The official policy of the state in the field information security expressed in Doctrine of information security of the Russian Federation(Order of the President dated September 9, 2000 No. Pr-1895). It expresses a set of official views on the goals, objectives, principles and main directions of ensuring the information security of the Russian Federation and serves as the basis for:

• For the formation public policy in the field of information security of the Russian Federation
• Preparation of proposals for improving the legal, methodological, scientific, technical and organizational support of information security of the Russian Federation
• Developments targeted programs ensuring information security of the Russian Federation

Information Security- this is the state of protection of the subjects of the Russian Federation in information sphere reflecting the totality of balanced interests of the individual, society and the state.

At the individual level implementation of the constitutional rights of a person and a citizen to access to information, to use information in the interests of carrying out activities not prohibited by law, physical, spiritual and intellectual development, as well as to protect information that ensures personal security.

At the level of society we are talking about ensuring the interests of the individual in this area, strengthening democracy, creating a state of law, achieving and maintaining public consent in the spiritual renewal of Russia.

Threatened security means an action or event that can lead to the destruction, distortion or unauthorized use of computer resources, including stored, transmitted and processed information, as well as software and hardware.

Type of threats:

• accidental (or unintentional)
• deliberate

The main means of protecting computer data:

• protection of hardware components of the computer;
• protection of communication lines;
• database protection;
• protection of the computer control subsystem.

Protection system - set of funds and techniques, which provide protection for computer components that help minimize the risk to which its resources and users may be exposed.

There are various security mechanisms:

• encryption ;
• digital (electronic) signature ;
• access control;
• ensuring data integrity;
• providing authentication;
• traffic substitution;
• routing control;
• arbitration (or examination).

Exit

Encryption (cryptographic protection) is used to implement the encryption service and is used in a number of different services.

Encryption can be :

• symmetrical– is based on using the same secret key for encryption and decryption.
• asymmetrical- is characterized by the fact that one key is used for encryption, which is publicly available, and for decryption - another, which is secret. However, knowledge of the public key does not make it possible to determine the secret key.

To implement the encryption mechanism, it is necessary to organize a special service for generating keys and distributing them among network subscribers.

Mechanisms digital signature used to implement authentication and repudiation services. These mechanisms are based on asymmetric encryption algorithms and include two procedures:

• formation of the signature by the sender
• its identification (verification) by the recipient.

First procedure provides encryption of the data block or its addition with a cryptographic checksum, and in both cases the secret key of the sender is used.

Second procedure is based on the use of a public key, the knowledge of which is sufficient to identify the sender.

Mechanisms access control check the authority of network objects (programs and users) to access its resources.

When accessing a resource through a connection, control is performed both at the exchange initialization point and at the end point, as well as at intermediate points.

The basis for the implementation of these mechanisms are the matrix of access rights and various options for its implementation. Mandatory lists include security labels assigned to objects that give the right to use a resource.

Another type includes lists of access rights based on object authentication and subsequent verification of its rights in special tables (access control databases) that exist for each resource.

Mechanisms integrity apply both to individual data blocks and to information flows.

Integrity is ensured by the execution of interrelated encryption and decryption procedures by the sender and recipient, followed by a comparison of cryptographic checksums.

However, to implement protection against substitution of the block as a whole, it is necessary to control the integrity of the data stream, which can be implemented, for example, by means of encryption using keys that change depending on the previous blocks. It is also possible to use more simple methods type of numbering of blocks or their addition with the so-called hallmark (mark) of time.

Mechanisms authentication provide one-way and mutual authentication.

In practice, these mechanisms are combined with encryption, digital signature, and arbitration.

Traffic substitutions , in other words, the text padding mechanism is used to implement the data stream encryption service.

They are based on the generation of fictitious blocks by network objects, their encryption and organization of transmission over network channels.

This neutralizes the possibility of obtaining information about network users by observing the external characteristics of the flows circulating in the network.

source random threats , occurring during computer operation, there may be software errors, hardware failures, incorrect actions of users, operators or system administrators, etc.

Intentional threats pursue certain goals related to causing damage to users (subscribers) of the network.

Types of deliberate threats:

• Active
• Passive

Active invasions disrupt the normal functioning of a computer, make unauthorized changes to information flows, stored and processed information. These threats are implemented through a targeted impact on its hardware, software and information resources.

Active attacks include:

• destruction or electronic suppression of communication lines,
• disabling the entire system connected to the network, or its operating system,
• distortion of information in user databases or system data structures, etc.

The information stored in the computer memory can be selectively modified, destroyed, false data can be added to it.

Active intrusions are easy to detect, but difficult to prevent.

With a passive intrusion, the attacker only observes the passage and processing of information without intruding into information flows.

These intrusions, as a rule, are aimed at the unauthorized use of computer information resources, without affecting its functioning. Passive threat is, for example, receiving information transmitted over communication channels by listening to them.

In this case, the intruder performs an analysis of the message flow (traffic), fixes identifiers, destinations, message length, frequency and time of exchanges.

Description of the presentation on individual slides:

1 slide

Description of the slide:

2 slide

Description of the slide:

Information security is a set of organizational, technical and technological measures to protect information from unauthorized access, destruction, modification, disclosure and delays in access. Information security provides a guarantee that the following goals are achieved: confidentiality of information (property of information resources, including information related to the fact that they will not become available and will not be disclosed to unauthorized persons); the integrity of information and related processes (the immutability of information in the process of its transmission or storage); availability of information when it is needed (property of information resources, including information, which determines the possibility of their receipt and use at the request of authorized persons); accounting for all processes related to information.

3 slide

Description of the slide:

Information security consists of three components: Confidentiality, Integrity, Availability. The points of application of the information security process to the information system are: hardware, software, communication (communications). The procedures (mechanisms) of protection themselves are divided into protection of the physical level, protection of personnel, organizational level. Communication Hardware Software

4 slide

Description of the slide:

A security threat to a computer system is a potential occurrence (whether intentional or not) that may have an undesirable effect on the system itself, as well as on the information stored in it. An analysis of threats conducted by the agency by the National Computer Security Association in 1998 in the United States revealed the following statistics:

5 slide

Description of the slide:

6 slide

Description of the slide:

A security policy is a set of measures and active actions to manage and improve security systems and technologies, including information security.

7 slide

Description of the slide:

Organizational protection organization of the regime and protection. organization of work with employees (selection and placement of personnel, including familiarization with employees, their study, training in the rules for working with confidential information, familiarization with the measures of responsibility for violation of information protection rules, etc.) organization of work with documents and documented information(development, use, accounting, execution, return, storage and destruction of documents and carriers of confidential information) organization of the use of technical means for collecting, processing, accumulating and storing confidential information; organization of work on the analysis of internal and external threats to confidential information and the development of measures to ensure its protection; organization of work on carrying out systematic control over the work of personnel with confidential information, the procedure for accounting, storage and destruction of documents and technical media.

8 slide

Description of the slide:

Technical means information protection To protect the perimeter of the information system, the following are created: security and fire alarm systems; digital video surveillance systems; access control and management systems (ACS). The protection of information from its leakage by technical communication channels is provided by the following means and measures: the use of a shielded cable and the laying of wires and cables in shielded structures; installation of high-frequency filters on communication lines; construction of shielded rooms (“capsules”); use of shielded equipment; installation of active noise systems; creation of controlled zones.

9 slide

Description of the slide:

Information security hardware Special registers for storing security details: passwords, identification codes, vultures or secrecy levels; Devices for measuring individual characteristics of a person (voice, fingerprints) in order to identify him; Schemes for interrupting the transmission of information in the communication line in order to periodically check the address of data output. Devices for encrypting information (cryptographic methods). Uninterruptible power systems: Uninterruptible power supplies; Load redundancy; Voltage generators.

10 slide

Description of the slide:

Information security software Means of protection against unauthorized access (UAS): Means of authorization; Mandatory access control; Selective access control; Role based access control; Journaling (also called Audit). Systems for analysis and modeling of information flows (CASE-systems). Network Monitoring Systems: Intrusion Detection and Prevention Systems (IDS/IPS). Confidential Information Leak Prevention Systems (DLP-systems). protocol analyzers. Antivirus tools.

11 slide

Description of the slide:

Information security software Firewalls. Cryptographic means: Encryption; Digital signature. Backup systems. Authentication systems: Password; Access key (physical or electronic); Certificate; Biometrics. Tools for analysis of protection systems: Monitoring software product.

12 slide

Description of the slide:

TYPES OF ANTI-VIRUS PROGRAMS Detectors allow you to detect files infected with one of several known viruses. Some detector programs also perform heuristic analysis of files and disk system areas, which often (but by no means always) allows you to detect new viruses that are not known to the detector program. Filters are resident programs that notify the user of all attempts by a program to write to a disk, let alone format it, as well as other suspicious actions. Doctor programs or phages not only find virus-infected files, but also “cure” them, i.e. the body of the virus program is removed from the file, returning the files to their original state. Auditors remember information about the state of files and system areas of disks, and at subsequent launches they compare their state with the original one. If inconsistencies are found, the user is informed about this. Watchmen or filters are located resident in random access memory computer and scan executable files and inserted USB drives for viruses. Vaccine programs or immunizers modify programs and disks in such a way that this does not affect the operation of programs, but the virus against which vaccination is performed considers these programs or disks already infected.

13 slide

Description of the slide:

Disadvantages of anti-virus programs None of the existing anti-virus technologies can provide complete protection against viruses. The anti-virus program takes away part of the computing resources of the system, loading the central processor and hard drive. This can be especially noticeable on weak computers. Antivirus programs can see a threat where there is none (false positives). Antivirus programs download updates from the Internet, thereby consuming bandwidth. Various methods of malware encryption and packaging make even known viruses undetectable by antivirus software. Detection of these "masked" viruses requires a powerful decompression engine that can decrypt files before they are scanned. However, many anti-virus programs do not have this feature and, therefore, it is often impossible to detect encrypted viruses.

14 slide

Description of the slide:

The concept of a computer virus A computer virus is a special program that deliberately causes harm to the computer on which it is launched for execution, or to other computers on the network. The main function of the virus is its reproduction.

15 slide

Description of the slide:

Classification of computer viruses by habitat; by operating systems; according to the algorithm of work; destructive potential.

16 slide

Presentation on the topic: Modern ways and means of information protection

1 of 22

Presentation on the topic: Modern methods and means of information protection

slide number 1

Description of the slide:

slide number 2

Description of the slide:

slide number 3

Description of the slide:

Information security provides a guarantee that the following goals are achieved: confidentiality of information (property of information resources, including information related to the fact that they will not become available and will not be disclosed to unauthorized persons); the integrity of information and related processes (the immutability of information in the process of its transmission or storage); availability of information when it is needed (property of information resources, including information, which determines the possibility of their receipt and use at the request of authorized persons); accounting for all processes related to information.

slide number 4

Description of the slide:

Information security consists of three components: Confidentiality, Integrity, Availability. The points of application of the information security process to the information system are: hardware, software, communication (communications). The procedures (mechanisms) of protection themselves are divided into protection of the physical level, protection of personnel, organizational level.

slide number 5

Description of the slide:

A security threat to a computer system is a potential occurrence (whether intentional or not) that may have an undesirable effect on the system itself, as well as on the information stored in it. An analysis of threats conducted by the agency by the National Computer Security Association in the United States revealed the following statistics:

slide number 6

Description of the slide:

slide number 7

Description of the slide:

slide number 8

Description of the slide:

organization of regime and protection. organization of work with employees (selection and placement of personnel, including familiarization with employees, their study, training in the rules for working with confidential information, familiarization with the measures of responsibility for violation of information protection rules, etc.) organization of work with documents and documented information (development, use, accounting, execution, return, storage and destruction of documents and carriers of confidential information) organization of the use of technical means for collecting, processing, accumulating and storing confidential information; organization of work on the analysis of internal and external threats to confidential information and the development of measures to ensure its protection; organization of work on carrying out systematic control over the work of personnel with confidential information, the procedure for accounting, storage and destruction of documents and technical media.

slide number 9

Description of the slide:

Technical means of information protection To protect the perimeter of the information system, the following are created: security and fire alarm systems; digital video surveillance systems; access control and management systems (ACS). The protection of information from its leakage by technical communication channels is provided by the following means and measures: the use of a shielded cable and the laying of wires and cables in shielded structures; installation of high-frequency filters on communication lines; construction of shielded rooms (“capsules”); use of shielded equipment; installation of active noise systems; creation of controlled zones.

slide number 10

Description of the slide:

Information security hardware Special registers for storing security details: passwords, identification codes, vultures or secrecy levels; Devices for measuring individual characteristics of a person (voice, fingerprints) in order to identify him; Schemes for interrupting the transmission of information in the communication line in order to periodically check the address of data output. Devices for encrypting information (cryptographic methods). Uninterruptible power systems: Uninterruptible power supplies; Load redundancy; Voltage generators.

slide number 11

Description of the slide:

Information security software Means of protection against unauthorized access (UAS): Means of authorization; Mandatory access control; Selective access control; Role based access control; Journaling (also called Audit). Systems for analysis and modeling of information flows (CASE-systems). Network Monitoring Systems: Intrusion Detection and Prevention Systems (IDS/IPS). Confidential Information Leak Prevention Systems (DLP-systems). protocol analyzers. Antivirus tools.

slide number 12

Description of the slide:

Information security software Firewalls. Cryptographic means: Encryption; Digital signature. Backup systems. Authentication systems: Password; Access key (physical or electronic); Certificate; Biometrics. Tools for analysis of protection systems: Monitoring software product.

slide number 13

Description of the slide:

Detectors allow you to detect files infected with one of several known viruses. Some detector programs also perform heuristic analysis of files and disk system areas, which often (but by no means always) allows you to detect new viruses that are not known to the detector program. Filters are resident programs that notify the user of all attempts by a program to write to a disk, let alone format it, as well as other suspicious actions. Doctor programs or phages not only find virus-infected files, but also “cure” them, i.e. the body of the virus program is removed from the file, returning the files to their original state. Auditors remember information about the state of files and system areas of disks, and at subsequent launches they compare their state with the original one. If inconsistencies are found, the user is informed about this. Watchmen or filters are located resident in the computer's RAM and check for viruses executable files and inserted USB drives. Vaccine programs or immunizers modify programs and disks in such a way that this does not affect the operation of programs, but the virus against which vaccination is performed considers these programs or disks already infected.

slide number 14

Description of the slide:

Disadvantages of anti-virus programs None of the existing anti-virus technologies can provide complete protection against viruses. The anti-virus program takes away part of the computing resources of the system, loading the central processor and hard drive. This can be especially noticeable on weak computers. Antivirus programs can see a threat where there is none (false positives). Antivirus programs download updates from the Internet, thereby consuming bandwidth. Various methods of malware encryption and packaging make even known viruses undetectable by antivirus software. Detection of these "masked" viruses requires a powerful decompression engine that can decrypt files before they are scanned. However, many anti-virus programs do not have this feature and, therefore, it is often impossible to detect encrypted viruses.

Description of the slide:

slide number 19

Description of the slide:

3) According to the operation algorithm Residency Viruses that have this property act constantly while the computer is on. Self-encryption and polymorphism Polymorphic viruses change their code or program body in such a way that they are difficult to detect. Stealth algorithm Invisible viruses "hide" in RAM and the anti-virus program cannot detect them. Unconventional techniques Fundamentally new methods of virus impact on a computer.

Description of the slide:

A Trojan horse is a program that contains some destructive function that is activated when a certain trigger condition occurs. Usually such programs are disguised as some useful utilities. Types of destructive actions: Destruction of information. (The specific choice of objects and methods of destruction depends only on the imagination of the author of such a program and the capabilities of the OS. This function is common to Trojan horses and bookmarks). Interception and transmission of information. (passwords typed on the keyboard). Purposeful change of the program. Worms are viruses that spread over global networks, infecting entire systems, not individual programs. This is the most dangerous type of virus, as the objects of attack in this case are Information Systems state scale. With the advent global network On the Internet, this type of security breach poses the greatest threat. any of the computers connected to this network can be exposed to it at any time. The main function of viruses of this type is to hack the attacked system, i.e. breaching security to compromise security and integrity.

slide number 22

Description of the slide:

identification is the naming of oneself by a person to the system; authentication is the establishment of correspondence of a person to an identifier named by him; authorization - providing this person with opportunities in accordance with their rights or checking for rights when trying to perform some action

PROTECTION INFORMATION

Data protection

is a set of measures aimed at ensuring information security.

Why is there a need to protect information

The problem of protecting information from unauthorized access has become particularly acute with the widespread use of local and, especially, global computer networks.

Often the damage is caused due to elementary user errors that accidentally corrupt or delete vital data.

Why protect information?

Information circulating in control and communication systems can cause large-scale accidents, military conflicts, disruption of activities scientific centers and laboratories, the ruin of banks and commercial organizations. Therefore, information must be able to be protected from distortion, loss, leakage, illegal use.

Type of protection

Protection methods

From hardware failures

From accidental loss or distortion of information stored in the computer

• A request to confirm the execution of commands that modify files (for example, when replacing a file);

From computer viruses

Setting special attributes of documents and programs (read-only, hidden);

• Archiving and backing up files
• Preventive measures to reduce the likelihood of infection;

From unauthorized access to information (its use, modification, distribution)

Ability to undo an incorrect action or restore an erroneously deleted file;

Use of antivirus programs.

Encryption;

Differentiation of user access to PC resources.

Password protection;

" electronic locks " ;

administrative and law enforcement measures.

Automatic file backup

When using automatic backup programs, the command to save the file is automatically duplicated and the file is saved on two independent media, for example, on two hard drives. Failure of one of them does not lead to loss of information.

File backup is widely used, in particular in banking.

Types of computer crimes

• Unauthorized access to information,
• Entering logic bombs,
• Development and distribution of viruses,
• Criminal negligence in development,
• Fake computer information
• Theft of computer information.

Measures preventing computer crimes

• Technical
• Organizational
• Legal

The protection of information in computers should be considered as a set of measures, including organizational, technical, legal, software, operational, insurance, and even moral and ethical measures.

Technical measures

Protection against unauthorized access to the system

Redundancy of Critical Computer Subsystems

Organization of computer networks

Installation of fire fighting equipment

Equipped with locks, alarms.

Organizational arrangements

• computer center security
• careful selection of staff
• availability of a recovery plan (after a failure),
• universality of means of protection from all users.

Legal measures

• Development of norms establishing responsibility for computer crimes;
• Copyright protection of programmers;
• Improvement of criminal and civil legislation.

"Legislation in the field of information"

10 basic laws, in which:

• the basic terms and concepts are defined,
• regulates the dissemination of information,
• copyright protection,
• property and non-property relations.

Article 273 of the Criminal Code of the Russian Federation

• Provides for criminal liability for the creation of computer programs or their modification, leading to unauthorized destruction.
• Protects the rights of the owner.
• Criminal liability resulting from the creation of the program.
• To attract, the mere fact of creating programs is sufficient.

Legal protection of information is regulated by the laws of the Russian Federation

The legal protection provided by this law extends to all types of computer programs that can be expressed in any language and in any form, including source text in a programming language and machine code. But legal protection does not extend to the ideas and principles underlying the computer program, including the ideas and principles of interface and algorithm organization.

To notify of his rights, the developer of the program can, starting from the first release of the program, use the copyright protection sign, which consists of 3 elements:

• letters C in a circle or parentheses ©; title (name) of the right holder; year of the program's first release.
• letters C in a circle or parentheses ©;
• title (name) of the right holder;
• year of the program's first release.

© 1993-1997 Microsoft Corporation.

An organization or a user who legally owns a copy of the program (who has bought a license to use it) has the right, without obtaining additional permission from the developer, to carry out any actions related to the operation of the program, including its recording and storage in the computer memory. Recording and storage in the computer memory is allowed in relation to one computer or one user in the network, unless otherwise provided by the contract with the developer.

You must know and comply with existing laws that prohibit illegal copying and use of licensed software. In relation to organizations or users that infringe copyright, the developer may seek damages and compensation from the infringer in an amount determined at the discretion of the court from 5,000 times to 50,000 times the minimum monthly wage.

Digital signature

In 2002, the Law of the Russian Federation "On Electronic Digital Signature" was adopted, which became the legislative basis electronic document management in Russia. Under this law, an electronic digital signature in an electronic document is recognized as legally equivalent to a signature in a paper document.

When registering an electronic digital signature in specialized centers the correspondent receives two keys: secret and public. The secret key is stored on a floppy disk or smart card and should be known only to the correspondent himself. The public key must be available to all potential recipients of documents and is usually distributed via email.

The process of electronic signing of a document consists in processing the text of the message using a secret key. Next, the encrypted message is sent by e-mail to the subscriber. The subscriber uses the public key to authenticate the message and the electronic signature.

The computer air defense system of the North American continent once declared a false nuclear alarm, putting the armed forces on alert. And the cause was a defective 46-cent chip - a small, coin-sized silicon element.

Examples of errors when working with information

In 1983, a flood occurred in the southwestern United States. The cause was a computer that was entered with incorrect weather data, as a result of which it gave an erroneous signal to the locks blocking the Colorado River.

Examples of errors when working with information

In 1971, 352 cars disappeared from the New York Railroad. The criminal took advantage of the information of the computer center that manages the work railway, and changed the destination addresses of the wagons. The damage caused amounted to more than a million dollars.

Incorrect work of users and maintenance personnel

80-90% of information security threats large companies comes from the "internal enemy" - careless users who can, for example, download a file with a virus from the network.

Technical failures of equipment

Cabling Disruption Prevention

Power failure protection

Disk Failure Prevention

Unauthorized access from outside

« Hacker" is an English word that refers to an individual who takes pleasure in learning the details of the functioning of computer systems and in expanding the capabilities of these systems (as opposed to most users who prefer to know only the necessary minimum).

information security professionals

hackers (

crackers

The main task of a hacker is to investigate the protection, find weaknesses in the security system and inform users and developers about them in order to eliminate the vulnerabilities found and increase the level of protection.

Crackers carry out "hacking" of the system in order to obtain unauthorized access to information resources and systems closed to them.

Crackers

vandals

penetration into the system with the aim of its complete destruction

jokers

notoriety gained by infiltrating the system

crackers

hacking the system in order to gain profit by stealing or replacing information

Internet information protection

If a computer is connected to the Internet, then, in principle, any user also connected to the Internet can access the information resources of this computer. If the server has an Internet connection and simultaneously serves as a local network server (Intranet server), then unauthorized access from the Internet to the local network is possible.

The mechanisms for penetration from the Internet to a local computer and to a local network can be different:

• Web pages loaded into the browser may contain active ActiveX controls or Java applets that can perform destructive actions on the local computer;
• some Web servers place text cookies on the local computer that can be used to obtain confidential information about the user of the local computer;
• using special utilities, you can access disks and files on the local computer, etc.

To prevent this from happening, a software or hardware barrier is installed between the Internet and the Intranet using firewall(firewall - firewall). The firewall monitors the transfer of data between networks, monitors current connections, detects suspicious activity and thereby prevents unauthorized access from the Internet to the local network.

Firewall

firewall (firewall) is a software and/or hardware barrier between two networks that allows only authorized connections to be established.

The firewall protects a local area network connected to the Internet or a separate personal computer from outside penetration and excludes the possibility of access to confidential information.

Protection of programs from illegal copying and use

Computer pirates, illegally replicating software, devalue the work of programmers, make software development an economically unprofitable business. In addition, software pirates often offer users unfinished programs, programs with errors, or their demo versions.

For computer software to function, it must be installed (installed). The software is distributed by manufacturers in the form of distribution kits on CD-ROM. Each distribution has its own serial number, which prevents illegal copying and installation of programs.

Special protections can be used to prevent illegal copying of programs and data stored on the CD-ROM. The CD-ROM may contain an encrypted software key, which is lost during copying and without which the program cannot be installed.

Protection against illegal use of programs can be implemented using a hardware key, which is usually attached to the computer's parallel port. The protected application accesses the parallel port and requests a secret code; if the hardware key is not connected to the computer, the protected application determines the situation of protection violation and stops its execution.

• Berne Convention for the Protection of Literary and Artistic Works 1886
• World Copyright Convention 1952

• Constitution Russian Federation Art. 44.
• Civil Code of the Russian Federation.
• Copyright and Related Rights Act 1993
• Law of the Russian Federation "On legal protection computer programs and databases" 1992.

• Latin letter C inside a circle ©,
• The name of the owner of the exclusive copyright,
• Date of first publication.

© 1993-1997 Microsoft Corporation

• copyright,
• Right to a name
• The right to publish
• The right to protect reputation.

If programs are created in order of execution official duties or on the instructions of the employer, they belong to the employer, unless otherwise provided in the contract between him and the author.

Extract from the Criminal Code of the Russian Federation

Chapter 28. Crimes in the field of computer information

Article 272. Illegal access to computer information.

1. Illegal access to computer information protected by law, that is, information on a machine carrier, in an electronic computer (ECM), if this act caused the destruction, blocking, modification or copying of information, disruption of the computer, - shall be punished

• a fine of two hundred to five hundred minimum dimensions wages
• or in size wages or other income of the convicted person for a period of two to five months,
• or correctional labor for a term of six months to one year,
• or imprisonment for up to two years.

2. The same act committed by a group of persons by prior agreement or by an organized group, or by a person using his official position, as well as having access to a computer, a computer system or their network, is punishable by a fine in the amount of one hundred thousand to three hundred thousand rubles or the amount of wages or other income of the convicted person for a period of one to two years, or compulsory works for a term of one hundred and eighty to two hundred and forty hours, or by corrective labor for a term of up to two years, or by arrest for a term of three to six months, or by deprivation of liberty for a term of up to five years.

Article 273. Creation, use and distribution of malicious programs for computers

Creating computer programs or making changes to existing programs that knowingly lead to unauthorized destruction, blocking, modification or copying of information, disruption of the computer, as well as the use or distribution of such programs or machine media with such programs, is punishable.

• imprisonment for up to three years with a fine in the amount of two hundred to five hundred times the minimum wage
• or in the amount of wages or other income of the convicted person for a period of two to five months. The same acts that caused grave consequences - are punishable by imprisonment for a term of three to seven years.

Article 274

1. Violation of the rules for the operation of a computer by a person who has access to a computer, resulting in the destruction, blocking or modification of computer information protected by law, if this act caused significant harm, shall be punished

• deprivation of the right to hold certain positions or engage in certain activities for up to five years,
• or compulsory works for a period of one hundred and eighty to two hundred and forty hours,
• or restraint of liberty for up to two years.

2. The same act, negligently entailing grave consequences, is punishable by deprivation of liberty for a term of up to four years.

• By fingerprints
• According to the characteristics of speech
• According to the geometry of the palms of the hands,
• By face,
• On the iris of the eye.

INFORMATION PROTECTION

It was announced in 1988 by the Association computer equipment to once again remind all users of the need to maintain the protection of their computers and the information stored on them.

In that year, the Morris worm attacked computers for the first time, as a result of which 6,000 nodes of the Internet's predecessor, the ARPANET, were infected. This attack caused $96 million in damages. The author of this virus might not have been found, but Robert Morris, a graduate student at Cornell University, was forced to confess by his own father. Morris received 3 years of probation and 400 hours of community service. In addition, he paid a $10,500 fine. Since in 1988 it was the first mass epidemic that hit computers, experts began to seriously think about an integrated approach to ensuring the security of information resources.

What is the best way to choose components for a password?

• Do not use a password that is a dictionary word.
• If possible, punctuation marks can be used.
• You can use lowercase and uppercase characters, as well as numbers from 0 to 9.

• The optimal number for compiling a password is the number of digits (letters) from 8 to 10.
• Use the last characters from a list of numbers, characters, or the alphabet.
• Beware of interceptor programs.

“If you don’t report the data within a week, you will be blocked”

"If you want to protect yourself from phishing, follow this link and enter your username and password"

Phishing is a type of Internet fraud, the purpose of which is to obtain identified user data.

• How can I fix my copyright on a software product?
• Why is software piracy damaging to society?
• What are the software and hardware ways to protect information?

slide 1

slide 2

slide 3

slide 4

slide 5

slide 6

Slide 7

Slide 8

Slide 9

slide 10

slide 11

slide 12

slide 13

slide 14

slide 15

slide 16

slide 17

slide 18

slide 19

slide 20

slide 21

slide 22

slide 23

slide 24

slide 28

slide 29