Lecture 2
Approaches to systems creation of information protection
Вefore to create a concrete system of protection of information (SPI), it is necessary to determine what exactly information is subject of protection, what forces, methods and facilities, for this purpose will be required.
On this account a SPI are created on a method supposing following, cyclic repetitive sequence of executions during of all period of its functioning (Pict. 1).
1. Determination of information, to subject of protection.
2. An exposure of complete great number of potential possible threats and channels of information loss.
3. An estimation of vulnerability and risks of information at the present great number of threats and loss channels.
4. Determination of requirements to protection.
5. Realization of choice of protection facilities and their descriptions.
6. Introduction and employing organization of chosen measures, methods and facilities of protection.
7. Realization of control of integrity and management of protection system.
The indicated sequence of executions is carried out continuously on the exclusive cycle, with a proper analysis of the state of SPI and clarification of requirements to it after every step.
Analysis of the state of integrity of information and clarification
of requirements to SPI
Basic stages
of creation
of
protection
systems
7
Realization of control of integrity and management of protection
system
of
information, to subject of protection
6.
Introduction and employing organization of chosen measures,
methods and facilities of protection
5.
Realization of choice of protection facilities and their
descriptions
4.
Determination of system requirements to protection
Picture 1 - Continuous
cycle of SPI creation
1 Determination
2 An exposure of complete great number potential of possible threats and channels of information loss
3 An estimation of vulnerability and risks of information at the present great number of threats and loss channels
The construction of SPI is always begun with determination of information volume which must be protected. Such estimation on principle is needed and must be on possibility exact, as measures are directed on its protection cost very expensive. It is enough to say that leading firms in countries with a highly developed economy are expending about 20 percents of net profit for protection of production and commercial secrets.
The system of protection must be created simultaneously with creation of enterprise or organization where it will work. It will help to take minimum economic and moral losses in the case of disturbers attack to information. To that purpose security service is created. Tasks of this service are: realization of legal, organizational and technical measures of protection.
Creation of such service must be begun with the economic ground of its creation, because not every organization is in strength to bear expenses on its maintenance.
Organizational measures for protection on an enterprise are taken to regulation of production activity and interrelations of performers on normatively-legal basis, eliminating a damage to commercial activity.
The organizational measures:
- actions of security service, which are related to the selection and placing of staffs;
-· maintenance of the set mode of guard on an enterprise;
- implementation of measures providing of maintenance of confidential information.
Technical protection supposes utilization of different technical facilities, which prevent a damage causing of commercial activity. It is necessary to take to the next technical facilities and methods: physical, apparatus facilities and programming facilities, and also mathematical (cryptographic) methods.
Service safety can include, besides guidance of service another specialists, such as analysts, lawyers, specialists in area of safety and industrial secret service, specialists on technical protection of apartments, and also employees of guard and set mode.