Leakage channels of confidential information in the organization. Preventing leakage of confidential information (dlp). Croc approach. IV. The main ways of information leakage

The term "leakage of confidential information" is probably not the most euphonious, but it reflects the essence of the phenomenon more succinctly than other terms, moreover, it has long been entrenched in scientific literature and regulatory documents. Leakage of confidential information is illegal, i.e. unauthorized exit of such information outside the protected area of ​​its functioning or the established circle of persons entitled to work with it, if this exit led to the receipt of information (familiarization with it) by persons who do not have access to it authorized access. Leakage of confidential information means not only its receipt by persons who do not work at the enterprise, but also the unauthorized acquaintance with the confidential information of the persons of this enterprise also leads to leakage.

Loss and leakage of confidential documented information is caused by information vulnerability. Vulnerability of information should be understood as the inability of information to independently resist destabilizing influences, that is, such influences that violate its established status. Violation of the status of any documented information is a violation of its physical safety (either in general or at the given owner in full or in part), the logical structure and content, and accessibility to authorized users. Violation of the status of confidential documented information additionally includes a violation of its confidentiality (closed to unauthorized persons).

Vulnerability of documented information is a collective concept. It does not exist at all, but manifests itself in various forms. Such forms, expressing the results of a destabilizing effect on information, include (the existing variants of the names of the forms are indicated in brackets):

theft of the information carrier or information displayed in it (theft);

loss of information carrier (loss);

unauthorized destruction of the information carrier or information displayed in it (destruction);

distortion of information (unauthorized change, unauthorized modification, counterfeiting, falsification);

blocking information;

disclosure of information (distribution, disclosure).

The term "destruction" is used mainly in relation to information on magnetic media.

The existing variants of names: modification, forgery, falsification are not entirely adequate to the term "distortion", they have nuances, but their essence is the same - an unauthorized partial or complete change in the composition of the original information.

Blocking information in this context means blocking access to it by authorized users, not intruders.

Disclosure of information is a form of vulnerability manifestation only of confidential information.

One or another form of vulnerability of documented information can be realized as a result of deliberate or accidental destabilizing influence different ways on the medium of information or on the information itself from the sources of influence. These sources can be people technical means information processing and transmission, means of communication, natural disasters, etc. Ways of destabilizing influence on information are copying (photographing), recording, transferring, downloading, infecting information processing programs with a virus, violation of information processing and storage technology, withdrawal (or exit) from building and violation of the operating mode of technical means of processing and transmitting information, physical impact on information, etc.

The implementation of forms of manifestation of vulnerability of documented information leads or may lead to two types of vulnerability - loss or leakage of information.

Theft and loss of information carriers, unauthorized destruction of information carriers or only information displayed in them, distortion and blocking of information lead to the loss of documented information. Loss can be full or partial, irrecoverable or temporary (when information is blocked), but in any case it damages the owner of the information.

Leakage of confidential documented information is caused by its disclosure. In the literature and even in regulatory documents, the term "leakage of confidential information" is often replaced or equated with the terms: "disclosure of confidential information", "dissemination of confidential information." This approach is not legitimate. Disclosure or distribution of confidential information means unauthorized bringing it to consumers who do not have the right to access it. Moreover, such communication should be carried out by someone, come from someone. Leakage occurs during the disclosure (unauthorized distribution) of confidential information, but it is not limited to it. Leakage can also occur as a result of the loss of the carrier of confidential documented information, as well as theft of the carrier of information or the information displayed in it, if the carrier is retained by its owner (owner). “May happen” does not mean that it will happen. The lost media can fall into the wrong hands, and maybe it can be "grabbed" by a garbage truck and destroyed in the order established for garbage. In the latter case, no confidential information is leaked. Theft of confidential documented information is also not always associated with its receipt by persons who do not have access to it. There have been many cases when the theft of confidential information carriers was carried out from colleagues at work by persons admitted to this information for the purpose of "backing", causing harm to a colleague. Such carriers, as a rule, were destroyed by the persons who kidnapped them. But in any case, the loss and theft of confidential information, if it does not lead to its leakage, it always creates a threat of leakage. Therefore, we can say that the leakage of confidential information is caused by its disclosure and can lead to theft and loss. The difficulty lies in the fact that it is often impossible to determine, firstly, the very fact of disclosing or stealing confidential information while the information carrier is kept by its owner (owner), and secondly, whether the information has got through to unauthorized persons as a result of its theft or loss.

Information leakage - illegal exit of confidential information outside the protected area of ​​its functioning or the established circle of persons, the result of which is the receipt of information by persons who do not have authorized access to it.

In accordance with the Regulation on the procedure for handling proprietary information of limited distribution (Approved by the Resolution of the Council of Ministers of the Republic of Belarus dated February 15, 1999 No. 237), the need to comply with the confidentiality of information may relate to those information, the dissemination of which, in accordance with the current legislative acts, the organization considers undesirable in the interests of ensuring their activities.

Leakage of confidential information can result in loss of competitive advantages, lost commercial profits, sanctions by regulatory authorities, administrative and criminal liability for the disclosure of personal data, deterioration of the moral climate in the team due to the disclosure of information about the wages of employees, planned personnel changes, etc. Despite the fact that unauthorized disclosure of information is in many cases, an administrative and criminal offense, in conditions when the information legislation of the Republic of Belarus has not yet been fully formed, and the processes of lawmaking are far behind the level of development information technologies, there are significant difficulties in ensuring the legal protection of the interests of the owners of confidential information.

It should be noted that for organizations of state and non-state forms of ownership, the methods of protecting confidential information may differ not only due to the existing office work practice in them, but also due to the fact that the protected information may fall under the effect of legislative acts that have different powers for organizations and enterprises. state and non-state profile. For example, the Regulation on the Handling of Official Information of Restricted Distribution (Approved by the Resolution of the Council of Ministers of the Republic of Belarus No. 237 dated February 15, 1999) is related only to the documentation of state organizations. The rules for the protection of confidential information in commercial organizations are established in most cases by their owner (owner) and are based on other regulatory legal acts, such as, for example, the Regulation on commercial secrets.

The number of potential channels of information leakage is quite large. The most common of these fall under the category of inadvertent disclosure of information by employees due to ignorance or indiscipline. Lack of understanding of the rules for working with confidential documents, inability to determine which documents are confidential, and just ordinary conversations between employees - all this can lead to the declassification of data.

Deliberate "leakage" of information is much less common, but it is carried out purposefully and with the most dangerous consequences for the organization.

Taking into account the multiplicity of categories and channels of information leakage, it becomes obvious that in most cases the leakage problem cannot be solved in any simple way, let alone get rid of it completely. In addition, the implementation of any measures to restrict access to information or its dissemination potentially reduces the efficiency of the organization's core business processes. This means that a system of organizational and technical measures is required to block the main channels of information leakage with a certain degree of reliability and minimize existing risks without significantly reducing the efficiency of business processes. Without such a system, the rights to legal protection of the interests of the organization as the owner of information are unrealizable.

The confidential information leakage prevention system includes three main components: work with personnel, security policy, security services.

The main source of information leakage from an organization is its personnel. Human factor is able to "nullify" any of the most sophisticated security mechanisms. This is supported by numerous statistics showing that the vast majority of security incidents are related to the activities of employees of the organization. It is not surprising that HR is the main defense mechanism.

Key principles and rules of personnel management taking into account the requirements information security identified in international standard ISO / IEC 17799: 2000 and boil down to the need to fulfill certain security requirements, raise employee awareness and apply preventive measures against violators.

When working with personnel, the following safety requirements must be observed:

• 1. Responsibility for information security should be included in the job responsibilities of employees, including responsibility for meeting security policy requirements, security resources, processes and activities.
• 2. Appropriate checks should be carried out on employees upon hiring, including characteristics and recommendations, completeness and accuracy of CVs, education and qualifications, and identity documents.
• 3. The signing of a nondisclosure agreement by the candidate should be a prerequisite for hiring.
• 4. Information security requirements for an employee must be reflected in labor agreements. Responsibility for security breaches should also be spelled out there.

Some organizations have departments for dealing with confidential documents. For the head of such a department, a special job description is being developed. (Appendix 3)

The organization should also have an appropriate disciplinary process for security intruders that includes investigation, incident response and appropriate action.

When determining preventive measures, one should be guided by the provisions of the current legislation.

Sometimes “offended” former employees, in order to take revenge on the employer, post valuable information of the enterprise on the Internet or in the media, make it publicly available in other ways. By the way, personal enmity (in cases where disciplinary sanctions are applied to an employee or a person wants to take revenge for something) and the economic benefit of the employee and / or competitor are the most typical motives for information leakage. There are times when an employee freely disposes of valuable information, believing that it is he, and not his employer, who has the right to it.

Valuable information must be protected (to take legal, organizational, technical measures), moreover, starting from the moment of its comprehension, since by virtue of Art. 140 of the Civil Code of the Republic of Belarus, valuable information can be protected only when there is no free access to it on a legal basis and the owner of the information takes measures to protect its confidentiality.

A specific list of information that can be protected using the legislation on undisclosed information has not been established. According to article 140 of the Civil Code of the Republic of Belarus, information that has actual or potential commercial value due to its unknown to third parties, to which there is no free access on a legal basis and the owner of which takes measures to protect its confidentiality, can be protected. Article 1010 of the Civil Code of the Republic of Belarus states that technical, organizational or commercial information, including production secrets (“know-how”), can be protected from illegal use if it is unknown to third parties and if the conditions established by paragraph 1 of Article 140 are met Civil Code of the Republic of Belarus.

It can be seen from these norms that a fairly wide range of information can be protected by law. When referring this or that information to protected, it is advisable to proceed from its property of being useful. However, it must be borne in mind that, according to paragraph 3 of Art. 1010 of the Civil Code of the Republic of Belarus, the rules on the protection of undisclosed information do not apply to information that, in accordance with the legislation, cannot constitute an official or commercial secret (information on legal entities, rights to property and transactions with it, subject to state registration, etc.).

In paragraph 4 of Art. 1010 of the Civil Code of the Republic of Belarus, it is established that the right to protect undisclosed information is valid as long as the information has actual or potential commercial value due to its unknown to third parties, there will be no free access to it on a legal basis and the owner of the information will take measures to protect its confidentiality.

Regarding the latter condition, a complex of legal and factual measures must be taken. The first includes, first of all, the creation of a system of local regulations, which concretize the confidential information itself or signs of classifying information as confidential, who has the right to use it, etc. It is possible to determine the appropriate conditions in a civil contract.

The possibility of taking legal action flows directly from labor and civil law. In accordance with paragraph 10 of Art. 53 of the Labor Code of the Republic of Belarus, an employee is obliged "to keep state and official secrets, not to disclose the employer's commercial secrets without appropriate permission." According to part 2 of paragraph 2 of Art. 140 of the Civil Code of Belarus, persons who have obtained information that constitutes an official or commercial secret by illegal methods are obliged to compensate for the losses caused.

The same obligation is imposed on employees who disclosed official or commercial secrets contrary to an employment contract, including a contract, and on counterparties who have done so contrary to a civil law contract.

It should be noted that it is not enough to put the stamp “confidential” or “not for copying” on the document, since any employee can actually get acquainted with its content if desired. It is clear that in this case no actual measures have been taken to protect the information. Thus, there is a need to create a so-called "confidential office work" and a system of technical measures at the enterprise, with the help of which it would be possible to control access to valuable information.

The possibility to apply measures of responsibility for the disclosure or illegal use of undisclosed information is provided for by Part 2 of Art. 53 of the Labor Code of Belarus and paragraph 2 of Art. 140, art. 1011 of the Civil Code of the Republic of Belarus, art. 167-9 of the Code of Administrative Offenses of the Republic of Belarus, Part 2-3, Art. 201, Articles 254, 255, 375 of the Criminal Code of Belarus.

In most cases, we can talk about compensation for losses or the collection of a forfeit (if it is provided for by the contract), in the case of an administrative offense or crime - about fines or imprisonment.

The possibilities for proving the facts of unlawful disclosure or use of protected information, causing losses, as well as the causal relationship between them are the same as in any other legal tort - testimony of witnesses, explanations of the parties, expert opinions, etc.

The legislation of some countries in this area is curious. For example, in a number of states, an employer has the right to impose a ban on his employees from working in firms that directly compete with their company (and specific firms can be listed) for a certain period after the employee is fired, as well as a ban on the provision of certain information to these firms (for example , list of clients, partners).

As already mentioned, the organization should have a regulation on the protection of confidential information and related instructions. These documents should define rules and criteria for categorizing information resources according to the degree of confidentiality (for example, open information, confidential, strictly confidential), rules for marking confidential documents and rules for handling confidential information, including storage modes, methods of handling, restrictions on the use and transfer of third side and between divisions of the organization.

Particular attention should be paid to the protection of electronic confidential information. For electronic documents, the threat of losing confidential information is especially dangerous, since the fact of information theft is practically difficult to detect. Loss of confidential information processed and stored in computers can be caused by the following factors:

• · Unintentional errors of users, operators, assistants, business managers, employees of the confidential documentation service (hereinafter referred to as the CD service), system administrators and other persons serving information systems (the most frequent and greatest danger);
• · Theft and forgery of information;
• · Threats emanating from natural situations of the external environment;
• · Threats of virus infection.

Currently, in Belarus and abroad, a lot of work is underway to create automated data processing systems using machine-readable documents (MCD), one of the varieties of which are documents with bar codes. Machine-readable documents include shipping documents, labels and packaging of goods, checkbooks and plastic cards for payment of services, magnetic media. In this regard, the terms "electronic statements", "electronic money", etc. appeared.

The most widespread are graphic fonts designed for encoding and registering information in the optical range. There are three types here: graphic marks, stylized fonts, encoding fonts (bar codes).

The barcode is an alternation of light and dark stripes of different widths. The information is carried by the relative widths of light and dark stripes and their combinations, while the width of these stripes is strictly defined. Dark stripes are called strokes, and light stripes are called spaces (gaps).

Bar codes are read by special optical readers (reading devices) different types, including laser, which, perceiving strokes, spaces and their combinations, decode the barcode using microprocessor devices, carry out the control methods laid down in the codes and issue the values ​​of these codes in a certain alphabet (digital, alphanumeric, etc.) to the display, to the computer or other devices.

Currently, bar codes are widely used in the production and trade of goods, in many industries for the identification of blanks, products, packaging, designation of storage locations, in post offices, transport, etc.

To protect electronic information, rules for providing access to information resources, appropriate procedures and controls have been implemented, including authorization and access auditing.

Responsibility for the information security of the organization is borne by its leader, who delegates this responsibility to one of the managers.

The decision to grant access to specific information resources should be made by the owners of these resources, appointed from among the heads of departments that form and use these resources. In addition, the issues of granting access to specific employees should be agreed with their immediate supervisors.

Summing up, the following conclusions can be drawn:

• - The main source of information leakage from the organization is its personnel;
• - For purposeful disclosure of confidential information, an employee can be brought to administrative or criminal liability;
• - The manager is responsible for information security in the organization.

Information heat is a serious threat to many businesses. It can occur as a result of the intent of third parties or through the negligence of employees. The intentional organization of the leak is committed with two goals: the first of them is causing damage to the state, society or a specific enterprise, this goal is typical for manifestations of cyber terrorism; the second goal is to gain a competitive edge.

Unintentional leakage occurs most often through the negligence of employees in the organization, but can also lead to serious adverse consequences. The creation of a system for protecting information assets from loss in companies of all types should be carried out at a professional level, using modern technical means. To do this, it is necessary to have an understanding of the leakage channels and methods of blocking these channels, as well as the requirements for modern systems security.

Protection system design principles

There are certain principles on which a comprehensive system of measures to protect confidential information from leaks should be based:

• continuity of the system in space and time. The methods of protection used must control the entire material and information perimeter around the clock, preventing the occurrence of certain gaps or a decrease in the level of control;
• multi-zone protection. The information should be ranked according to the degree of significance, and methods of different levels of impact should be used to protect it;
• prioritization. Not all information is equally important, so the most serious safeguards should be applied to information that has the highest value;
• integration. All components of the system must interact with each other and be controlled from a single center. If the company is a holding company or has several branches, it is necessary to set up the management of information systems from the parent company;
• duplication. All the most important blocks and communication systems must be duplicated, so that in the event of a breakthrough or destruction of one of the defense links, it will be replaced by a control one.

Building systems of this level are not always required for small trading firms, but for large companies, especially those cooperating with a government customer, it is an urgent need.

Administrative and organizational measures

The head of the company, as well as one of his deputies, who is in charge of the security service, should be responsible for their observance. Almost 70% of the general degree of information security depends precisely on administrative and technical measures, since in the activities of commercial espionage services, the use of cases of bribery of employees is much more common than the use of special technical means of stealing information that requires high qualifications and the disclosure of information to third parties is not directly participating in the competition.

Development of documentation

All regulations of the organization dedicated to the protection of trade secrets and other information must comply with the most stringent requirements for similar documents required to obtain a license. This is due not only to the fact that they are the most elaborated, but also to the fact that high-quality preparation of this type of documentation will in the future give the opportunity to defend the company's position in court in the event of disputes about information leakage.

Work with personnel

Personnel are the weakest link in any information leakage protection system. This leads to the need to pay maximum attention to working with him. For companies working with state secrets, there is a system for issuing admissions. Other organizations need to take various measures to ensure that the ability to work with confidential data is limited. It is necessary to draw up a list of information constituting a trade secret and draw it up as an annex to the employment contract. When working with the information contained in the database, access systems must be developed.

It is necessary to restrict all copying possibilities and access to external e-mail... All employees must be familiar with the instructions on how to work with information containing commercial secrets, and confirm this by writing in the magazines. This will allow them to be held accountable if necessary.

The access regime that exists at the facility should involve not only fixing the data of all visitors, but also cooperation only with security companies that also meet all security requirements. The situation when an employee of a private security company is on duty at night at a facility, where employees, for the convenience of the system administrator, write down their passwords and leave them on the desktop, can be just as dangerous as the work of a professional hacker or the technical interception equipment installed in the premises.

Working with counterparties

Quite often, the perpetrators of information leaks are not employees, but the company's counterparties. These are numerous consulting and auditing companies, firms providing development and maintenance services information systems... As a rather curious, albeit controversial, example, one can cite the Ukrainian situation, where the work of a number of 1C subsidiaries was prohibited due to suspicions of the possibility of theft of confidential accounting information by its employees. The same danger is posed by the cloud CRM systems that are widespread today, which offer cloud storage services. With a minimum level of their responsibility for the safety of the information entrusted to them, no one can guarantee that the entire database of customer phone calls recorded in the system during its integration with IP-telephony will not immediately become the prey of competitors. This risk must be assessed as very serious. When choosing between server or cloud programs, you should choose the former. According to Microsoft number cyber attacks on cloud resources increased by 300% this year

Equally cautious is the need to treat all counterparties that require the transfer of data constituting a commercial secret. All contracts must provide for conditions introducing liability for its disclosure. Quite often, certificates of property and share valuation, audits, and consulting research are resold to competing organizations.

Planning and technical solutions

When planning the architecture of the premises in which negotiations are held or the protected information is located, all GOST requirements for protection methods must be observed. Meeting rooms must be capable of passing the required certification, all modern ways shielding, sound absorbing materials, jammers are used.

Leakage prevention technology and systems

To protect information from leakage or theft, it is necessary to apply a wide range of hardware and technical measures. Modern technical means are divided into four groups:

• engineering;
• hardware;
• software;
• cryptographic.

Engineering

This category of protective equipment is used in the implementation of planning and architectural solutions. They are devices that physically block the possibility of unauthorized persons entering the protected objects, video surveillance systems, alarms, electronic locks and other similar technical devices.

Hardware

These include measuring instruments, analyzers, technical devices, allowing to determine the location of embedded devices, everything that allows you to identify the existing channels of information leakage, assess the effectiveness of their work, identify significant characteristics and role in a situation with a possible or occurred loss of information. Among them there are field indicators, radio frequency meters, nonlinear locators, equipment for testing analog telephone lines. To identify voice recorders, detectors are used that detect side electromagnetic radiation, video camera detectors work on the same principle.

Software

This is the most significant group, since it can be used to avoid penetration of unauthorized persons into information networks, block hacker attacks, and prevent information interception. Among them, it should be noted special programs providing systemic information protection. These are DLP systems and SIEM systems that are most often used to create comprehensive information security mechanisms. DLP (Data Leak Prevention) provides complete protection against loss of confidential information. Today, they are mainly configured to work with threats within the perimeter, that is, those emanating from users of the corporate network, and not from hackers. The systems use a wide range of techniques for identifying points of loss or transformation of information and are capable of blocking any unauthorized entry or transmission of data, automatically checking all channels of their sending. They analyze the user's mail traffic, the content local folders, messages in messengers and, if an attempt to transfer data is detected, block it.

(Security Information and Event Management) manage information flows and events in the network, and an event is understood as any situation that may affect the network and its security. When it occurs, the system independently proposes a solution to eliminate the threat.

Software hardware can solve individual problems, and can provide complex security of computer networks.

Cryptographic

The complex application of the entire range of protection methods can be redundant, therefore, to organize information protection systems in a particular company, you need to create your own project, which will turn out to be optimal from a resource point of view.

Currently, information for organizations is one of the sources of wealth. Almost all information related to the activities of the organization is confidential. In this regard, there is a need to protect such information, but not infrequently, managers are quite careless about maintaining the confidentiality of information and the result is its leak. Taking measures to protect the confidentiality of information is a set of measures aimed at ensuring information security.

Failure to comply with measures to protect trade secrets or an incorrect policy in the field of information security leads to the emergence of a threat to information resources. Under the threat of information resources, a set of influences of factors of the external and internal environment of the organization is assumed, aimed at illegal or malicious obstruction or difficulty in its functioning in accordance with the statutory, long-term and short-term goals and objectives, as well as the alienation of the results of its activities.

Each threat, regardless of its content, leads to a violation of the confidentiality of information, a violation of the regime of such information, that is, it causes certain damage to the owner of a trade secret. Protecting confidential information and taking measures to eliminate threats is undertaken in order to eliminate the threat altogether, or at least reduce the possible damage from such actions.

One of the most significant types of threats to information resources is the leak of confidential information. Leakage of confidential information is the release of information outside the organization or the circle of people to whom it was known. Information leakage can be carried out through various technical channels. Under channel of information leakage it is customary to understand a certain path from a source of confidential information to a certain person who wants to take possession of such information. For the formation of a channel of information leakage, certain spatial, energy and temporal conditions are required, as well as the presence on the side of the attacker of the appropriate equipment for receiving, processing and fixing information.

The main channels of information leakage are employees of the organization, documents (for example, reports), and technical channels of information leakage.

In addition, a leak can occur in the process of joint work with other firms (for example, the creation of joint ventures), consultations of specialists from outside who gain access to the documentation and production activities of the firm, fictitious requests about the possibility of concluding transactions with the organization, etc.

Technical channels of confidential information leakage are visual-optical channels; acoustic channels; electromagnetic channels; personal computer networks; telephone, cellular and paging communication channels.

Currently, one of the main ways of transmitting a large amount of confidential information is by telephone. Therefore, as an example, let us consider technical methods of protecting confidential information transmitted over telephone lines.

For listening to telephone conversations, all kinds of listening devices are used, microphones built into a telephone receiver, a microphone amplifier, an electronic switch and other technical means.

There are active and passive methods and means of protecting the telephone from information leakage through the electroacoustic channel and from interception by electronic devices. The most common passive protection methods include:

Limitation of dangerous signals;

Filtration of dangerous signals;

Disable sources of dangerous signals.

The most effective method of protecting information is to disconnect telephones from the line when conducting confidential conversations in the room where they are installed. The simplest way to implement this method is to install a special switch in the body of a telephone or telephone line, which disconnects the telephone from the line either manually or automatically when the handset is on.

Active methods of protection against information leakage through an electroacoustic channel are reduced to the use of a masking low-frequency noise signal. To protect information from interception by electronic devices, there is another method (the method of high-frequency broadband masking interference), which consists in supplying a masking high-frequency broadband noise signal to the telephone line when the handset is on.

Wiretapping is possible thanks to electronic devices for intercepting voice information connected to telephone lines in one of three ways: sequentially (by breaking one of the wires), in parallel (simultaneously to two wires) and using an induction sensor (contactless connection). In the case of the first two connections, the power supply electronic devices interception is carried out from the telephone line, with the latter - from an autonomous current source. The activation of the radio transmitting device occurs only temporarily telephone conversation, in this case, the recording of the received speech information can be carried out. It is also possible to wiretap through the connection of a second telephone set in the next room.

There are several active methods for protecting telephone conversations by suppressing electronic interception devices.

The method of high-frequency masking interference consists in supplying a broadband masking interference signal to the line during a telephone conversation, the frequency of which is selected so that after passing through the microphone amplifier of the recorder, its level is sufficient to suppress the speech signal, but the quality of telephone conversations does not deteriorate. The efficiency of the interference signal increases with decreasing its frequency, i.e. the lower its frequency, the more interfering effect it has on the useful (speech) signal.

The "zeroing" method consists in the fact that at the time of a telephone conversation, a constant voltage is applied to the line, which, with reverse polarity, corresponds to the voltage in the line when the handset is off-hook. This method It is applicable to disable electronic devices for intercepting speech information with a contact connection to the telephone line, using it for power supply. Such devices include parallel telephones and telephone radio bookmarks.

The compensation method consists in the fact that when a voice message is transmitted on the receiving side using a special generator, a masking noise is applied to the telephone line and to one of the inputs of the two-channel adaptive filter, an adaptive mixture of the received useful (speech) and the same interference signals is supplied to the other input of the filter. ... Next, an adaptive filter extracts the useful signal by compensating for the noise component and sends it to a telephone or recording device. This method is highly effective for suppressing all known means of unauthorized information retrieval from a telephone line and is widely used for masking and hiding voice messages transmitted by a subscriber.

The "burn-out" method consists in applying high-voltage pulses to the telephone line. The telephone set is disconnected from the line if this method is used. The pulses are sent to the telephone line twice. Once when the telephone line is open (for "burning out" the electronic devices connected to it in parallel), and the second time when it is short-circuited (for "burning out" the serially connected devices). The telephone set is disconnected from the line if this method is used.

Currently, not only are used to protect telephone lines simple devices, implementing one of the protection methods, but also complex ones, which provide comprehensive protection of lines by combining several methods, including information protection from leakage through an electroacoustic channel.

Protection of information from leakage through an acoustic channel is a set of measures that exclude or reduce the possibility of confidential information leaving the controlled area due to acoustic fields.

CONCLUSION

So, in the lecture, we examined the concepts of "commercial secret" and "commercial secret regime", as well as the main provisions of the Federal Law of the Russian Federation "On commercial secrets". In addition, the lecture covers issues related to the leakage channels of confidential information and methods of its protection.

LITERATURE

1. Stepanov A.G., Sherstneva O.O. Trade secret protection. - M .: Publishing house "Alfa-Press", 2006. - 180 p.

Today, most enterprises use multilevel information processing systems - computers, cloud storage, corporate networks, etc. All these systems not only transmit data, but are also a medium for their possible leakage. Leakage of classified information is a process of uncontrolled disclosure of key data for a company.

A trade secret is information about the organization of an enterprise's activities, product development technologies, cash flow data, intellectual property and other information that the firm receives financially from owning.

Reason 1 - Personnel

Every employee in an enterprise is a potential threat to information security. Often people take work home - they move work files to their flash drives, transfer them over unsecured connection channels, and discuss information with employees of competing companies.

The actions of the staff are deliberate and unintentional. Unintentional actions are the result of ignorance of the rules for working with commercial information.

There is always a risk of information leakage from personnel, and it cannot be completely excluded. The security service can take measures that limit the interaction of employees with confidential information:

• Development of access control rules. The rules are a list of clear rights and restrictions that must be respected by each employee. Their basic principle is that each employee interacts only with the data that is necessary for his work. Thus, a simple manager will not be able to find out the technology of product development and other important data that an attacker wants to know.
• Compliance with the standards of documenting information that contains trade secrets.
• Prompt identification of employees who pose a threat of data disclosure.

Research of the level of information security in Russian and foreign companies, whichSearchInform held inIn 2018, it showed: ordinary employees are to blame for 74% of information security incidents. ...

How to identify an employee who discloses data to a competitor?

An authorized employee or security department should be responsible for the control of personnel's work with classified materials. Their task is to monitor the activities of employees throughout the working day and promptly identify all cases of information leakage.

In practice, it is possible to detect a person leaking a commercial secret by the following signs:

• An employee is delayed without warning after work at his workplace. In this case, there is a possibility that he is trying to gain access to classified information at a time when there are no supervisors nearby.

You need to pay attention to such a worker and see if his goal is to find out secret information. Special access accounting systems help to control the time spent by personnel at the workplace. It is necessary to start an investigation only if specific facts of leakage of protected information become known.

• The employee saves to his Personal Computer or a smartphone has too many electronic company documents.

This type of leak can be tracked in companies that use security systems. file system... The essence of their work is to create a common server that operates within the same corporate or Wi-Fi network. During each opening, copying and movement of data on the service PC, all information about the processes goes to the server. Thus, the security administrator can identify from which PC and in what quantity it was moved secret information.

• The employee unnecessarily copies paper documents, the information in which is for official use only.

According to the standards of documentation, all physical folders and files with trade secrets must be stored in the protected part of the archive. Access to documents is only possible for authorized employees. All data on the receipt of a document with a secret in hand must be documented (indicating the name of the employee and the exact time of issue of the document).

If a secret document falls into the hands of an unscrupulous employee, you can track its unauthorized copying on a scanner or copier, which stores a report on the latest actions. There are also fax machines that can only be accessed after the correct user ID-password pair is entered.

• The employee regularly breaks General requirements security when working with trade secrets.

If personnel regularly try to bypass the ban system by viewing prohibited resources, or use personal technology to process sensitive data, additional user control systems must be implemented. For example, DLP systems. Their task is to monitor all user correspondence from commercial mail and other electronic mailboxes that are registered in the system. Also, the protection module prohibits the installation of third-party software, and all actions of the employee at the computer are visible to the security administrator.

• The employee was caught in contact with employees of competing companies.

In large companies, workers often communicate outside of working hours. Thus, they get more information about each other and can learn about the connections of a colleague and an employee of a competing organization. The likelihood of ordinary friendly relations between people is also possible, but it is better to notify the company management about this in order to avoid unnecessary suspicion.

Reason 2 - Problems in recruiting

Frequent personnel changes, large-scale changes in the organization of the company's work, lower wages, staff layoffs - all this is part of the "turnover" of personnel. This phenomenon often becomes the reason for the leakage of classified information.

The crisis and the lack of funds for the payment of salaries are forcing the management to worsen the working conditions of the personnel. As a result, employees are increasingly dissatisfied, who may leave or simply start spreading classified data to competitors. The problem of staff turnover is especially important for management positions, because all managers must have access to classified documents.

The threat of spreading secrets can be carried not only by employees who have already left, but also by current employees, whose level of motivation is lowered.

To prevent the problem, you should create the most comfortable working conditions for your employees. In the event of a serious crisis, it is advisable to bring together staff to discuss possible ways way out of a difficult situation. It is important to notify employees of all payroll changes in advance and not upon payment of the salary.

Sometimes one employee creates an unfavorable atmosphere in the team.analyzes the correspondence of employees in e-mail and messengers and compiles their psychological portraits. The system determines positive and negative sides character of a person, which allows you to make the right management decisions.

To eliminate the "turnover", it is important to follow these recommendations:

• Establish a recruitment system. All leading organizations have a dedicated department dedicated to recruiting, firing and supporting employees. You should not look for an employee for a vacant position as quickly as possible. A good HR (recruiting specialist) is obliged to listen to several applicants for the position, to disseminate information about a vacancy to all popular Internet sites, to conduct a final competition, the results of which will determine the most suitable candidate.
• Implementation of a reward system. Employees should be rewarded for success in work, overfulfilment of plans and the conclusion of lucrative contracts. Examples of incentives include raising wages, improving working conditions, and moving up the career ladder.
• Providing all employees with opportunities for professional growth, advanced training. Good companies always send their employees to professional development courses or buy online trainings for more convenient training. It is also recommended to organize trainings from leading industry professionals.

Reason 3 - Business trips

The working process of the company implies business meetings, trips to other branches of the company, countries. Employees who travel frequently can inadvertently become the main cause of the leakage of classified information of the enterprise.

When traveling, such an employee always has a personal or corporate laptop / smartphone with him, which processes the protected documents. Equipment can be left in a public place, broken or stolen. If an employee is under surveillance or meets with a competing company, a lost laptop can become a major source of inside information.

To prevent such cases, it is important to use encryption systems hard disk those PCs that are issued to employees during business meetings. Even as a result of theft and unauthorized access, information will be reliably protected, and it will be impossible to crack it without knowing the key.

Reason 4 - Collaboration with other companies

Most automated security systems are able to restrict access to service information only within one building or one enterprise (if several branches use shared server data storage).

In the process of joint implementation of a project by several firms, security services cannot fully track how access to official secrets each of the enterprises.

As in the previous case, the use of cryptocontainers (hard disk encryption systems) will protect secret information from hacking.

Reason 5 - Using complex IT infrastructures

Large corporations use complex proprietary information protection systems. Automated systems imply the presence of several security departments and the work of more than five system administrators, whose task is only to maintain the safety of trade secrets.

The complexity of the system is also a risk of leakage, because the simultaneous work of several people is not well organized. For example, one administrator may introduce or remove access control rules, while another may forget to enter the data of access rights to servers.

Using complex systems information protection, it is important to competently separate all responsibilities and monitor their timely implementation. Otherwise, the created system can harm the company.

In you can differentiate the access of security personnel to certain reports and operations in the system. It is safer to entrust the maximum number of powers to the head of the information security service.

Reason 6 - Breakdowns of equipment

Errors in the software

All kinds of software malfunctions occur all the time. At the moment of the appearance of the vulnerability, the protected files run the risk of being intercepted by a hacker. It is important to timely identify all malfunctions in the installed software and hardware components. The security administrator is responsible for the operability and interaction of all protection modules.

A significant amount of important documentation is lost as a result of a database crash. Recovery hard drives is a complex task that does not guarantee the return of lost information.

Server hardware failures

It is safer to store all information using cloud computing. Cloud platforms increase the speed of information processing. With their help, each employee will be able to access the desired file from any device. The encryption system is used remote server, so there is no need to protect transmission channels.

Service provider servers can fail due to natural disasters or massive hacker attacks. As a rule, owners of cloud platforms always keep archived backups of the contents of user accounts, so failures are quickly resolved without losing important documents.

Breakdown of technical means of protection

For the safety of trade secrets, it is recommended to protect not only OS and gadgets, but also the entire perimeter of the office space, as well as the area of ​​control of street communications. For these purposes, window caps, seals of architectural structures (to prevent wiretapping), devices for shielding and noise pollution (to prevent radio waves from intercepting) and other gadgets are used.

Due to the breakdown of one of these devices, an information leakage channel arises, which becomes available to an attacker to intercept secret data.

In the event of a breakdown of computers and other data processing facilities, they must be repaired in service center... Taking the gadget outside the premises and handing it over to an outsider (even if he is not interested in obtaining official secrets) is a possible reason for the leak. The company's security department cannot control the gadgets while they are outside the firm.

Reason 7 - Leakage through technical transmission channels

A data leakage channel is a physical environment within which the dissemination of secret information is not controlled. Any enterprise that uses computers, server racks, networks has leakage channels. With their help, an attacker can gain access to trade secrets.

The following leakage channels exist:

• Speech. Competitors often use wiretapping and other bookmarks, with the help of which secrets are stolen.
• Vibroacoustic. This leakage channel occurs when sound collides with architectural structures (walls, floors, windows). Vibration waves can be read and translated into speech text. Using directional microphones at a distance of up to 200 meters from the room, an attacker can read a conversation in which service information appears.
• Electromagnetic. As a result of the operation of all technical means, a magnetic field arises. Signals are transmitted between hardware elements that can be read by special equipment over long distances and receive secret data.
• Visual. An example of the emergence of a visual theft channel is holding meetings and conferences with uncovered windows. From a neighboring building, an attacker can easily view everything producing. There are also options for using video bookmarks that convey the picture of what is happening to competitors.

• Thermal imager. With the help of such a device, you can scan all walls and parts of the interior for the presence of embedded devices (bugs, video cameras).
• Devices that muffle radio frequency signals.
• Protective equipment for architectural structures - seals for windows, doorways, floors and ceilings. They isolate sound and make it impossible to read vibration waves from the surface of the building.
• Devices for shielding and noise reduction. They are used to protect the electromagnetic leakage channel.

You should also ground all communications that go beyond the premises and the controlled area (pipes, cables, communication lines).

How to minimize the risk of leakage?

There are several effective ways that will help reduce the risk of information leakage and disclosure. The enterprise can use all methods of protection or only a few of them, because the security system must be economically viable. Losses from the loss of classified information cannot be less than the cost of implementing and maintaining a security system.

Encryption

Encryption is a simple and effective method of protecting trade secrets. Modern encryption algorithms use world standards in the field of cryptography (AES, GOST ciphers), two-way key exchange (with its help a hacker will not be able to break the cipher even after gaining access to the transmission channel), elliptic curves to generate protection. This approach makes cracking the encrypted message impossible for standard computers.

Benefits of using encryption to prevent leakage of business information:

• Ease of use. The encryption is implemented with special software. The program must be installed on all computers and mobile devices where classified information circulates. The operation of the application is configured by the system administrator or security administrator. Thus, ordinary user The speaker does not need to learn to use the protection system. All files are encrypted and decrypted automatically within the corporate network.
• If it is necessary to transfer important electronic documents outside the commercial network, they will be stored on flash media, cloud media or in client mail only in encrypted form. Disadvantage - without special software, the employee will not be able to view the contents of the file.
• High degree of reliability. With the use of powerful computational cryptography algorithms, it is difficult for an attacker to intercept secret messages or company traffic, and decryption is impossible without knowledge of the public and private keys.

Note that encryption is not the only way to protect secrets from all possible attacks. Employees are able to read the contents of electronic documents within the commercial network without any problems, so the risk of unauthorized disclosure to third parties remains. The use of cryptography is an integral part of the functionality of each integrated system security.

Personnel control

If the hardware is easy to control, then personnel are one of the most dangerous sources of leakage. The human factor is always present, and even security personnel cannot always establish from which employee a threat may come.

As a rule, the search for an intruder among the staff is carried out already when the first cases of data transfer to competitors became known. Security administrators check the possibility of interception of information through technical leakage channels, and if all channels are reliably protected, the suspicion falls on workers.

The activities of the organization's employees are monitored using time tracking systems. It is a complex hardware and software, which documents the exact time of arrival at work, the time of leaving, the activities of staff at the computer, records corporate mail correspondence, conducts video surveillance and transmits all this data to the company's management or the head of the security department. Further, all the information received is analyzed and the number of employees who could disseminate commercial secrets is identified.

Norms for documenting and transferring trade secrets

Protect not only electronic documents, but also all printed documentation that contains classified information. According to the Law on the storage and processing of statements containing commercial secrets, the following requirements must be met:

• Store all documents with commercial secrets exclusively in separate closed rooms, which are guarded around the clock by video surveillance systems or security guards.
• Only employees who need it in the course of work can have access to official secrets.
• A record of the withdrawal of a document from the archive is entered into the registration journal. The exact date, stamp of the document and the initials of the person who received the copy of the file are indicated. Similar actions are performed when returning an object.
• A document that contains a trade secret cannot be taken out of the office without notifying the head of the security department about this action.
• For the transfer of secret documents between the branches of the enterprise, courier mail is used - a secure courier transfer of documents of particular importance.