Information security model.
Information security model
In order to protect users from unauthorized intrusion and theft of information resources and confidential data, specialists have developed an information security model. The basis of the model is based on the fact that a modern information system is a complex multi-level mechanism, which consists of many components of varying degrees of autonomy. Almost every component can be subject to external influence or fail. Information Security Modelprovides a plan for protecting each of these components. The components of an information system are hardware — computers and their components (processors, monitors, terminals, peripherals — disk drives, printers, controllers, cables, communication lines, etc.); software — purchased programs, source, object, boot modules; operating systems and system programs (compilers, linkers, etc.), utilities, diagnostic programs, etc.; data — stored temporarily and permanently, on magnetic media, printed, archives, system logs, etc. Information Security Modelimplies the following ways of violating the security status: emergency situations due to natural disasters and power outages; hardware failures and malfunctions; software errors; personnel errors; interference in communication lines due to environmental influences; deliberate actions of violators. Information security of personal data must be ensured at all levels of threat — both deliberate and unplanned. Information security modeldevelops mechanisms and provides for the practical implementation of how the protection of the user's information rights will be carried out.
Crimes in the field of information security
The information security of personal data is under threat, first of all, as a result of unauthorized access. Unauthorized access to user files can be carried out through weak points in the system's protection. Accordingly, the most common crimes in the field of information security – this is unauthorized access. As a rule, in such cases, any error in the protection system is used, for example, with the wrong choice of protection systems or their incorrect installation. Crimes in the field of information security can be carried out through a person: theft of information carriers, reading information without the owner's permission. Through the program crimes in the field of information securityare carried out by intercepting passwords, decrypting encrypted information, copying information from a carrier. Theft of information can occur by connecting specially designed hardware access to information or by intercepting side electromagnetic radiation from equipment. In addition, information security of personal datamay be attacked by computer networks, which is how known types of Trojan programs are distributed. Computer networks are characterized by the fact that remote attacks are carried out against them. The criminal may be located far from the attacked object, and not only a specific computer, but also information transmitted over network communication channels may be attacked. Specialists in these areas are studying means capable of neutralizing many types of malicious programs.
Information security tools
In means of ensuring information security must include the formation of a protective regime. The complex of measures taken also includes counteraction to unauthorized actions. Means of ensuring information securityare also called hardware and software protection tools. There are several categories of such tools, including: identification and authentication systems, PC data encryption systems, data encryption systems transmitted over networks, electronic data authentication systems, cryptographic key management systems. Information security tools, represented by user identification and authentication systems imply limiting unauthorized user access to the system. Data encryption systems are based on cryptographic transformation of data, both in files and on disk. Data encryption systems transmitted over networks are divided into channel and subscriber encryption. Channel encryption protects all information transmitted over the communication channel. Transferring encryption to the channel level allows using hardware, which helps to increase system performance. Although, there are also disadvantages: encryption of information can lead to complications in the routing mechanism. Subscriber encryption ensures the confidentiality of data transmitted between two subscribers. In this case, only the content of messages is protected, all service information remains open. The disadvantage is the ability to analyze information about the structure of message exchange, for example, about the sender and recipient, about the time and conditions of data transfer, as well as about the volume of data transferred. Information security tools through authentication of electronic data use a message authentication code or an electronic signature. Cryptographic key management tools are divided into: generation, storage, and distribution of keys.