units, and other law enforcement structures.

The total number of users who are provided with access to the automated centralized records of the vertical "Main information and analytical center - information centers of the Ministry of Internal Affairs, Central Internal Affairs Directorate, ATC" is more than 30 thousand. More than a third of them are users of the GROVD level and police departments (divisions).

For information support of the operational and service activities of bodies, divisions and institutions of internal affairs, the educational process and scientific activities of research and higher educational institutions of the Ministry of Internal Affairs of Russia, the Databank of the scientific and technical information system (DB SNTI) of the Ministry of Internal Affairs of Russia was created in the GIAC. DB STTI contains materials on the experience of the internal affairs bodies of Russia, the activities of law enforcement agencies of foreign countries, as well as information on the results of research and development work and dissertation research carried out in the system of the Ministry of Internal Affairs of Russia.

The most effective means of increasing the availability and ease of obtaining information, bringing it to the consumer is the data bank of the scientific and technical information system (DB STTI) of the Ministry of Internal Affairs of Russia.

The data bank of the SNTI of the Ministry of Internal Affairs of the Russian Federation is designed to provide information to employees of bodies and institutions of the Ministry of Internal Affairs of Russia with information about the experience of the internal affairs bodies of Russia, the activities of law enforcement agencies of foreign countries and the results of scientific research carried out in the system of the Ministry of Internal Affairs of Russia.

Structurally, the databank consists of three sections:

domestic experience - express information, bulletins, guidelines, analytical reviews, criminological forecasts;
foreign experience - information publications, translations of articles from foreign magazines, reports on foreign business trips and other materials on the activities of law enforcement agencies of foreign countries;
scientific research - reporting documents on research and development work, abstracts of defended theses, prepared by employees of research and higher educational institutions of the Ministry of Internal Affairs of Russia.

As of January 1, 2010, the SNTI database contains over 5 thousand materials, of which 30% are about the work experience of the Internal Affairs Directorate of Russia, 38% of foreign law enforcement activities, and 32% of scientific research.

The databank is installed on the communication node of the GIAC as part of the data transmission backbone (MRTD) of the Ministry of Internal Affairs of Russia. All employees of the Ministry of Internal Affairs of Russia, the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate of the constituent entities of the Russian Federation, UVDT, research and educational institutions who are subscribers of the GIAC node can directly contact the DB STTI.

It also provides an opportunity to select materials in the deferred request mode for all subscribers of the MRTD of the Ministry of Internal Affairs of Russia.

Along with the growth in the use of the SNTI DB at the GIAC communication node in 65 regions of the Russian Federation, regional data banks of scientific and technical information have been created and are being formed on the basis of information arrays of the SNTI DB. 6 .

The NTI regional databanks are provided with access to services, divisions and city district agencies. In a number of regions (the Republic of Sakha (Yakutia), Krasnodar Territory, Magadan Region, etc.), which occupy a significant territory, subregional STI data banks are organized in remote cities. Information arrays for them are regularly replicated and sent out on CD-ROMs.

The creation and development of regional data banks NTI is one of the promising ways to solve the problem of bringing information to the practitioners of the territorial bodies of internal affairs.

Together with the interested departments and divisions of the Ministry of Internal Affairs of Russia, work is underway to create a Central Data Bank for registering foreign citizens and stateless persons temporarily staying and residing in the Russian Federation.

conclusions

The main directions of protection of the information sphere.

1. Protection of the interests of the individual, society and the state from the impact of harmful, poor-quality information. Such protection is provided by institutions: mass media, documented and other information.

2. Protection of information, information resources and information system from unlawful influence in various situations. Such protection is provided by:

Institute of State Secrets;

Personal data.

3. Protection of information rights and freedoms (Institute of Intellectual Property).

The main task of information security is to balance the interests of society, the state and the individual. This balance should be adequate to the goals for the security of the country as a whole. Ensuring information security should be focused on the specifics of the information environment, determined by the social structure.

The focus of information security should be on the information environment of public authorities.

In the context of the globalization process, it is necessary to ensure a constant analysis of changes in policies and legislation in other countries.

The last task is to take into account the fulfillment of factors in the process of expanding the legal attention of the Russian Federation in the peaceful information space, including cooperation within the CIS, and the practice of using the Internet.

List of used literature

Constitution of the Russian Federation. - 1993

The concept of national security of the Russian Federation (as amended by the Decree of the President of the Russian Federation of January 10, 2000 No. 24).

Information security doctrine of the Russian Federation (approved by the President of the Russian Federation on September 9, 2000, No. Pr-1895).

Law of the Russian Federation of July 27, 2006 No. 149-FZ "On Information, Information Technologies and Information Protection".

Bot E., Sichert K .. Windows Security. - SPb .: Peter, 2006.

Dvoryankin S.V. Information confrontation in the law enforcement sphere / In collection: "Russia, XXI century - anti-terror ". - M .: "BIZON-95ST", 2000.

Karetnikov M.K. On the content of the concept "Information security of internal affairs bodies" / In collection: "International conference" Informatization of law enforcement systems ". - M .: Academy of Management of the Ministry of Internal Affairs of Russia, 1998.

Nikiforov S.V. Introduction to networking technologies. - M .: Finance and statistics, 2005 .-- 224c.

A.A. Torokin Engineering and technical information security: Textbook. - M .: "Helios ARV", 2005.

1 Beloglazov E.G. and other Fundamentals of information security of internal affairs bodies: Textbook. - M .: MosU of the Ministry of Internal Affairs of Russia, 2005.

2 V.I. Yarochkin Information Security: A Textbook for University Students. - M .: Academic Project; Gaudeamus, 2007.

3 Karetnikov M.K. On the content of the concept "Information security of internal affairs bodies" / In collection: "International conference" Informatization of law enforcement systems ". - Moscow: Academy of Management of the Ministry of Internal Affairs of Russia, 1998.

4 Dvoryankin S.V. Information confrontation in the law enforcement sphere / In collection: "Russia, XXI century - anti-terror." - M .: "BIZON-95ST", 2000.

5 Zhuravlenko N.I., Kadulin V.E., Borzunov K.K .. Fundamentals of information security: a textbook. - M .: MosU of the Ministry of Internal Affairs of Russia. 2007.

6 Zhuravlenko N.I., Kadulin V.E., Borzunov K.K .. Fundamentals of information security: a textbook. - M .: MosU of the Ministry of Internal Affairs of Russia. 2007.

DEFINITION OF INFORMATION SECURITY OF ATS

We have already dwelled on the concept of information security, which in its most general form can be defined as the state of protection of the needs of the individual, society and the state in information, in which their existence and progressive development are ensured, regardless of the presence of internal and external information threats... Let us concretize this concept in relation to the goals and objectives that law enforcement agencies face at the present stage. For this, first of all, let us turn to the generic concept - the concept of "safety".

Currently, security is an integral characteristic of progress, and the concept of security is one of the key ones in the study of optimization of human activities, including activities to combat crime.

Over the centuries, the concept of security has been repeatedly filled with different content and, accordingly, an understanding of its meaning. So in ancient times, the understanding of security did not go beyond the ordinary concept and was interpreted as the absence of danger or evil for a person. In this everyday sense, the term "security" was used, for example, by the ancient Greek philosopher Plato.

In the Middle Ages, security was understood as a calm state of mind of a person who considered himself protected from any danger. However, in this sense, this term did not firmly enter the vocabulary of the peoples of Europe until the 17th century. rarely used.

The concept of "security" is becoming widespread in scientific and political circles of Western European states thanks to the philosophical concepts of T. Hobbes, D. Locke, J.J. Rousseau, B. Spinoza and other thinkers of the 17th-18th centuries, meaning a state, a situation of calmness that appears as a result of the absence of real danger (both physical and moral).

It was during this period that the first attempts were made to theoretically develop this concept. The most interesting is the version proposed by Sonnenfels, who believed that security is a state in which no one has anything to fear. For a particular person, such a position meant private, personal security, and the state of the state, in which there was nothing to fear, was public safety.

At present, security is traditionally understood as a state in which the vital interests of a person, society, state and international system are protected from any internal or external threat. From this point of view security can be defined as the impossibility of causing harm to someone or something due to the manifestation of threats, i.e. their security against threats.

It should be noted that this approach has found the greatest recognition both in the scientific community and in the field of lawmaking.

In general methodological terms, in the structure of the concept of "security" there are:

q security object;

q threats to the security object;

q ensuring the safety of the facility against manifestations of threats.

The key element in defining the content of the concept of "security" is the security object, i.e. something that defends itself against threats. Choosing as an object of security information circulating in the internal affairs bodies, as well as the activities of police units related to the production and consumption of information, we can talk about their information security - the security of their "information dimension".

In the current Russian legislation, information security means "The state of protection of national interests in the information sphere, determined by the totality of balanced interests of the individual, society and the state"(Doctrine of information security of the Russian Federation). Moreover, under the information sphere of society is understood as the totality of information, information infrastructure, entities that collect, form, disseminate and use information, as well as the system of regulation of the resulting public relations.

Based on the noted, information security of internal affairs bodies is understood as the state of security of information, information resources and information systems of internal affairs bodies, which ensures the protection of information (data) from leakage, theft, graft, unauthorized access, destruction, distortion, modification, forgery, copying, blocking (The concept of ensuring information security of the internal affairs bodies of the Russian Federation until 2020, approved by order of the Ministry of Internal Affairs of Russia dated March 14, 2012 No. 169). The structure of this concept is shown in Fig. 4. Let's consider it in more detail.

Rice. 4. The structure of the concept of "information security of ATS"

ATS information security facility. As we have already noted, the following are the objects of information security:

q informational resources internal affairs bodies used in solving official tasks, including those containing information of limited access, as well as special information and operational data of an official nature.

The information used in the internal affairs bodies contains information about the state of crime and public order in the serviced territory, about the bodies and units themselves, their forces and means. In the duty units, operatives, district police inspectors, investigators, employees of forensic departments, the migration service, and other divisions, on primary accounting documents, and accounting journals and on other media, data arrays of operational search and operational reference purposes are accumulated, in which contains information about:

- offenders and criminals;

- owners of motor vehicles;

- owners of firearms;

- events and facts of a criminal nature, offenses;

- stolen and confiscated things, antiques, as well as other information to be stored.

Services and divisions of the internal affairs bodies are characterized by the data:

- about the forces and means at the disposal of the body;

- on the results of their activities.

The above information is used when organizing the work of units, when taking practical measures to combat crime and delinquency.

In addition to the specified information, scientific and technical information is widely used, which is necessary to improve the activities of the internal affairs bodies.

Special attention should be paid to the information used by the internal affairs bodies in the disclosure and investigation of crimes. This kind of information includes, including:

All types of evidence in a criminal case;

Materials of the criminal case;

Information about the course of the investigation of the criminal case (i.e., a set of operational and procedural information about the event being investigated, plans for conducting operational-search and procedural actions);

Information about law enforcement officers involved in the investigation of the crime;

Information about the persons suspected and accused in the case;

Information about the victims, witnesses and other persons assisting in the investigation of the crime, etc.

In addition to those noted, information with limited access by individuals and legal entities is also subject to protection, to which police officers have access when performing their official duties, in particular, when disclosing and investigating crimes;

q information infrastructure bodies of internal affairs, which is understood a set of methods, means and technologies for the implementation of information processes (i.e. processes of creation, collection, processing, accumulation, storage, search, distribution and consumption of information), which must be carried out in the internal affairs department when performing the tasks assigned to them by law.

The information infrastructure of ATS includes primarily those used in the practical activities of law enforcement agencies Information Systems, the network and communication networks(including general use).

The information infrastructure of the internal affairs bodies should certainly include those used in the practical activities of the internal affairs bodies information Technology- processes using a set of means and methods for collecting, processing and transmitting data (primary information) to obtain information of a new quality about the state of an object, process or phenomenon (information product).

Information infrastructure objects include premises, in which information processes take place, carried out in the course of performing official activities, processing information on a computer, etc.

Threats to an information security object. The organization of information security of internal affairs bodies should be comprehensive and based on a deep analysis of possible negative consequences. In doing so, it is important not to overlook any significant aspects. Analysis of negative consequences implies the mandatory identification of possible sources of threats, factors contributing to their manifestation and, as a result, the identification of actual threats to information security.

Based on this principle, it is advisable to carry out modeling and classification of sources of threats to information resources and information infrastructure of ATS on the basis of an analysis of the interaction of a logical chain:

Sources of threats . In the theory of information security under sources of threat confidential information understand potential carriers of information security threats , which, depending on the nature, are subdivided into anthropogenic(caused by human activity), technogenic or spontaneous... In relation to the security object itself, the sources of threats are divided into external and internal.

An analysis of the provisions of the Doctrine of Information Security of the Russian Federation, as well as other regulatory documents in the field of information security, makes it possible to single out the following main sources of threats to the information security of internal affairs bodies.

The main external sources of threats to the information security of internal affairs bodies include:

Intelligence activities of special services of foreign states, international criminal communities, organizations and groups, associated with the collection of information revealing tasks, plans of activities, technical equipment, working methods and locations of special units and internal affairs bodies of the Russian Federation;

Activities of foreign state and private commercial structures, as well as domestic criminal groups and commercial organizations seeking to gain unauthorized access to information resources of law enforcement agencies;

Natural disasters and natural phenomena (fires, earthquakes, floods and other unforeseen circumstances);

Various kinds of technogenic accidents;

Failures and malfunctions, failures in the operation of information infrastructure elements caused by errors in their design and / or manufacture.

The main internal sources of threats to the information security of internal affairs bodies include:

Violation of the established regulations for the collection, processing, storage and transmission of information used in the practical activities of the internal affairs department, including that contained in file cabinets and automated data banks and used to investigate crimes;

Failure of hardware and software failures in information and telecommunication systems;

Use of uncertified software that disrupts the normal functioning of information and information and telecommunication systems, including information security systems;

Intentional actions, as well as errors of personnel directly involved in the maintenance of information systems used in internal affairs bodies, including those involved in the formation and maintenance of card files and automated data banks;

Inability or unwillingness of service personnel and / or users of ATS information systems to fulfill their duties (civil unrest, transport accidents, terrorist act or its threat, strike, etc.).

Vulnerabilities . Under vulnerability in the context of the issue under consideration, we believe it is necessary to understand reasons leading to a violation of the established regime of information protection in the internal affairs bodies ... These reasons include, for example:

An unfavorable crime situation, accompanied by tendencies of merging of state and criminal structures in the information sphere, obtaining by criminal structures access to confidential information, increasing the influence of organized crime on the life of society, reducing the degree of protection of the legitimate interests of citizens, society and the state in the information sphere;

Lack of legislative and regulatory regulation of information exchange in the law enforcement sphere;

Insufficient coordination of the activities of the internal affairs bodies and their divisions for the implementation of a unified policy in the field of information security;

Insufficient activity in informing the public about the activities of the internal affairs bodies, in explaining the decisions made, in the formation of open state resources and the development of a system of citizens' access to them;

Insufficient funding of measures to ensure information security of internal affairs bodies;

Decrease in the efficiency of the education and training system, insufficient number of qualified personnel in the field of information security;

Lack of a unified methodology for collecting, processing and storing information of an operational-search, reference, forensic and statistical nature, etc.

The presence of such design features and technical characteristics of information infrastructure elements that can lead to a violation of the integrity, availability and confidentiality of security objects. So, for example, the TCP / IP protocol used in the global electronic network Internet was originally developed without taking into account the requirements of information security, and most of the software used in the practice of ATS contains a lot of errors and undocumented features.

Threats . The listed vulnerabilities give rise to corresponding threats to the security of information and information infrastructure of the internal affairs bodies. Wherein by threats to an object of information security we mean a set of conditions and factors that create a potential or real danger of leakage, theft, loss, destruction, distortion, modification, forgery, copying, blocking of information and unauthorized access to it .

However, and this must be emphasized, a threat to a security object is not something that exists on its own. It is either a manifestation of the interaction of a security object with other objects, which can harm its functioning and properties, or a similar manifestation of the interaction of subsystems and elements of the security object itself.

The security of information resources and information infrastructure of internal affairs bodies is manifested through the security of their most important properties, which include:

q integrity - property of information and information infrastructure, characterized by the ability to resist unauthorized or unintentional destruction and distortion of information;

q availability - property of information and information infrastructure, characterized by the ability to provide unimpeded access to information for subjects having the proper authority to do so;

q confidentiality - property of information and information infrastructure, characterized by the ability of information to be kept secret from subjects who do not have the authority to familiarize themselves with it.

Violation of the specified properties of information security objects of the internal affairs bodies and constitutes a threat to the information security of the internal affairs bodies. The manifestation of these threats is carried out by:

q violation of the integrity of information as a result of it:

- loss (theft). It consists in the "removal" of information and / or its carriers from the information sphere of the internal affairs bodies, leading to the impossibility of further use of this information in the activities of the Internal Affairs Department;

- destruction. Destruction is such an impact on the information circulating in the internal affairs bodies and / or its carriers, as a result of which they cease to exist or are brought into such a state that makes it impossible to further use them in the practical activities of the internal affairs bodies;

- distortion (modifications, fakes), i.e. as a result of such an impact on information, which leads to a change in its (information) semantic content, the creation and / or imposition of false carriers of information;

q violation of the availability of information as a result of it:

- blocking, those. termination or obstruction of access to information by authorized persons;

- loss;

q violation of confidentiality of information as a result of:

- unauthorized disclosure of information. Represents intentional or unintentional actions of persons who have access to undisclosed information, contributing to the unauthorized acquaintance with this information of third parties .;

- unauthorized acquaintance with information. Represents the intentional or unintentional actions of persons who do not have the right to access information to familiarize themselves with it.

Information security. We have already noted that the information security of the internal affairs bodies is the protection of information resources and the supporting information infrastructure of the internal affairs bodies from threats, i.e. impossibility of any damage or harm to them. Since both the information resources and the information infrastructure of the Internal Affairs Directorate do not exist on their own, outside the practical activities of the internal affairs bodies, but in fact are one of the means of this activity, it is quite obvious that their security can be ensured only by creating such conditions for the activities of the internal cases in which potentially dangerous impacts for safety objects were either prevented or reduced to such a level at which they are not capable of causing damage to them.

Thus, ensuring the information security of the internal affairs bodies is the process of creating such conditions for the implementation of the activities of the internal affairs bodies, in which the impacts on them, potentially dangerous to information resources and information infrastructure of the internal affairs bodies, were either prevented or reduced to a level that did not interfere with the solution of the tasks facing the internal affairs bodies.

It is clear from this definition that ensuring information security is of an auxiliary nature in the system of activities of the internal affairs bodies, since it is aimed at creating conditions for achieving the main goals of the internal affairs bodies - first of all, an effective fight against crime.

Ensuring the information security of the ATS has its own external and internal focus. External focus This kind of activity is due to the need to ensure the legitimate rights and interests of the copyright holders of information protected by law, involved in the field of activities of the internal affairs bodies.

Internal focus activities to ensure the information security of the internal affairs bodies is due to the need to implement the tasks and achieve the goals facing the internal affairs bodies - first of all, the detection, disclosure, investigation and prevention of crimes. In other words, it creates the preconditions for the successful fulfillment of the tasks facing the internal affairs bodies.

Information security activities are carried out on the basis of a set of the most important, key ideas and provisions, called principles. These fundamental principles include the following:

Humanism;

Objectivity;

Concreteness;

Efficiency;

Combination of publicity and official secrecy;

Legality and constitutionality;

Compliance of the selected means and methods with the goal of counteraction;

Complexity.

Principle humanism is to ensure the rights and freedoms of a person and a citizen in countering threats to information security, in preventing unlawful encroachments on his personality, humiliation of a person's honor and dignity, arbitrary interference in his private life, personal and family secrets, restricting the freedom of his information activities, as well as in minimizing damage to these rights and freedoms when their restriction is carried out on legal grounds.

Principle objectivity is to take into account, in the implementation of counteraction, the objective laws of social development, the interaction of society with the environment, the real capabilities of the subjects of information security to eliminate the threat or minimize the consequences of its implementation. This principle requires an integrated, systematic approach to determining ways to achieve the goals of the activity with the least expenditure of manpower and resources.

Principle concreteness is to ensure security in relation to specific life circumstances, taking into account the various forms of manifestation of objective laws on the basis of reliable information both about internal and external threats, and about the possibilities to counter them. Reliable information makes it possible to establish specific forms of manifestation of threats, to determine in accordance with this the goals and actions to ensure security, to concretize the methods of countering threats, the forces and means necessary for their implementation.

Principle efficiency is to achieve the goals of counteraction with the least expenditure of manpower and resources. Ensuring information security in any social community requires certain material, financial and human resources. Proceeding from this, ensuring security, like any socially useful activity of people, must be carried out rationally and efficiently. Usually, the efficiency criteria that are applied in practice include the ratio of the amount of prevented damage from the implementation of threats to the costs of countering these threats.

Principle combination of publicity and secrecy is to find and maintain the necessary balance between the openness of information security activities, which makes it possible to gain public trust and support, and, on the other hand, in the protection of internal police information, the disclosure of which can reduce the effectiveness of countering security threats.

Principle legality and constitutionality means the implementation of all functions inherent in state organizations and officials in strict accordance with the current constitution, laws and by-laws, in accordance with the competence established by law. Strict and unswerving observance of legality and constitutionality should be an indispensable requirement, a principle of activity of not only state, but also non-state bodies, institutions and organizations.

Principle the correspondence of the selected means and methods to the goal of counteraction means that these means and methods should, on the one hand, be sufficient to achieve the goal, and on the other, not lead to undesirable consequences for society.

Principle complexity the use of available forces and means consists in the coordinated activities of the subjects of countering threats to information security and the coordinated use of the resources available for this.

As a type of security, information security has a complex structure, including goals, means and subjects of this activity.

The following can be singled out as the goals of activities to ensure the information security of internal affairs bodies:

q elimination (prevention) of security threats;

q minimization of damage from the manifestation of threats.

Elimination (prevention) of threats as the goal of ensuring information security, this is the nature of the interaction between the security object and the source of threats, in which these sources cease to have the property of generating a threat.

Minimizing the consequences implementation of a threat as the goal of information security activities arises when the elimination (prevention) of threats is not possible. This goal is such a nature of the interaction between the security object and the source of threats, in which emerging threats are promptly identified, the reasons contributing to this process are identified and eliminated, as well as the elimination of the consequences of the manifestation of threats.

Information security tools – it is a set of legal, organizational and technical means designed to ensure information security.

All information security tools can be divided into two groups:

q formal;

q informal.

TO formal includes such means that perform their functions to protect information formally, that is, mainly without human participation. TO informal means the basis of which is the purposeful activity of people.

Formal means are divided into physical, hardware and programmatic.

Physical means - mechanical, electrical, electromechanical, electronic, electronic-mechanical and similar devices and systems that function autonomously, creating various kinds of obstacles to destabilizing factors.

Hardware - various electronic, electronic-mechanical and similar devices, which are built in circuitry into the equipment of the data processing system or coupled with it specifically to solve information security problems. For example, noise generators are used to protect against leakage through technical channels.

Physical and hardware are combined into a class technical means of information protection.

Software- special software packages or individual programs included in the software of automated systems in order to solve information security problems. These can be various programs for cryptographic data conversion, access control, virus protection, etc.

Informal means are divided into organizational, legal and moral and ethical.

Organizational means - organizational and technical measures specially provided for in the technology of functioning of the object to solve problems of protecting information, carried out in the form of purposeful activities of people.

Legal means - existing in the country or specially issued normative legal acts, with the help of which the rights and obligations related to ensuring the protection of information, of all persons and divisions related to the functioning of the system are regulated, as well as liability is established for violation of the rules for processing information, which may result in violation of information security.

Moral and ethical standards - moral norms or ethical rules established in society or a given collective, the observance of which contributes to the protection of information, and violation of them is equated with non-compliance with the rules of conduct in society or a collective.

Moral and ethical methods of protecting information can be attributed to the group of those methods that, based on the popular expression that "the secret is kept not by locks, but by people", play a very important role in protecting information. It is a person, an employee of an enterprise or institution, who is admitted to secrets and accumulates in his memory colossal amounts of information, including secret, that often becomes a source of leakage of this information, or through his fault a rival gets the possibility of unauthorized access to protected information carriers.

Moral and ethical methods of protecting information presuppose, first of all, the education of an employee admitted to secrets, that is, carrying out special work aimed at forming in him a system of certain qualities, views and beliefs (patriotism, understanding the importance and usefulness of protecting information and for him personally), and training an employee who is aware of the information constituting a protected secret, the rules and methods of protecting information, instilling in him the skills of working with carriers of classified and confidential information.

Information security entities are bodies, organizations and persons authorized by law to carry out relevant activities... These include, first of all, the heads of the internal affairs bodies, employees of the relevant ATS units dealing with information security issues (for example, employees of technical departments carrying out technical protection of ATS facilities), federal executive bodies exercising supervisory functions within their competence (for example , FSB in terms of ensuring the safety of information constituting a state secret), etc.

Conclusion

In the internal affairs bodies, serious attention is paid to the issues of preserving secret information, instilling high vigilance among employees. One of them is often underestimated the danger of such information leakage. They show carelessness bordering on criminal negligence when handling secret documents, which often leads to the disclosure of information constituting a state secret, and even to the loss of classified items and documents. At the same time, some employees of the internal affairs bodies establish and maintain dubious undesirable connections, disclose information about the methods and forms of work of the internal affairs bodies to unauthorized persons. Low professional qualities of individual employees often lead to a violation of the secrecy of the events being held. The purpose of this course is to understand what information security is, how and by what means it can be ensured and to avoid the negative consequences that may occur for you if confidential information is leaked.