1 of 11

Presentation on the topic: Information Security

slide number 1 https://ppt4web.ru/images/288/19146/310/img1.jpg" alt="(!LANG: SECURITY INFORMATION INFORMATION security is for" title="SECURITY INFORMATION INFORMATION SECURITY">!}

Description of the slide:

SECURITY INFORMATION INFORMATION AND INFORMATION SECURITY is the protection of vital information resources and systems from external and internal encroachments and threats to citizens, organizations and government bodies. security Russian Federation understood as the state of protection of its national interests in information sphere determined by the totality of balanced interests of the individual, society and the state.

slide number 3

Description of the slide:

SECURITY INFORMATION INFORMATION SECURITY For citizens: the security of their personal computers, their personal information in information systems and computer networks, as well as the results of their intellectual activity. Interests personalities in the information sphere consist in the implementation of the constitutional rights of a person and a citizen to access to information, to use information in the interests of carrying out activities not prohibited by law, physical, spiritual and intellectual development, as well as in protecting information that ensures personal security.

slide number 4

Description of the slide:

SECURITY INFORMATION AND INFORMATION SECURITY For organizations: protection from external encroachments of official information, corporate information systems and computer networks, as well as intellectual property belonging to them In accordance with applicable law Russian Federation, not every company today has the right to protect its information. The Declaration of the Rights and Freedoms of Man and Citizen of the Russian Federation and the Constitution granted everyone the right to freely seek and receive information. Therefore, in order to carry out actions to protect information and, most importantly, to restrict access to it, a company must have legal grounds reflected in the title documents of the company.

slide number 5

Description of the slide:

SECURITY INFORMATION AND INFORMATION SECURITY For the state: protection from external and internal threats of national information resources and state information systems, as well as telecommunications infrastructure, organizations and services. Interests states in the information sphere are to create conditions for the harmonious development of the Russian information infrastructure, for the implementation of the constitutional rights and freedoms of man and citizen in the field of obtaining information and using it in order to ensure the inviolability of the constitutional order, sovereignty and territorial integrity of Russia, political, economic and social stability , in the unconditional provision of law and order, the development of equal and mutually beneficial international cooperation.

slide number 6

slide number 7

Description of the slide:

SECURITY INFORMATION Computer offenses are qualified as criminal acts if there is intent and significant material damage inflicted on citizens, organizations or the state. Computer epidemics are the mass distribution of computers across the Internet with the destruction of information on personal and office computers, and causing significant material damage to organizations. The creation and distribution of computer viruses is punishable by law in the Russian Federation under criminal procedure, as well as unauthorized access to information or computer operation rules.

slide number 8

Description of the slide:

SECURITY INFORMATION Criminally punishable under the Convention: Offenses against computer data Criminal use of computers into the operation of a computer. Illegal use of computer data. Criminal use of a computer: Forgery using a computer and fraud using a computer with the intent to unlawfully obtain benefits for oneself or another person.

slide number 9

Description of the slide:

SECURITY INFORMATION INFORMATION The system of measures to protect information requires an integrated approach to solving security issues and includes not only the use of technical means, but primarily organizational and legal protection measures. In accordance with the current legislation of the Russian Federation, not every company today has the right to protect its information. The Declaration of the Rights and Freedoms of Man and Citizen of the Russian Federation (Article 13, Clause 2) and the Constitution of the Russian Federation (Article 29, Part 4) granted everyone the right to freely seek and receive information.

slide number 10

Description of the slide:

SECURITY INFORMATION In accordance with the Law on Information, not all information is subject to protection, but only documented information, i.e. fixed on material carrier with details to identify it. At the same time, information in electronic version, i.e. located in the memory of a computer or recorded on a diskette, is subject to protection only if it is certified by an electronic digital signature, or printed and certified by the signature of the head and the seal of the company (Article 5). At the same time, the protection of information is understood, first of all, the right of the owner of the document to claim this document from someone else's, illegal possession. In addition, the Law provides for the right of the owner of a document to determine the procedure for third parties to access it, as well as to prohibit third parties from familiarizing themselves with the information recorded in the document, copying the document, and a number of other actions.

slide number 11

Description of the slide:

SECURITY INFORMATION Basic laws of Russia in the field of computer law: Law "On legal protection programs for electronic computers and databases" (No. 3523-1 dated 23.09.92 Law "On Copyright and Related Rights" (No. 5351-1 dated 09.07.93 with subsequent amendment and addition). Law "On state secret" (dated 21. 07. 93 No. 5485-1 with subsequent amendment and addition). Federal Law "On Communications" (dated 16.02.95 No. 15-FZ with subsequent amendment and addition). Federal Law "On Informatization and Protection Information" (dated February 20, 1995 No. 24 FZ) Chapter 28 of the Criminal Code of the Russian Federation Article 272 Illegal access to computer information Article 273 Creation, use and distribution of malicious programs Article 274 Violation of the rules for operating a computer, computer system or their network

Chapter 1 The information security of the Russian Federation is understood as the state of protection of its national interests in the information sphere, determined by the totality of balanced interests of the individual, society and the state. The information security of the Russian Federation is understood as the state of protection of its national interests in the information sphere, determined by the totality of balanced interests of the individual, society and the state.

Interests: The interests of the individual in the information sphere are in the implementation of the constitutional rights of a person and a citizen to access information, to use information in the interests of carrying out activities not prohibited by law, physical, spiritual and intellectual development, as well as in protecting information that ensures personal security. The interests of the individual in the information sphere consist in the implementation of the constitutional rights of a person and a citizen to access to information, to use information in the interests of carrying out activities not prohibited by law, physical, spiritual and intellectual development, as well as in protecting information that ensures personal security. The interests of society in the information sphere are to ensure the interests of the individual in this area, the strengthening of democracy, the creation of a legal social state, the achievement and maintenance of public harmony, and the spiritual renewal of Russia. The interests of society in the information sphere are to ensure the interests of the individual in this area, the strengthening of democracy, the creation of a legal social state, the achievement and maintenance of public harmony, and the spiritual renewal of Russia. The interests of the state in the information sphere are to create conditions for the harmonious development of the Russian information infrastructure, for the implementation of the constitutional rights and freedoms of man and citizen in the field of obtaining information and using it in order to ensure the inviolability of the constitutional order, sovereignty and territorial integrity of Russia, political, economic and social stability, in the unconditional provision of law and order, the development of equal and mutually beneficial international cooperation. The interests of the state in the information sphere are to create conditions for the harmonious development of the Russian information infrastructure, for the implementation of the constitutional rights and freedoms of man and citizen in the field of obtaining information and using it in order to ensure the inviolability of the constitutional order, sovereignty and territorial integrity of Russia, political, economic and social stability, in the unconditional provision of law and order, the development of equal and mutually beneficial international cooperation.

There are four main components of the national interests of the Russian Federation in the information sphere. The first component of the national interests of the Russian Federation in the information sphere includes the observance of the constitutional rights and freedoms of a person and a citizen in the field of obtaining information and using it, ensuring the spiritual renewal of Russia, preserving and strengthening the moral values ​​of society, traditions of patriotism and humanism, cultural and scientific potential of the country . The first component of the national interests of the Russian Federation in the information sphere includes the observance of the constitutional rights and freedoms of a person and a citizen in the field of obtaining information and using it, ensuring the spiritual renewal of Russia, preserving and strengthening the moral values ​​of society, traditions of patriotism and humanism, cultural and scientific potential of the country . The second component of the national interests of the Russian Federation in the information sphere includes information support public policy of the Russian Federation, connected with bringing to the Russian and international public reliable information about the state policy of the Russian Federation, its official position on socially significant events in Russian and international life, with ensuring access of citizens to open state information resources. The second component of the national interests of the Russian Federation in the information sphere includes information support of the state policy of the Russian Federation, related to bringing to the Russian and international public reliable information about the state policy of the Russian Federation, its official position on socially significant events in Russian and international life, with providing citizens with access to open state information resources

The third component of the national interests of the Russian Federation in the information sphere includes the development of modern information technologies, the domestic information industry, including the industry of informatization, telecommunications and communications, meeting the needs domestic market its products and the entry of these products to the world market, as well as ensuring the accumulation, preservation and effective use domestic information resources. The third component of the national interests of the Russian Federation in the information sphere includes the development of modern information technologies, the domestic information industry, including the industry of informatization, telecommunications and communications, meeting the needs of the domestic market with its products and bringing these products to the world market, as well as ensuring the accumulation , safety and effective use of domestic information resources. The fourth component of the national interests of the Russian Federation in the information sphere includes the protection of information resources from unauthorized access, ensuring the security of information and telecommunications systems, both already deployed and being created on the territory of Russia. The fourth component of the national interests of the Russian Federation in the information sphere includes the protection of information resources from unauthorized access, ensuring the security of information and telecommunications systems, both already deployed and being created on the territory of Russia.

Chapter 2 According to their general direction, the threats to the information security of the Russian Federation are divided into the following types: threats to the constitutional rights and freedoms of man and citizen in the field of spiritual life and information activities, individual, group and public consciousness, the spiritual revival of Russia; threats to the constitutional rights and freedoms of man and citizen in the field of spiritual life and information activities, individual, group and public consciousness, the spiritual revival of Russia; constitutional rights and freedoms, constitutional rights and freedoms; threats to the information support of the state policy of the Russian Federation; threats to the information support of the state policy of the Russian Federation; threats to the development of the domestic information industry, including the industry of informatization, telecommunications and communications, to meet the needs of the domestic market in its products and the entry of these products into the world market, as well as to ensure the accumulation, preservation and efficient use of domestic information resources; threats to the development of the domestic information industry, including the industry of informatization, telecommunications and communications, to meet the needs of the domestic market in its products and the entry of these products into the world market, as well as to ensure the accumulation, preservation and efficient use of domestic information resources; threats to the security of information and telecommunications facilities and systems, both already deployed and being created on the territory of Russia. threats to the security of information and telecommunications facilities and systems, both already deployed and being created on the territory of Russia.

Threats to the constitutional rights and freedoms of man and citizen in the field of spiritual life and information activity, individual, group and public consciousness, the spiritual revival of Russia can be: state power, state authorities of the constituent entities of the Russian Federation of normative legal acts that infringe on the constitutional rights and freedoms of citizens in the field of spiritual life and information activities; Adoption by federal state authorities, state authorities of the constituent entities of the Russian Federation of regulatory legal acts that infringe on the constitutional rights and freedoms of citizens in the field of spiritual life and information activities; Creation of monopolies for the formation, receipt and dissemination of information in the Russian Federation, including with the use of telecommunication systems; Creation of monopolies for the formation, receipt and dissemination of information in the Russian Federation, including with the use of telecommunication systems; Opposition, including on the part of criminal structures, of citizens exercising their constitutional rights to personal and family secrets, the secrecy of correspondence, telephone conversations and other communications; Opposition, including on the part of criminal structures, of citizens exercising their constitutional rights to personal and family secrets, the secrecy of correspondence, telephone conversations and other messages; Irrational, excessive restriction of access to socially necessary information; Irrational, excessive restriction of access to socially necessary information; Illegal use of special means of influencing individual, group and public consciousness; Illegal use of special means of influencing individual, group and public consciousness;

Threats to the information support of the state policy of the Russian Federation may be: Monopolization of the Russian information market, its individual sectors by domestic and foreign information structures; Monopolization of the Russian information market, its individual sectors by domestic and foreign information structures; Blocking the activity of public funds mass media informing Russian and foreign audiences; Blocking the activities of state media to inform Russian and foreign audiences; Low efficiency information support the state policy of the Russian Federation due to the shortage of qualified personnel, the lack of a system for the formation and implementation of state information policy. Low efficiency of information support of the state policy of the Russian Federation due to the shortage of qualified personnel, the lack of a system for the formation and implementation of state information policy.

Threats to the development of the domestic information industry, including the industry of informatization, telecommunications and communications, to meeting the needs of the domestic market in its products and the entry of these products to the world market, as well as to ensuring the accumulation, preservation and effective use of domestic information resources can be: the latest information technologies, mutually beneficial and equal participation Russian manufacturers in the global division of labor in the industry of information services, informatization, telecommunications and communications, information products, as well as creating conditions for strengthening Russia's technological dependence in the field of modern information technologies; Opposing the access of the Russian Federation to the latest information technologies, mutually beneficial and equal participation of Russian manufacturers in the global division of labor in the industry of information services, informatization, telecommunications and communications, information products, as well as creating conditions for strengthening Russia's technological dependence in the field of modern information technologies; purchase by public authorities of imported means of informatization, telecommunications and communications in the presence of domestic analogues that are not inferior in their characteristics to foreign models; purchase by public authorities of imported means of informatization, telecommunications and communications in the presence of domestic analogues that are not inferior in their characteristics to foreign models; displacement from domestic market Russian manufacturers of means of informatization, telecommunications and communications; exclusion from the domestic market of Russian manufacturers of informatization, telecommunications and communications; increase in the outflow of specialists and intellectual property rights holders abroad. increase in the outflow of specialists and intellectual property rights holders abroad.

Threats to the security of information and telecommunications facilities and systems, both already deployed and being created on the territory of Russia, can be: Illegal collection and use of information; Illegal collection and use of information; Violations of information processing technology; Violations of information processing technology; Introduction into hardware and software products of components that implement functions that are not provided for by the documentation for these products; Introduction into hardware and software products of components that implement functions that are not provided for by the documentation for these products; Development and distribution of programs that disrupt the normal functioning of information and information and telecommunication systems, including information security systems; Development and distribution of programs that disrupt the normal functioning of information and information and telecommunication systems, including information security systems; Destruction, damage, electronic suppression or destruction of means and systems of information processing, telecommunications and communications; Destruction, damage, electronic suppression or destruction of means and systems of information processing, telecommunications and communications; Impact on password-key protection systems automated systems processing and transmission of information; Impact on password-key protection systems for automated systems for processing and transmitting information; Compromise of keys and means of cryptographic information protection; Compromise of keys and means of cryptographic information protection; Leakage of information through technical channels; Leakage of information through technical channels; Destruction, damage, destruction or theft of machine and other storage media; Destruction, damage, destruction or theft of machine and other storage media; Interception of information in data networks and communication lines, decryption of this information and imposition of false information; Interception of information in data networks and communication lines, decryption of this information and imposition of false information;

Chapter 3 Sources of threats to information security of the Russian Federation are divided into external and internal. TO external sources include: External sources include: activities of foreign political, economic, military, intelligence and information structures directed against the interests of the Russian Federation in the information sphere; activities of foreign political, economic, military, intelligence and information structures directed against the interests of the Russian Federation in the information sphere; the desire of a number of countries to dominate and infringe upon the interests of Russia in the global information space, to oust it from the external and internal information markets; the desire of a number of countries to dominate and infringe upon the interests of Russia in the global information space, to oust it from the external and internal information markets; aggravation of international competition for the possession of information technologies and resources; aggravation of international competition for the possession of information technologies and resources; activities of international terrorist organizations; activities of international terrorist organizations; increasing the technological gap between the leading powers of the world and building up their capabilities to counteract the creation of competitive Russian information technologies; increasing the technological gap between the leading powers of the world and building up their capabilities to counteract the creation of competitive Russian information technologies; activities of space, air, sea and ground technical and other means (types) of reconnaissance of foreign states; activities of space, air, sea and ground technical and other means (types) of reconnaissance of foreign states;

Internal sources include: the critical state of domestic industries; the critical state of domestic industries; unfavorable criminogenic situation, accompanied by trends in the merging of state and criminal structures in the information sphere, obtaining access to confidential information by criminal structures, increasing the influence of organized crime on society, reducing the degree of protection of the legitimate interests of citizens, society and the state in the information sphere; unfavorable criminogenic situation, accompanied by trends in the merging of state and criminal structures in the information sphere, obtaining access to confidential information by criminal structures, increasing the influence of organized crime on society, reducing the degree of protection of the legitimate interests of citizens, society and the state in the information sphere; insufficient coordination of activities federal bodies state authorities, state authorities of the constituent entities of the Russian Federation on the formation and implementation of a unified state policy in the field of ensuring information security of the Russian Federation; insufficient coordination of the activities of federal state authorities, state authorities of the constituent entities of the Russian Federation in the formation and implementation of a unified state policy in the field of ensuring information security of the Russian Federation; insufficient development of the regulatory legal framework governing relations in the information sphere, as well as insufficient law enforcement practice; insufficient development of the regulatory legal framework governing relations in the information sphere, as well as insufficient law enforcement practice; underdevelopment of civil society institutions and insufficient state control behind the development of the Russian information market; underdevelopment of civil society institutions and insufficient state control over the development of the information market in Russia;

In recent years, the Russian Federation has implemented a set of measures to improve its information security. legal support information security. The Law of the Russian Federation "On State Secrets", the Fundamentals of the Legislation of the Russian Federation on the Archival Fund of the Russian Federation and Archives, the Federal Laws "On Information, Informatization and Information Protection", "On Participation in International Information Exchange", a number of other laws have been adopted, the formation of a database has begun legal support of information security. The Law of the Russian Federation "On State Secrets", the Fundamentals of the Legislation of the Russian Federation on the Archival Fund of the Russian Federation and Archives, the federal laws "On Information, Informatization and Information Protection", "On Participation in International Information Exchange", a number of other laws, the Law on the Fundamentals of Legislation "On Information, Informatization and Protection of Information" "On Participation in International Information Exchange" Law Fundamentals of Legislation "On Information, Informatization and Protection of Information" "On Participation in International Information Exchange" state system protection of information, the system of protection of state secrets, the system of licensing activities in the field of protection of state secrets and the system of certification of means of protecting information. The state system of information protection, the system of protection of state secrets, the system of licensing activities in the field of protection of state secrets and the system of certification of information security tools contribute to the successful solution of issues of ensuring the information security of the Russian Federation. At the same time, an analysis of the state of information security in the Russian Federation shows that its level does not fully meet the needs of society and the state. At the same time, an analysis of the state of information security in the Russian Federation shows that its level does not fully meet the needs of society and the state.

PROTECTION INFORMATION

Data protection

is a set of measures aimed at ensuring information security.

Why is there a need to protect information

The problem of protecting information from unauthorized access has become especially acute with the widespread use of local and, especially, global computer networks.

Often the damage is caused due to elementary user errors that accidentally corrupt or delete vital data.

Why protect information?

Information circulating in control and communication systems can cause large-scale accidents, military conflicts, disruption of activities scientific centers and laboratories, the ruin of banks and commercial organizations. Therefore, information must be able to be protected from distortion, loss, leakage, illegal use.

Type of protection

Protection methods

From hardware failures

From accidental loss or distortion of information stored in the computer

• A request to confirm the execution of commands that modify files (for example, when replacing a file);

From computer viruses

Setting special attributes of documents and programs (read-only, hidden);

• Archiving and backing up files
• Preventive measures to reduce the likelihood of infection;

From unauthorized access to information (its use, modification, distribution)

Ability to undo an incorrect action or restore an erroneously deleted file;

Use of antivirus programs.

Encryption;

Differentiation of user access to PC resources.

Password protection;

" electronic locks " ;

administrative and law enforcement measures.

Automatic file backup

When using automatic backup programs, the command to save the file is automatically duplicated and the file is saved on two independent media, for example, on two hard drives. Failure of one of them does not lead to loss of information.

File backup is widely used, in particular in banking.

Types of computer crimes

• Unauthorized access to information,
• Entering logic bombs,
• Development and distribution of viruses,
• Criminal negligence in development,
• Fake computer information
• Theft of computer information.

Measures preventing computer crimes

• Technical
• Organizational
• Legal

The protection of information in computers should be considered as a set of measures, including organizational, technical, legal, software, operational, insurance, and even moral and ethical measures.

Technical measures

Protection against unauthorized access to the system

Redundancy of Critical Computer Subsystems

Organization of computer networks

Installation of fire fighting equipment

Equipped with locks, alarms.

Organizational arrangements

• computer center security
• careful selection of staff
• availability of a recovery plan (after a failure),
• universality of means of protection from all users.

Legal measures

• Development of norms establishing responsibility for computer crimes;
• Copyright protection of programmers;
• Improvement of criminal and civil legislation.

"Legislation in the field of information"

10 basic laws, in which:

• the basic terms and concepts are defined,
• regulates the dissemination of information,
• copyright protection,
• property and non-property relations.

Article 273 of the Criminal Code of the Russian Federation

• Provides for criminal liability for the creation of computer programs or their modification, leading to unauthorized destruction.
• Protects the rights of the owner.
• Criminal liability resulting from the creation of the program.
• To attract, the mere fact of creating programs is sufficient.

Legal protection of information is regulated by the laws of the Russian Federation

The legal protection provided by this law extends to all types of computer programs that can be expressed in any language and in any form, including source text in a programming language and machine code. But legal protection does not extend to the ideas and principles underlying the computer program, including the ideas and principles of interface and algorithm organization.

To notify of his rights, the developer of the program may, starting from the first release of the program, use a copyright sign consisting of 3 elements:

• letters C in a circle or parentheses ©; title (name) of the right holder; year of the program's first release.
• letters C in a circle or parentheses ©;
• title (name) of the right holder;
• year of the program's first release.

© 1993-1997 Microsoft Corporation.

An organization or a user who legally owns a copy of the program (who has bought a license to use it) has the right, without obtaining additional permission from the developer, to carry out any actions related to the operation of the program, including its recording and storage in the computer memory. Recording and storage in the computer memory is allowed in relation to one computer or one user in the network, unless otherwise provided by the contract with the developer.

You must know and comply with existing laws that prohibit illegal copying and use of licensed software. In relation to organizations or users that infringe copyright, the developer may seek damages and compensation from the infringer in an amount determined at the discretion of the court from 5,000 times to 50,000 times the minimum monthly wage.

Digital signature

In 2002, the Law of the Russian Federation "On digital signature", which became the legislative basis electronic document management in Russia. Under this law, an electronic digital signature in an electronic document is recognized as legally equivalent to a signature in a paper document.

When registering an electronic digital signature in specialized centers the correspondent receives two keys: secret and public. The secret key is stored on a floppy disk or smart card and should be known only to the correspondent himself. The public key must be held by all potential recipients of documents and is usually distributed via e-mail.

The process of electronic signing of a document consists in processing the text of the message using a secret key. Next, the encrypted message is sent by e-mail to the subscriber. To authenticate the message and electronic signature the subscriber uses the public key.

The computer air defense system of the North American continent once declared a false nuclear alarm, putting the armed forces on alert. And the cause was a defective 46-cent chip - a small, coin-sized silicon element.

Examples of errors when working with information

In 1983, a flood occurred in the southwestern United States. The cause was a computer that was entered with incorrect weather data, as a result of which it gave an erroneous signal to the locks blocking the Colorado River.

Examples of errors when working with information

In 1971, 352 cars disappeared from the New York Railroad. The criminal took advantage of the information of the computer center that manages the work railway, and changed the destination addresses of the wagons. The damage caused amounted to more than a million dollars.

Incorrect work of users and maintenance personnel

80-90% of information security threats large companies comes from the "internal enemy" - careless users who can, for example, download a file with a virus from the network.

Technical failures of equipment

Cabling Disruption Prevention

Power failure protection

Disk Failure Prevention

Unauthorized access from outside

« Hacker" is an English word that refers to an individual who takes pleasure in learning the details of the functioning of computer systems and in expanding the capabilities of these systems (as opposed to most users who prefer to know only the necessary minimum).

information security professionals

hackers (

crackers

The main task of a hacker is to investigate the protection, find weaknesses in the security system and inform users and developers about them in order to eliminate the vulnerabilities found and increase the level of protection.

Crackers carry out "hacking" of the system in order to obtain unauthorized access to information resources and systems closed to them.

Crackers

vandals

penetration into the system with the aim of its complete destruction

jokers

notoriety gained by infiltrating the system

crackers

hacking the system in order to gain profit by stealing or replacing information

Internet information protection

If a computer is connected to the Internet, then in principle any user also connected to the Internet can access the information resources of this computer. If the server has a connection to the Internet and simultaneously serves as a local network server (Intranet server), then unauthorized access from the Internet to local network.

The mechanisms for penetration from the Internet to a local computer and to a local network can be different:

• Web pages loaded into the browser may contain active ActiveX controls or Java applets that can perform destructive actions on the local computer;
• some Web servers place text cookies on the local computer that can be used to obtain confidential information about the user of the local computer;
• using special utilities, you can access disks and files on the local computer, etc.

To prevent this from happening, a software or hardware barrier is installed between the Internet and the Intranet using firewall(firewall - firewall). The firewall monitors the transfer of data between networks, monitors current connections, detects suspicious activity and thereby prevents unauthorized access from the Internet to the local network.

Firewall

firewall (firewall) is a software and/or hardware barrier between two networks that allows only authorized connections to be established.

The firewall protects a local area network connected to the Internet or a separate Personal Computer from penetration from the outside and excludes the possibility of access to confidential information.

Protection of programs from illegal copying and use

Computer pirates, illegally replicating software, devalue the work of programmers, make software development an economically unprofitable business. In addition, software pirates often offer users unfinished programs, programs with errors, or their demo versions.

For computer software to function, it must be installed (installed). Software distributed by manufacturers in the form of distribution kits on CD-ROM. Each distribution has its own serial number, which prevents illegal copying and installation of programs.

Special protections can be used to prevent illegal copying of programs and data stored on the CD-ROM. The CD-ROM may contain an encrypted software key, which is lost during copying and without which the program cannot be installed.

Protection against illegal use of programs can be implemented using a hardware key, which is usually attached to the computer's parallel port. The protected application accesses the parallel port and requests a secret code; if the hardware key is not connected to the computer, the protected application determines the situation of protection violation and stops its execution.

• Berne Convention for the Protection of Literary and Artistic Works 1886
• World Copyright Convention 1952

• Constitution of the Russian Federation Art. 44.
• Civil Code of the Russian Federation.
• Copyright and Related Rights Act 1993
• Law of the Russian Federation "On the legal protection of computer programs and databases" 1992

• Latin letter C inside a circle ©,
• The name of the owner of the exclusive copyright,
• Date of first publication.

© 1993-1997 Microsoft Corporation

• copyright,
• Right to a name
• The right to publish
• The right to protect reputation.

If programs are created in order of execution official duties or on the instructions of the employer, they belong to the employer, unless otherwise provided in the contract between him and the author.

Extract from the Criminal Code of the Russian Federation

Chapter 28. Crimes in the field of computer information

Article 272. Illegal access to computer information.

1. Illegal access to computer information protected by law, that is, information on a machine carrier, in an electronic computer (ECM), if this act caused the destruction, blocking, modification or copying of information, disruption of the computer, - shall be punished

• a fine of two hundred to five hundred minimum dimensions wages
• or in size wages or other income of the convicted person for a period of two to five months,
• or correctional labor for a term of six months to one year,
• or imprisonment for up to two years.

2. The same act committed by a group of persons by prior agreement or by an organized group, or by a person using his official position, as well as having access to a computer, a computer system or their network, is punishable by a fine in the amount of one hundred thousand to three hundred thousand rubles or the amount of wages or other income of the convicted person for a period of one to two years, or compulsory work for a term of one hundred and eighty to two hundred and forty hours, or by corrective labor for a term of up to two years, or by arrest for a term of three to six months, or by deprivation of liberty for a term of up to five years.

Article 273. Creation, use and distribution of malicious programs for computers

Creating computer programs or making changes to existing programs that knowingly lead to unauthorized destruction, blocking, modification or copying of information, disruption of the computer, as well as the use or distribution of such programs or machine media with such programs, is punishable.

• imprisonment for up to three years with a fine in the amount of two hundred to five hundred times the minimum wage
• or in the amount of wages or other income of the convicted person for a period of two to five months. The same acts that caused grave consequences - are punishable by imprisonment for a term of three to seven years.

Article 274

1. Violation of the rules for the operation of a computer by a person who has access to a computer, resulting in the destruction, blocking or modification of computer information protected by law, if this act caused significant harm, shall be punished

• deprivation of the right to hold certain positions or engage in certain activities for up to five years,
• or compulsory works for a period of one hundred and eighty to two hundred and forty hours,
• or restraint of liberty for up to two years.

2. The same act, negligently entailing grave consequences, is punishable by deprivation of liberty for a term of up to four years.

• By fingerprints
• According to the characteristics of speech
• According to the geometry of the palms of the hands,
• By face,
• On the iris of the eye.

INFORMATION PROTECTION

It was announced in 1988 by the Association computer equipment to once again remind all users of the need to maintain the protection of their computers and the information stored on them.

In that year, the Morris worm attacked computers for the first time, as a result of which 6,000 nodes of the Internet's predecessor, the ARPANET, were infected. This attack caused $96 million in damages. The author of this virus might not have been found, but Robert Morris, a graduate student at Cornell University, was forced to confess by his own father. Morris received 3 years of probation and 400 hours of community service. In addition, he paid a $10,500 fine. Since in 1988 it was the first mass epidemic that hit computers, experts began to seriously think about an integrated approach to ensuring the security of information resources.

What is the best way to choose components for a password?

• Do not use a password that is a dictionary word.
• If possible, punctuation marks can be used.
• You can use lowercase and uppercase characters, as well as numbers from 0 to 9.

• The optimal number for compiling a password is the number of digits (letters) from 8 to 10.
• Use the last characters from a list of numbers, characters, or the alphabet.
• Beware of interceptor programs.

“If you don’t report the data within a week, you will be blocked”

"If you want to protect yourself from phishing, follow this link and enter your username and password"

Phishing is a type of Internet fraud, the purpose of which is to obtain identified user data.

• How can I fix my copyright on a software product?
• Why is software piracy damaging to society?
• What are the software and hardware ways to protect information?

The main goals and objectives of information security Information environment is a set of
conditions, means and methods based on
computer systems designed for
creation and use of information
resources.
Information threat is a set
factors that pose a risk to
functioning of the information environment.
Information security - a set
measures to protect the information environment
society and man.

Basic definitions

Objects that should be provided with information security include:

Sources of the main information threats for Russia

Deliberate Threats

Random Threats

The importance of information security for various specialists from the position of the company and stakeholders

2. Classification of threats

2.1. Types of threat sources

2.1.1. Anthropogenic sources

2.1.2. Technogenic sources

2.1.3. Natural disasters

2.2. Based on topology

2.2. Based on topology

2.3. Based on impact

3. Hazard ratio on the basis of topology from common internal and external threats

4. Violation model

4. Violation model

4. Violation model

Description of the presentation on individual slides:

1 slide

Description of the slide:

2 slide

Description of the slide:

Information security is understood as the protection of an information system from accidental or deliberate interference that is detrimental to the owners or users of information. *

3 slide

Description of the slide:

In practice, three aspects of information security are the most important: availability (the ability to obtain the required information service); integrity (relevance and consistency of information, its protection from destruction and unauthorized changes); confidentiality (protection against unauthorized reading). *

4 slide

Description of the slide:

5 slide

Description of the slide:

Methods for ensuring the protection of information in an organization are: Obstruction - a method of physically blocking the path of an intruder to the protected information (alarm, locks, etc.). *

6 slide

Description of the slide:

Access control is a method of information protection associated with the regulation of the use of all resources of an information system. DM includes the following protection functions: identification of employees and resources of the information system; authentication (authentication) of the object by the identifier (name) presented by it. Typically, these tools include passwords; authorization check - user authorization; *

7 slide

Description of the slide:

Masking is a method of protecting information in an organization's information system by cryptographically closing it. Regulation is a method of protecting information that creates certain conditions for automated processing, storage and transmission of information, under which the possibility of unauthorized access to it (network attacks) would be minimized. *

8 slide

Description of the slide:

Coercion is a method of protection in which system users are forced to comply with the rules for processing, transferring and using protected information under the threat of material, administrative and criminal liability. Motivation is a method of protecting information that motivates employees not to violate established rules by complying with established moral and ethical standards. *

9 slide

Description of the slide:

Means of information protection The main means of protection are: physical, hardware, software, hardware-software, cryptographic, organizational, legislative and moral and ethical. Physical means of protection are intended for external protection of the territory of objects and protection of the components of the organization's information system. Hardware protection means are devices built into information system blocks (servers, computers, etc.). They are designed for internal protection of the elements. computer science and means of communication Software protection tools are designed to perform the functions of protecting an information system using software tools (Anti-virus protection, Firewalls, etc.) Hardware and software protection tools. *

10 slide

Description of the slide:

Cryptographic means - means of protecting information associated with the use of encryption tools. Organizational means - measures regulating the behavior of an employee of the organization. Legislative means are legal acts that regulate the rules for the use, processing and transmission of information and establish liability measures. Moral and ethical means - the rules and norms of behavior of employees in a team. *

11 slide

Description of the slide:

12 slide

Description of the slide:

can be divided into five groups: Systems of identification (recognition) and authentication (authentication) of users. Disk data encryption systems. Encryption systems for data transmitted over networks. Electronic data authentication systems. Cryptographic key management tools. *

13 slide

Description of the slide:

1. Systems of identification (recognition) and authentication (authentication) of users. They are used to restrict access of random and illegal users to the resources of a computer system. The general algorithm of work is to obtain from the user information proving his identity, verify its authenticity and then provide (or not provide) this user with the opportunity to work with the system. *

14 slide

Description of the slide:

The following types are distinguished: secret information possessed by the user (password, secret key, personal identifier, etc.); the user must memorize this information, or it can be applied special means storage; physiological parameters of a person (fingerprints, drawing of the iris, etc.) or behavioral characteristics (features of working on the keyboard, etc.). Systems based on the first type of information are considered traditional. Systems that use the second type of information are called biometric. *

15 slide

Description of the slide:

2. Disk data encryption systems To make information useless to the enemy, a set of data conversion methods is used, called cryptography [from the Greek. kryptos - hidden and grapho - I write]. Encryption systems can perform cryptographic transformations of data at the file level or at the disk level. The programs of the first type include archivers such as ARJ and RAR, which allow the use of cryptographic methods to protect archive files. An example of a second type of system is the Diskreet encryption program, which is part of the popular Norton Utilities software package, Best Crypt. *

16 slide

Description of the slide:

Most systems that offer to set a password for a document do not encrypt the information, but only provide a password request when accessing the document. These systems include MS Office, 1C and many others. *

17 slide

Description of the slide:

3. Encryption systems for data transmitted over networks There are two main encryption methods: channel encryption Terminal (subscriber) encryption. *

18 slide

Description of the slide:

In the case of channel encryption, all information transmitted over a communication channel, including service information, is protected. This encryption method has the following advantage - embedding encryption procedures at the link layer allows the use of hardware, which improves system performance. However, this approach there are also significant drawbacks: service data encryption complicates the network packet routing mechanism and requires data decryption in intermediate communication devices (gateways, repeaters, etc.); Encryption of service information can lead to the appearance of statistical patterns in encrypted data, which affects the reliability of protection and imposes restrictions on the use of cryptographic algorithms. *

19 slide

Description of the slide:

End-to-end (subscriber) encryption allows you to ensure the confidentiality of data transmitted between two subscribers. In this case, only the content of messages is protected, all service information remains open. The disadvantage is the ability to analyze information about the structure of the message exchange, such as the sender and recipient, the time and conditions of data transmission, as well as the amount of data transmitted. *

20 slide

Description of the slide:

4. Electronic data authentication systems When exchanging data over networks, the problem arises of authenticating the author of a document and the document itself, i.e. establishing the author's identity and checking the absence of changes in the received document. For data authentication, a message authentication code (imitation insertion) or an electronic signature is used. The spoof is generated from the open data by means of a special encryption transformation using a secret key and transmitted over a communication channel at the end of the encrypted data. The spoof insertion is verified by the receiver, who owns the secret key, by repeating the procedure previously performed by the sender on the received public data. An electronic digital signature is a relatively small amount of additional authentication information transmitted along with the signed text. The sender forms digital signature using the sender's private key. The recipient verifies the signature using the sender's public key. Thus, the principles of symmetric encryption are used to implement imitation insertion, and asymmetric encryption is used to implement an electronic signature. We will study these two encryption systems in more detail later. *

21 slide

Description of the slide:

5. Cryptographic Key Management Tools The security of any cryptosystem is determined by the cryptographic keys used. In the case of weak key management, an attacker can get hold of key information and gain complete access to all information on a system or network. There are the following types of key management functions: generation, storage, and distribution of keys. Methods for generating keys for symmetric and asymmetric cryptosystems are different. To generate keys of symmetric cryptosystems, hardware and software tools for generating random numbers are used. Key generation for asymmetric cryptosystems is more difficult, since the keys must have certain mathematical properties. We will dwell on this issue in more detail when studying symmetric and asymmetric cryptosystems. The storage function involves the organization of secure storage, accounting and deletion key information. To ensure the secure storage of keys, they are encrypted using other keys. This approach leads to the concept of a key hierarchy. The key hierarchy typically includes a master key (i.e., a master key), a key encryption key, and a data encryption key. It should be noted that the generation and storage of the master key is a critical cryptographic issue. Distribution is the most critical process in key management. This process must ensure that the keys to be distributed are kept secret and must be prompt and accurate. Keys are distributed between network users in two ways: by direct exchange of session keys; using one or more key distribution centers. *

22 slide

Description of the slide:

List of documents ON STATE SECRET. Law of the Russian Federation of July 21, 1993 No. 5485-1 (as amended federal law dated October 6, 1997 No. 131-FZ). ABOUT INFORMATION, INFORMATIZATION AND PROTECTION OF INFORMATION. Federal Law of the Russian Federation of February 20, 1995 No. 24-FZ. Accepted State Duma January 25, 1995. ON LEGAL PROTECTION OF PROGRAMS FOR ELECTRONIC COMPUTERS AND DATABASES. Law of the Russian Federation of February 23, 1992 No. 3524-1. ABOUT ELECTRONIC DIGITAL SIGNATURE. Federal Law of the Russian Federation of January 10, 2002 No. 1-FZ. ABOUT COPYRIGHT AND RELATED RIGHTS. Law of the Russian Federation of July 9, 1993 No. 5351-1. ABOUT THE FEDERAL BODIES OF GOVERNMENT COMMUNICATIONS AND INFORMATION. Law of the Russian Federation (as amended by Decree of the President of the Russian Federation of December 24, 1993 No. 2288; Federal Law of November 7, 2000 No. 135-FZ. Regulations on the accreditation of testing laboratories and certification bodies for information security equipment on information security requirements / State Technical Commission under the President of the Russian Federation Instructions on the procedure for marking certificates of conformity, their copies and certification means of information security / State Technical Commission under the President of the Russian Federation. *

23 slide

Description of the slide:

Regulations on the certification of informatization objects for information security requirements / State Technical Commission under the President of the Russian Federation. Regulations on the certification of information security tools for information security requirements: with additions in accordance with Decree of the Government of the Russian Federation of June 26, 1995 No. 608 "On certification of information security tools" / State Technical Commission under the President of the Russian Federation. Regulations on state licensing of activities in the field of information security / State Technical Commission under the President of the Russian Federation. Automated systems. Protection against unauthorized access to information. Classification of automated systems and information security requirements: Guidance Document/ State Technical Commission under the President of the Russian Federation. The concept of protection of computer equipment and automated systems from unauthorized access to information: Guiding document / State Technical Commission under the President of the Russian Federation. Computer facilities. Firewalls. Protection against unauthorized access to information. Indicators of security against unauthorized access to information: Guidance document / State Technical Commission under the President of the Russian Federation. Computer facilities. Protection against unauthorized access to information. Indicators of security against unauthorized access to information: Guidance document / State Technical Commission under the President of the Russian Federation. Data protection. Special security marks. Classification and General requirements: Guiding document / State Technical Commission under the President of the Russian Federation. Protection against unauthorized access to information. Terms and definitions: Guiding document / State Technical Commission under the President of the Russian Federation. *

24 slide

Description of the slide:

Used resources http://univer-nn.ru/ib/metodi-bezopasnosti.php http://protect.htmlweb.ru/p01.htm http://blog.cntiprogress.ru/tag/informacionnaya-bezopasnost/ *