D.V. Peregudov,

Department of Internal Affairs for the Lipetsk region

LEGAL ASPECTS OF INFORMATION PROTECTION IN THE ACTIVITIES OF ECONOMIC SECURITY UNITS OF THE INTERNAL AFFAIRS

Ensuring information security within the system of internal affairs bodies is an organizational combination of forces and means, mechanisms, methods and methods functioning under the control of strict observance of the current regulatory legal acts in the field of information protection. At the same time, the problem of ensuring information security is closely connected not only with the solution of scientific and technical problems, but also with the issues of legal regulation of informatization relations, the development of the legislative base. In this regard, it can be concluded that information protection is a complex of legal, organizational and engineering-technical measures (measures) aimed at preventing leakage of protected information, unauthorized access to it. In turn, the legal aspects of information protection are of paramount importance in the block of protection measures. This is due to the fact that the legal regulation of relations in the field of economic security predetermines the existence of all other measures as a fundamental basis dividing the behavior of subjects (users, owners and other persons) of information relations into “possible (permitted)” and “prohibited” in relation to the object - information. Organizational and technical measures are only streamlined and legalized by the legal framework.

In the internal affairs bodies, the legal support of information security is based on the federal legislation of the Russian Federation. The legal and regulatory framework at the departmental level is the successor to the RF Law "On State Secrets", the RF Law "On Information, Information Technologies and Information Protection", the Decree of the President of the Russian Federation dated 03.04.1995 No. the development, production, sale and operation of information tools, as well as the provision of services in the field of information encryption ", decrees of the Government of the Russian Federation dated April 15, 1995 No. 333" On licensing the activities of enterprises and organizations to carry out work related to the use of information constituting state secrets, the creation of information protection means, as well as with the implementation of measures and (or) the provision of services for the protection of state secrets ", from

06/26/1995, No. 608 "On certification of information security means", dated 09/15/1993, No. 912-51 "On the state system of information protection of the Russian Federation from foreign intelligence services and from its leakage through technical channels", dated 01/05/2004 . № 3-1 "On approval of the Instruction on ensuring secrecy in the Russian Federation", as well as on the basis of "Special requirements and recommendations for the protection of information constituting a state secret from leakage through technical channels", approved by the Decision of the State Technical Commission of Russia dated 23.05.1997 No. 55, Decision of the State Technical Commission of Russia dated 03.10.1995, No. 42 "On standard requirements for the content and procedure for developing guidelines for protecting information from technical intelligence and from its leakage through technical channels at the facility", dated 16.07.1996, No. 49 "Model of foreign technical intelligence for the period up to 2010" ("Model ITR-2010") and other

their legislative and other normative legal acts in the field of information security governing the procedure and rules for the technical protection of information in the Russian Federation.

The peculiarity of information support in the internal affairs bodies, in particular in the economic security divisions, is that the employees of these divisions carry out their activities within the framework of the work and handling of information constituting a state secret.

State secrets are information protected by the state in the field of its military, foreign policy, economic, intelligence, counterintelligence and operational-search activities, the dissemination of which may harm the security of the Russian Federation. Subdivisions of the economic security of the internal affairs bodies work with information in the field of operational investigative activities, ie, based on the Law of the Russian Federation of 12.08.1995, No. 144-FZ "On operational and investigative activities." The classification of information constituting a state secret is carried out in accordance with the List of information classified as a state secret, approved by the Decree of the President of the Russian Federation dated

30.11.1995, No. 1203, and in accordance with the rules for classifying information constituting a state secret to various degrees of secrecy, approved by the Government of the Russian Federation dated 04.09.1995, No. 870, as well as on the basis of the list of information to be classified in the system Ministry of Internal Affairs of Russia, determined by the Minister of Internal Affairs of the Russian Federation. At the same time, the admission of persons to information constituting a state secret is carried out in accordance with the instructions on the procedure for admitting officials and citizens of the Russian Federation to state secrets, approved by the Government of the Russian Federation dated October 28, 1995, No. 1050. In the internal affairs bodies, by order of the Ministry of Internal Affairs of Russia dated 02.03.2002 № 200 for DSP stipulates a detailed list of information to be classified.

In turn, the BEP divisions also work with information constituting an official secret. These include information of limited distribution, access to which is limited by state authorities in order to avoid damage to both the internal affairs bodies and the security of the state authorities of the Russian Federation. The classification of information as official information of limited distribution is made on the basis of the Approximate list of official information of limited distribution and documents containing them, generated in the course of the activities of the internal affairs bodies, determined by the Minister of Internal Affairs of the Russian Federation. In accordance with the Decree of the President of the Russian Federation dated 06.03.1997 No. 188 "On Approval of the List of Confidential Information", official information of limited distribution circulating in the BEP divisions refers to information of a confidential nature (confidential information).

The fundamental departmental regulations in the activities of units for combating economic crimes in the field of information security are the order of the Ministry of Internal Affairs of Russia dated 05.07.2001 No. 029 "On approval of the Temporary Manual on the technical protection of information in the internal affairs bodies of the Russian Federation and the internal troops of the Ministry of Internal Affairs Of the Russian Federation "and the order of the Ministry of Internal Affairs of Russia dated March 15, 2005 No. 015" On approval of the Instruction on ensuring secrecy in the internal affairs bodies ". The first regulatory document characterizes the requirements of an organizational and technical plan for the protection of information protected by law in the activities of BEP units, in particular, it defines uniform technical and mathematical protection measures

information in all divisions of the internal affairs bodies, carrying out their work with information classified as state and official secrets. Order of the Ministry of Internal Affairs of Russia No. 029:

Defines objects of technical protection of information, possible threats to these objects;

Establishes a unified and integral (mandatory) procedure for the implementation of measures for the technical protection of information;

Establishes a uniform form of documents drawn up for an information protection object, on the basis of which a technical protection regime is established during their processing;

Determines the procedure for monitoring technical protection and licensing in this area.

Despite the fact that this normative document was developed back in 2001, at present in the economic security units of the Internal Affairs Directorate for the Lipetsk region at the district level, the conditions for information activities do not fully comply with the requirements of this order. First of all, this concerns the material support of the objects at which information processing is carried out (electronic computers, technical means of receiving, transmitting and processing information: sound recording, sound reproduction, intercom and television devices, means of replicating documents and others), in accordance with the established norms of provision ... Even if such facilities are available in the BEP subdivisions, they are in single copies and in moral and technical terms lag behind modern and advanced tools and technologies in this area. In turn, as a shortcoming, it should also be noted about the poor knowledge of the employees of the BEP divisions operating objects of technical protection of information, regulatory legislation on the technical protection of information upon assuming office and during the entire period of performance of their official functional tasks. At the same time, the constant turnover of personnel in these divisions also affects.

The order of the Ministry of Internal Affairs of Russia No. 029-2001 is mainly related to the technical support of information protection facilities, which includes:

Establishing their compliance with the technical protection requirements and documenting the technical measures taken to protect information, categorizing objects;

Drawing up technical passports for these objects;

Development of instructions for ensuring organizational (security) and

technical measures to protect information;

Conducting special studies, special checks and examinations of these objects;

Registration of a prescription for the operation of the facility;

Attestation of the facility and measures to control the technical

information protection.

As practice shows, in the regional departments of internal affairs, due to the small number of information protection objects, the work on the technical protection of protected information is carried out formally and is reduced only to the execution of monotonous documents, the semantic meaning of which is unaware of the employees operating the objects in relation to which the technical information protection measures in accordance with the order of the Ministry of Internal Affairs of Russia No. 029-2001

A more substantive and responsible step in the legal field was the development of Order No. 015-2005, which included organizational and technical measures of information protection. The requirements set forth in this order are

The protection of information constituting a state secret and secret service information relating to the current activities of subdivisions of the internal affairs body are eliminated. This departmental act establishes a clear and strict procedure for handling and using objects of information protection - a regime that is mandatory for all subjects of information relations under the threat of the onset of liability provided for by the current legislation. Order of the Ministry of Internal Affairs of Russia No. 015-2005 regulates relations related to the reception, processing, storage, use, transmission of significant and legally protected information in the BEP divisions, monitoring compliance with prescribed norms, determining measures of responsibility for their violation, establishes a unified procedure in relations with subjects of other internal affairs bodies - external subjects. Thus, the legal protection of information protection objects is the basis for the development and definition of organizational and technical measures to protect information in the BEP divisions.

An important area in the field of information security legislation in the internal affairs bodies is the determination of legal responsibility for committing an unlawful act in relation to the object of protection.

In legal science and current legislation, legal liability can appear in four variations:

Civil;

Administrative;

Disciplinary;

Criminal.

Considering that the BEP employees working with information constituting a state secret are officials of the executive power body, they bear the burden of strict responsibility for the disclosure of this information or its loss. In such cases, there can be only two types of liability:

1) disciplinary;

2) criminal.

Their distinction depends only on the nature of the offense committed, and the difference lies in the specific penalties and the special procedure for their application.

Disciplinary responsibility consists in imposing a disciplinary sanction on a BEP employee by the powers of the head of the internal affairs body. Disciplinary punishments are: warning, reprimand, severe reprimand, dismissal from the internal affairs bodies. However, the internal affairs bodies provide for strict disciplinary liability for violation of the order of the Ministry of Internal Affairs of Russia No. 015-2005, which is expressed in the imposition of the last three of the above types of penalties on an employee.

Disciplinary liability can be applied to an economic security employee in case of negligence in the performance of his official duties, expressed in violation of the secrecy regime, the rules for handling information related to official secrets - confidential information, without any illegal intent.

The most severe measures of influence are characterized by criminal liability, which is applied in court to a person guilty of a crime, i.e. a guilty, socially dangerous act provided for by the Criminal Code of the Russian Federation. The main types of crimes in the field of information security are shown in the table.

Types of crimes in the field of information protection

Article of the Criminal Code of the Russian Federation

Disposition of the article of the Criminal Code of the Russian Federation

Penalty (sanction)

Article 272. Illegal access to computer information 1. Illegal access to legally protected computer information, that is, information on a machine carrier, in an electronic computing machine (computer), a computer system or their network, if this act entailed the destruction, blocking, modification or copying of information , malfunction of a computer, computer system or their network; Shall be punished with a fine in the amount of up to two hundred thousand rubles or in the amount of the salary or other income of the convicted person for a period of up to eighteen months, or correctional labor for a term of six months to one year, or imprisonment for a term of up to two years;

The same act committed by a group of persons by prior conspiracy or by an organized group or by a person using his official position, as well as having access to a computer, a computer system or their network is punishable by a fine in the amount of one hundred thousand to three hundred thousand rubles or in the amount of wages, or other income of the convicted person for a period of one to two years, or correctional labor for a term of one to two years, or arrest for a term of three to six months, or imprisonment for a term of up to five years

Article 273. Creation, use and distribution of malicious programs for computers 1. Creation of computer programs or making changes to existing programs, knowingly leading to unauthorized destruction, blocking, modification or copying of information, disruption of the operation of computers, computer systems or their network, as well as use or distribution of such programs or machine media with such programs; Shall be punished with imprisonment for a term of up to three years with a fine in the amount of up to two hundred thousand rubles or in the amount of the wages or other income of the convicted person for a period of up to eighteen months;

the same acts that negligently entailed grave consequences are punishable by imprisonment for a term of three to seven years

Article 274. Violation of the rules of operation of a computer, a computer system or their network 1. A violation of the rules of operation of a computer, a computer system or their network by a person having access to a computer, a computer system or their network, resulting in the destruction, blocking or modification of computer information protected by law, if the act caused substantial harm; Shall be punishable by deprivation of the right to hold certain positions or engage in certain activities for a period of up to five years, or compulsory labor for a period of one hundred and eighty to two hundred and forty hours, or restraint of liberty for a period of up to two years;

the same act, which negligently entailed grave consequences, is punishable by deprivation of liberty for a term of up to four years

Article 275. State treason High treason, that is, espionage, issuance of state secrets or other assistance to a foreign state, foreign organization or their representatives in carrying out hostile activities to the detriment of the external security of the Russian Federation, committed by a citizen of the Russian Federation. Punished with imprisonment for a term of twelve up to twenty years with or without a fine in the amount of up to five hundred thousand rubles or in the amount of the wages or other income of the convicted person for a period of up to three years.

Article 276. Espionage Transfer, as well as collection, theft or storage for the purpose of transferring to a foreign state, foreign organization or their representatives information constituting a state secret, as well as transfer or collection of other information on behalf of foreign intelligence for their use to the detriment of the external security of the Russian Federation if these acts were committed by a foreign citizen or stateless person Punished with imprisonment for a term of ten to twenty years

Article 283. Disclosure of state secrets 1. Disclosure of information constituting a state secret by a person to whom it was entrusted or became known in service or work, if this information became the property of other persons, in the absence of signs of high treason; Shall be punishable by arrest for a term of four to six months, or imprisonment for a term of up to four years, with or without deprivation of the right to hold certain positions or engage in certain activities for a term of up to three years;

the same act that negligently entailed grave consequences is punishable by imprisonment for a term of three to seven years with the deprivation of the right to hold certain positions or engage in certain activities for a term of up to three years

Article 284. Loss of documents containing state secrets Violation by a person who has access to state secrets of the established rules for handling documents containing state secrets, as well as with objects, information about which constitutes a state secret. term from four to six months, or imprisonment for up to three years with imprisonment

state secrets, if this entailed by negligence their loss and the onset of grave consequences

the right to hold certain positions or engage in certain activities for up to three years or without

From the analysis of the table it can be seen that acts related to violation of the procedure for using information constituting a state secret can be recognized as a crime. In the internal affairs bodies, such facts can take place only in case of violation of the secrecy regime. And for each fact of such misconduct, an official check is carried out.

A violation of the secrecy regime in the internal affairs bodies is the disclosure of information constituting a state secret, that is, the disclosure of information by the employee to whom this information was entrusted in the service, as a result of which it became the property of unauthorized persons; or the loss of carriers of information constituting a state secret, that is, the release (including temporary) of carriers of information from the possession of the employee to whom they were entrusted in the service, as a result of which they became or could become the property of unauthorized persons.

If these facts are revealed, the head of the department of internal affairs is obliged to inform the higher management, the security body (a subdivision of the FSB) and organize an official check and search for carriers of information constituting a state secret, as well as take all measures to localize possible damage. To conduct an official audit, the head must create a commission, which, within a month, must:

1) establish the circumstances of the disclosure of information constituting a state secret, or the loss of media containing such information;

2) search for lost media;

3) to establish the persons guilty of disclosing this information or loss of media;

4) establish the reasons and conditions that contributed to the disclosure of information constituting a state secret, leakage of media containing such information, and develop recommendations for their elimination.

Based on the results of the work of this commission, the conclusion of an official audit is drawn up with the adoption of specific measures against persons guilty of violating the secrecy regime.

As practical experience shows, cases of crimes related to disclosure of state secrets committed by operational officers are extremely rare. Most often, there are cases of disciplinary misconduct committed by employees in the negligent and improper performance of their official duties to comply with the requirements of the secrecy regime.

Thus, analyzing the legal framework designed to ensure legal protection of the legally protected interests of the state, society, legal entities and individuals in the field of information relations, we can conclude that it is extremely weak in the internal affairs bodies. In its semantic presentation, there is no substantive approach to the acute and serious problem of protecting state and official secrets, although there are requirements for mandatory compliance with regime measures of information protection, however, in practical terms, especially in regional divisions, control over the implementation of the binding instructions of departmental regulations of the Ministry of Internal Affairs of Russia , there are practically no territorial internal affairs bodies, work on the technical security of information protection objects is carried out formally without taking into account the specific characteristics of the object, material support with technical means of protection

information does not meet the needs and conditions of the BEP operational units. 95% of all violations related to non-compliance with regulations on information security in internal affairs bodies are detected during inspections by higher authorities.

The foregoing allows us to conclude that it is necessary to improve the legal support for the protection of information in the activities of both internal affairs bodies in general and their units of economic security in particular.

Thank you for visitinghttp :// Ndki . narod . ru

Egoryshev A.S. The problem of information security in the activities of internal affairs bodies. / Social reform in the Russian Federation and the Republic of Bashkortostan and the problems of the shadow economy and national security (Materials of the Russian scientific conference) - Moscow-Ufa, 1997. - pp. 102 - 106.

Egoryshev A.S.- student of the Ufa Law Institute of the Ministry of Internal Affairs of the Russian Federation

The problem of information security in the activities of internal affairs bodies.

Contemporary Russian crime is becoming more and more professional. As an indicator of the professionalism of the underworld, one can name the emergence of such a form of crime that did not previously have such a widespread distribution in Russia as computer crime. Its modern scale is such that it requires the most active work to protect information from electronic pirates.

The costs of conversion have led to an outflow of minds from many formerly elite spheres of science and production. For example, Russian electronics engineers are considered the most experienced in the field of computer crime. About 100 thousand people constantly work for computer crime in the republics of the former USSR, and another 3 million people - from time to time. The centers of computer crime are Moscow, St. Petersburg, Ukraine and the Urals. Russian computer crime is a growing concern abroad, because as a result of skillful computer machinations carried out by electronic pirates of Russia, foreign banks are losing large sums of money, disappearing in an unknown direction.

Computer crime has become a real scourge of the economies of developed countries. So, for example, 90% of firms and organizations in the UK have at various times become targets of electronic piracy or are

were under his threat, in the Netherlands 20% of various types of enterprises became victims of computer crime. In the Federal Republic of Germany, 4 billion marks are stolen annually with the use of computers, and 1 billion francs in France. Experts note the high level of latency of this type of crime, because in 85% of cases, the facts of software piracy are not disclosed.

The situation is aggravated by the fact that law enforcement agencies themselves are also becoming the object of attention of criminals armed with modern computers. Therefore, today the task of protecting their own information has become very urgent for the internal affairs bodies.

Information security is the protection of information and supporting infrastructure from accidental or intentional influences of a natural or artificial nature, fraught with harm to the owners or users of information and supporting infrastructure.

The problem of information security, especially for the internal affairs bodies, is of greatest interest today. Fighting computer crime is one of the most important tasks of law enforcement agencies against the backdrop of the colossal development of information systems, local and global networks.

The problem of ensuring information security is of a complex nature, for the solution of which a combination of legislative, organizational, software and technical measures is required.

Timely and effective improvement of legislation is necessary, since the currently available legal framework in this area lags far behind practical needs.

There is a huge shortage of highly qualified personnel in the police department. This problem, in our opinion, can be solved in the following ways:

in connection with a significant reduction in the personnel of the RF Armed Forces, among whom there are many good specialists in the field of working on computers, it is possible to involve them in work in law enforcement agencies;

the introduction of special courses on initial and professional preparation of work on personal computers, the introduction into the curriculum of the course "Information security and the use of information technologies in the fight against crime", approved by the Main Personnel Directorate of the Ministry of Internal Affairs of Russia on June 1, 1997 in educational institutions of higher professional education specialty Jurisprudence (specialization "Information Security");

it is necessary to improve the financing of organizations and institutions that are part of the Ministry of Internal Affairs of Russia, for the purchase of good equipment and modern software, tk. the material base of the Ministry of Internal Affairs of the Russian Federation in the field of information security is currently at an insufficient level;

it seems possible to raise the question of improving the training process for police officers specializing in work in the field of information security. For this purpose, in our opinion, a differential training system is needed, since solid training in informatics cannot be obtained within the framework of a traditional higher educational institution of the Ministry of Internal Affairs of the Russian Federation;

to create favorable conditions for recruiting highly qualified specialists working in the area of ​​interest to us in the police department. To ensure the appropriate amount of remuneration, since today, from a material point of view, it is much more profitable to work in this specialty in banking structures and private firms.

To maintain the information security regime, software and hardware measures are most important, since it is known that the main threat to computer systems comes from themselves, which can be expressed in software errors, hardware failures, unsatisfactory work of employees, as well as heads of organizations and institutions related to the ATS system.

V.A. Galatenko identifies the following key security mechanisms: identification and authentication, access control, logging and auditing, cryptography and shielding, for the effective use of which proactive analysis of possible threats is required.

Information security cannot be ensured without a strict distribution of functions for users, administrators of local networks and servers, as well as heads of internal affairs agencies.

Moreover, the duties and functions of the listed groups of police officers should be developed and approved in advance, depending on what goals they will be aimed at. There are several typical functions inherent for employees of any department or department of internal affairs bodies:

The heads of departments are responsible for communicating the approved provisions and principles of the security policy to users and administrators of local networks and servers, in the same place for contacts with them informing about a change in the status of each of the subordinates (dismissal from the internal affairs bodies, appointment to another position, etc.)

This function is most important due to the fact that an employee dismissed for any reason may represent the most significant

danger to the department or department where he worked.

The problem of an "offended" employee has always existed and will continue to exist. Knowing the basic principles of the functioning of the system, he can, guided by negative motives, try to delete, change, correct any data. Therefore, it is necessary to ensure that upon dismissal of an employee, his access rights to information resources are canceled. Examples of the emergence of this problem are foreign films, the plot of which is based on real events of our days;

Nor can we put on the sidelines the problem of tylerance, i.e. the problem of the ratio of ends and means. Indeed, the cost of acquiring comprehensive protection measures should not exceed the cost of potential damage.

Local network administrators must ensure the smooth operation of the network, responsible for the implementation of technical measures, the effective application of security measures, thereby ensuring security policy.

Server administrators are responsible for the servers assigned to them and ensure that the mechanisms used to ensure information confidentiality are in accordance with the general principles of the security policy.

Users are required to work with the local network, guided by the security policy, follow the orders and orders of employees responsible for certain aspects of information security, and immediately report to management about all suspicious situations.

In our opinion, from the point of view of compliance with information security, the status of users of personal computers is of particular interest. The fact is that a significant part of information losses is accounted for by accidental and deliberate mistakes of employees working at IWT. Due to their possible negligence and negligence, they can enter deliberately incorrect data, miss errors in the software, thereby creating a breach in the security system. All this makes one think that an internal threat emanating directly from users of personal

computers are more significant and more dangerous than external influences.

In conclusion, it is necessary to remind that the observance of information security is not a task of an individual country, but of all mankind, since the highly developed computer crime of our days has long since reached the world level. Therefore, an effective fight against it is possible only with close cooperation of law enforcement agencies from different countries of the world. It is necessary to build a joint set of measures and means, recruit and train highly qualified personnel, develop in detail the basic principles of security policy, without which normal development is impossible.

information communications.

Literature:

4. Selivanov N. Problems of combating computer crime // Legality, 1993. - No. 8. - P. 36.

5. Galatenko V. Information security. // Open systems, 1996. - № 1. - C 38.

6. Federal Law "On Information, Informatization and Information Protection". // Russian newspaper, 1995.22 February.

7. President of the Russian Federation. Decree of April 3, 1995 No. 334 "On measures to comply with the rule of law in the development, production, sale and operation of encryption tools, as well as the provision of services in the field of information encryption." security during the elections in Russia: Sat. articles "Relevant Problems modern ...

Information bulletin "Activities of the deputies of the faction" Fair Russia "22 September 28, 2014

Newsletter

The main thing is to bring it as close as possible activity organs internal cases to the population, making it the main ... weapon, providing joint security, problems energy. This is ... Dooms on information politics, information technology and communication ...

Report

Law and administrative activities organs internal cases State legal disciplines Civil law disciplines Information- legal disciplines ...

Newsletter Krasnoyarsk Territory: Local Self-Government No. 16 (104) (October 2013)

Newsletter

... "Today the main problem- lack of federal ... public control over activities organs internal cases... In particular, ... some issues of ensuring security road traffic in ... governments; development information society. For...

In all components of national security: political, economic, military and others, the importance of the information component is constantly increasing. Information as such, its quality largely determines the effectiveness of the decisions made, determines the degree of government reaction to spontaneously and purposefully emerging risks. The informational impact on citizens, realized through the mass media and communication, is potentially capable of creating an atmosphere of tension and political instability in society, provoking social, national, religious conflicts and riots, and lead to devastating consequences.

The safety of society lies in the sustainable and effective development of the security system, which allows it to adequately respond to negative external and internal influences, to preserve the integrity of society and its essential qualities. Because, firstly, information is the main instrument of "soft power"; secondly, the information capabilities of the state determine the strategic geopolitical advantages, then purposeful or unintentional actions on the information sphere of society from external or internal sides are potentially associated with threats to national interests and, therefore, constitute challenges to the information security of a person, society, and the state.

The absence, latency or weak functioning of managerial mechanisms for regulating such functions of the media and communication as information, educational, social, criticism and control, mobilization, innovation, operational, creative, activates social uncertainty, an increase in political risks and threats to information security in Ukraine.

Optimization of the information management system is based on technologies for the effective use and distribution of control over information resources, taking into account the specifics of the political mentality and its correction.

The quantitative and qualitative increase in mass media and communication without strong non-governmental organizations, independent courts and resonance in the media and communication, exchange of opinions on social networks and the Internet cannot turn into social activity and contribute to the formation of a democratic state. A modern citizen under the influence of manipulative technologies becomes a "spectator" of an endless interactive "staged action" ("theater society"), losing the ability to make independent political assessments, to make choices, and self-organize.

Information, the apparatus of its transmission and ways of influencing society is one of the main means of struggle between forces that are trying to create a new level of political relations at the regional, national and global levels. It is possible to counteract antisystemic manifestations by creating a positive image of the country and region. The main mechanism for the formation of an image of the state adequate to modern political trends is the central and regional mass media and communications focused on providing socially responsible information in order to ensure political stability and sustainable and safe development.

Information security plays an increasingly important role in the overall system of ensuring the national security of the country. This is directly indicated in the Strategy for the Development of the Information Society in Ukraine and is enshrined in its principles.

Information security should be considered as a politico-legal category expressing the relationship between the interests of the individual, society and the state in the field of information and the legal provision of their protection. This is the state of protection of the individual, society and the state in the information space, the protection of information and information resources, as well as information and telecommunications infrastructure from possible internal and external threats. The political and legal essence of information security ensures its functioning as a type of national security, as an institutional, organizational and legal system for ensuring the safety of the state's information resources, and protecting individual rights in this area.

The information sphere is rather uneven, it consists of an infinite set of information levels of varying complexity, generated and emitted by various sources of information. At the same time, each person, region or state exists simultaneously in different political and informational spheres, which can be interconnected and autonomous. The information space in modern conditions has become a system forming factor in the life of society, and the more actively this sphere of public relations develops, the more the political, economic and other components of state security will depend on the effective provision of information security.

Despite serious positive shifts in the legislative support of information security, which is due to the adoption of the Basic Principles for the Development of the Information Society in Ukraine for 2007-2015, the package of laws regulating this area is still far from perfect.

In accordance with international legal documents at the state level, there are no legislative mechanisms for establishing certain powers of the media, with the exception of general rules regarding the abuse of freedom of speech. The Ukrainian legal framework on computer crimes also generally remains fragmented.

This is due to the high rate of circulation and the peculiarities of the presentation of information by modern mass media, its fragmentation, sensationalism, and anxiety.

External threats and challenges to Ukraine's security in the information sphere are generated not only at the borders with neighboring states, but also in the internal regions of Ukraine. Among the factors that create significant challenges and threats in the information sphere, one can single out the sensitivity of the investment component of the economy to negative information impact. In this context, the resonant threats are corruption, a difficult ecological situation, terrorism.

The legal possibilities of citizens in the field of information relations are expressed in the system of constitutional rights, each of which has an independent meaning: freedom of thought, speech, mass information and the right to access information from authorities. The unification of information rights of citizens within the framework of some general "right to information" is possible only if the values ​​of each of the given information rights are supported by effective guarantees.

The right to access information of the authorities in comparison with the freedoms of thought, speech and press is a new legal entity. In general, it requires not the non-interference of the state in the system of information exchange in society, but the direct assistance of the state in obtaining the necessary information by specific citizens. In the context of ensuring the implementation of the basic information rights of citizens in the states of the European Union, the features of the right of universal access to the means and technologies of information exchange are manifested as a new subjective right of the individual.

The constitutional basis that determines the nature of the legal regulation of information relations is the principle of ideological diversity. In turn, it is interconnected with the principle of state sovereignty as one of the most general constitutional foundations. The manifestation of the principle of sovereignty in the system of regulation of information relations is expressed in the indication of the value boundary of national and foreign information exchange, the difference of which is due to the presence of national interests defended in public dialogue. Recognition of this thesis makes it possible to identify and systematize the mechanisms that exist separately in domestic and foreign legislation, which create conditions for the development of national interests in the internal political discussion:

Organizational restrictions on information activities of foreign information producers;

Measures to support the national political and legal culture;

Development of traditions of self-regulation and dialogue between the authorities and the press.

In the legal regulation of information relations, the principle of sovereignty cannot replace the principle of ideological pluralism, and the latter contradicted the principle of sovereignty.

In the system of mass information exchange, the legal regulation of relations depends on the content of the messages being disseminated is problematic, since the state can thus establish the ideological conditions for the exchange of information and cause the results of public discussion, that is, establish censorship. Only the practical provision of the principle of ideological diversity, which is expressed in the mechanisms of protection of freedom of thought, speech and press, reveals a case of permissibility of prohibiting the dissemination of information based on its content - in case of abuse of individual rights in public information exchange. The list of thematic prohibitions that make up the content of the institution of abuse is always clearly defined and strictly limited in legislation.

The tasks of the internal affairs bodies in the field of information security in the context of the media are stipulated by the Decree of the President of Ukraine dated May 2014 No. 449/2014 "On the decision of the National Security and Defense Council of Ukraine dated April 28, 2014" On measures to improve the formation and implementation of state policy in the field of information security of Ukraine "and specified in the order of the Ministry of Internal Affairs of Ukraine dated August 19, 2014 No. 840" On some issues of information security in Ukraine. "

The totality of potential threats to the information security of Ukraine extends to the sphere of constitutional rights and freedoms of citizens, the spiritual life of society, information infrastructure and information resources.

Regulatory documents provide for the establishment of effective interaction with representatives of the National Council of Ukraine on television and radio broadcasting in the regions aimed at identifying and suppressing illegal activities of providers, individuals and legal entities carrying out illegal relaying prohibited by decisions of the District Administrative Court. Kiev dated March 23, 2014, the National Council of Ukraine on Television and Radio Broadcasting dated July 17, 2014 No. 292 and No. 663 programs in places of public recreation and crowds, recreation centers, entertainment establishments and the like.

The public relations departments, upon discovering the facts of retransmission of prohibited programs, inform the representatives of the National Council for Television and Radio Broadcasting in the regions to apply administrative measures to:

Providers performing prohibited relaying of prohibited programs;

Individuals and legal entities carrying out illegal retransmission of prohibited programs in places of public recreation and gathering of people or selling products, which makes it possible to view programs of prohibited programs, or a program package that contains prohibited television and radio programs;

Mass media disseminating messages that incite enmity in Ukraine (in a separate territory, in a separate settlement, etc.) and separatist sentiments that infringe on the state sovereignty and territorial integrity of Ukraine.

Administrative activity is aimed at ensuring the elimination of threats and risks in the field of information security is the main factor in its structuring, formation and is considered as an activity aimed at preventing damage to the interests of the individual, society and the state in the information sphere.

On the decision of the National Security and Defense Council of Ukraine dated April 28, 2014 "On measures to improve the formation and implementation of state policy in the field of information security of Ukraine: Decree of the President of Ukraine dated May 3, 2014 No. 449 [Electronic resource]. - access mode: presidenl.gov. ua / nj / documents / 17823.html.

Minutes of the joint meeting of the Ministry of Internal Affairs and the National Council on Television and Radio Broadcasting dated August 30, 2014

Fundamentals of Information Security

Introduction

National security is the state of protection of the vital interests of the individual, society and the state from internal and external threats.

Vital interests are a set of needs, the satisfaction of which reliably ensures the existence and opportunities for the progressive development of the individual, society and the state.

Security threat - a set of conditions and factors that create a threat to the vital interests of the individual, society and the state.

Ensuring security is a unified state policy, a system of measures of an economic, political, law-making (other) nature, adequate to the threats to the vital interests of the individual, society and the state.

Security protection - direct impact on the object of protection.

Security protection - a set of ensuring and protecting security measures.

Information security is the state of protection of the country's national interests (the country's national interests are vital interests based on a balanced basis) in the information sphere from internal and external threats.

That is why information security issues are relevant especially recently.

The purpose and objectives of the work is a detailed study of individual aspects of information security.

1 Types and content of information security threats

Sources of threats to the information security of the Russian Federation are divided into external and internal. External sources include:

• activities of foreign political, economic, military, intelligence and information structures directed against the interests of the Russian Federation in the information sphere;
• the desire of a number of countries to dominate and infringe on Russia's interests in the global information space, to oust it from the external and internal information markets;
• aggravation of international competition for the possession of information technologies and resources;
• activities of international terrorist organizations;
• increasing the technological gap between the leading powers of the world and building up their capabilities to counter the creation of competitive Russian information technologies;
• activities of space, air, sea and ground technical and other means (types) of reconnaissance of foreign states;
• the development by a number of states of concepts of information wars, providing for the creation of means of dangerous influence on the information spheres of other countries of the world, disruption of the normal functioning of information and telecommunication systems, the safety of information resources, obtaining unauthorized access to them 1 .

Internal sources include:

• the critical state of domestic industries;
• an unfavorable crime situation, accompanied by tendencies for the merging of state and criminal structures in the information sphere, for criminal structures to gain access to confidential information, increase the influence of organized crime on the life of society, reduce the degree of protection of the legitimate interests of citizens, society and the state in the information sphere;
• insufficient coordination of the activities of federal state authorities, state authorities of the constituent entities of the Russian Federation in the formation and implementation of a unified state policy in the field of ensuring information security of the Russian Federation;
• insufficient elaboration of the regulatory legal framework governing relations in the information sphere, as well as insufficient law enforcement practice;
• underdevelopment of civil society institutions and insufficient state control over the development of the information market in Russia;
• insufficient funding of measures to ensure information security of the Russian Federation;
• insufficient economic power of the state;
• decrease in the efficiency of the education and training system, insufficient number of qualified personnel in the field of information security;
• insufficient activity of federal bodies of state power, bodies of state power of the constituent entities of the Russian Federation in informing society about their activities, in explaining decisions made, in the formation of open state resources and the development of a system of access to them for citizens;
• Russia's lag behind the leading countries in the world in terms of informatization of federal government bodies, government bodies of the constituent entities of the Russian Federation and local government bodies, the credit and financial sphere, industry, agriculture, education, health care, the sphere of services and everyday life of citizens 2 .

2 Technical implementation of the ATS information security concept

The information used in the internal affairs bodies contains information about the state of crime and public order in the serviced territory, about the bodies and units themselves, their forces and means. In the duty units, operatives, district police inspectors, investigators, employees of forensic departments, passport and visa machines, and other divisions, on primary registration documents, in accounting logs and on other media, arrays of data for operational search and operational reference purposes are accumulated, which contain information:

• about offenders and criminals;
• about the owners of motor vehicles;
• about the owners of firearms;
• about events and facts of a criminal character, offenses;
• about stolen and confiscated things, antiques;
• as well as other information to be stored.

Services and divisions of the internal affairs bodies are characterized by the data:

• about the forces and means at the disposal of the body;
• on the results of their activities.

The above information is used when organizing the work of units and taking practical measures to combat crime and delinquency.

In the information support of the internal affairs bodies, the central place is occupied by the accounts, which are used to register primary information about crimes and the persons who committed them.

Accounting Is a system for registering and storing information about persons who have committed crimes, about the crimes themselves and related facts and objects.

Accounting for crimes subordinate to the Ministry of Internal Affairs of Russia covers 95% of criminal manifestations and gives a fairly complete picture of the operational situation in the country and its regions.

In Russia as a whole, in recent years, with the help of the information contained in the records, from 19 to 23% of crimes committed, or almost every fourth of the total, have been disclosed through the criminal investigation.

In the USSR, in 1961, the Instructions for registration in the internal affairs bodies were introduced. Under the Ministry of Internal Affairs of the USSR in 1971, the Main Scientific Information Center for Information Management (GNITSUI) was created, later renamed into the Main Information Center (GIC), and information centers (IC) were created in the Ministry of Internal Affairs and the Internal Affairs Directorate.

The main information center is the largest bank of operational reference and search information in the system of the Ministry of Internal Affairs of Russia. It is entrusted with the task of providing bodies and institutions of internal affairs with various information - statistical, search, operational reference, forensic, production and economic, scientific and technical, archival. These are unique, multidisciplinary centralized arrays of information, with a total of about 50 million accounting documents.

In the surname operational reference file on convicted persons, over 25 million registration documents are concentrated, and in the fingerprint card file - 17 million, the GIC has a unique database on computer media containing statistical reports of the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate, the Internal Affairs Directorate for 50 forms for the period from 1981 to 1992 and in retrospect until 1974 3 .

Information centers of the Ministry of Internal Affairs and the Internal Affairs Directorate are the most important link in the information support system of the internal affairs bodies of the Russian Federation. They bear the main burden in providing information support to the internal affairs bodies in the disclosure and investigation of crimes, and the search for criminals.

Information centers are the main divisions in the system of the Ministry of Internal Affairs, ATC, UVTD in the field of informatization: providing statistical, operational reference, operational investigative, forensic, archival and other information, as well as computerization and construction of regional information and computer networks and integrated data banks. Information centers carry out their duties in close cooperation with the departments of the Ministry of Internal Affairs, the Internal Affairs Directorate, the Internal Affairs Directorate and the Gorrailin organs, as well as the Main Information Center of the Ministry of Internal Affairs of Russia.

With the help of the accounts, information is obtained that helps in the disclosure, investigation and prevention of crimes, the search for criminals, the identification of unknown citizens and the ownership of the seized property. They are formed in the municipal authorities, the IC of the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate on a territorial (regional) basis and form the federal records of the Main Information Center of the Ministry of Internal Affairs of Russia. In addition, registrations are available in passport machines.

Along with the records in the internal affairs bodies, forensic centralized collections and card indexes are maintained, which are created and stored in the forensic expert centers (ECC) of the Ministry of Internal Affairs of Russia (federal) and forensic departments (ECU) of the Ministry of Internal Affairs, GUVD, ATC (regional). EKU and EKC collections and filing cabinets are focused primarily on ensuring the detection and investigation of crimes.

The operational reference, search and forensic information accumulated in records, collections and card files is called criminal information.

Accounting is classified according to functional and object characteristics.

Functionally, the accounts are divided into three groups: operational reference, search, forensic.

On the basis of the object, the accounts are divided into persons, crimes (offenses), objects.

The main operational reference and search information is formed in the city railing authorities. Part of it settles on the spot, and the other is sent to the IC and GIC to form a single data bank.

The information base of the Ministry of Internal Affairs system is built on the principle of centralized accounting. It is made up of operational reference, search and forensic records and card indexes, concentrated in the Main Information Center of the Ministry of Internal Affairs of Russia and the Information Center of the Ministry of Internal Affairs, the Internal Affairs Directorate, the UVDT, and local accounts of the Gorrailin organs. In general, their arrays are estimated at about 250-300 million accounting documents.

Centralized operational reference, forensic and search records have the following information about Russian citizens, foreigners and stateless persons:

• conviction, place and time of serving the sentence, date and grounds for release;
• movement of convicts;
• death in places of imprisonment, change of sentence, amnesty, number of the criminal case;
• place of residence and place of work prior to conviction;
• detention for vagrancy;
• blood group and fingerprint formula of convicts.

Fingerprint registration makes it possible to establish the identity of criminals, arrested, detained, as well as unknown sick and unidentified corpses. Fingerprint card indexes have 18 million fingerprint cards. They receive over 600 thousand requests, for which about 100 thousand recommendations are issued. The information in the files contributed to the disclosure of crimes or the identification of a person in 10 thousand cases. Currently, these are mainly hand-held filing cabinets. 4 .

The accounts of the internal affairs bodies, depending on the method of information processing, are divided into three types: manual, mechanized, automated.

Automated records consist of a number of automated information retrieval systems (AIPS). The accumulation and processing of criminal information with the help of AIPS is carried out in regional banks of criminal information (RBKI).

In accordance with the new tasks, the GIC of the Ministry of Internal Affairs of Russia in November 2004 was transformed into the Main Information and Analytical Center of the Ministry of Internal Affairs of Russia. In the system of internal affairs bodies, the Main Information and Analytical Center (GIAC) of the Ministry of Internal Affairs of Russia is the head organization in the following areas:

• information support with statistical, operational and reference, investigative, forensic, archival and scientific and technical information;
• operational-analytical and information support of operational-search activity, as well as information interaction for the exchange of operational information with other subjects of operational-search activity;
• planning, coordination and control of the processes of creation, implementation, use, development in the system of the Ministry of Internal Affairs of Russia of modern information technologies, automated information systems of general use and operational-investigative nature, integrated public data banks, computer equipment and system software for them;
• maintenance and development of the Unified system of classification and coding of technical, economic and social information.

The main tasks of the GIAC of the Ministry of Internal Affairs of Russia are:

• providing the leadership of the Ministry, subdivisions of the system of the Ministry of Internal Affairs of Russia, state authorities of the Russian Federation, law enforcement agencies of other states with statistical information on the state of crime and the results of operational and service activities of internal affairs bodies, as well as operational reference, search, forensic, archival, scientific technical and other information;
• the formation in the internal affairs bodies of a unified system of statistical, operational reference, investigative, forensic accounting, automated databanks of centralized accounting, all-Russian and sectoral classifiers of technical, economic and social information;
• creation, implementation and development of modern information technologies in the system of the Ministry of Internal Affairs of Russia in order to increase the efficiency of using the accounts by the internal affairs bodies;
• control over the activities of the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate of the constituent entities of the Russian Federation, the UVDT in terms of the timely submission, completeness and reliability of informationin statistical, operational reference, search, forensic, operational and other records, the maintenance of which is attributed to the competence of information departments of the internal affairs bodies;
• pursuing a unified scientific and technical policy within the framework of the development of the information and computing system of the Ministry of Internal Affairs of Russia;
• coordination and support of activities for the implementation in the internal affairs bodies and the internal troops of the Ministry of Internal Affairs of Russia of the legislation of the Russian Federation on archival affairs and on the rehabilitation of citizens subjected to political repression in the administrative order;
• organizational and methodological guidance and practical assistance to subdivisions of the system of the Ministry of Internal Affairs of Russia, the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate of the constituent entities of the Russian Federation on issues related to the competence of the GIAC.

To implement the assigned tasks, the GIAC of the Ministry of Internal Affairs of Russia carries out:

• formation and maintenance of centralized operational reference, investigative and forensic records, automated data banks of centralized records, the Interstate Information Bank - within the framework of agreements concluded between law enforcement agencies; databases of statistical information on the state of crime and the results of the fight against it;
• collection, accounting and analysis of operational information; information and analytical support of the operational-search activities of the operational divisions of the Ministry of Internal Affairs of Russia. Providing operational and analytical materials to the leadership of the Ministry and operational units of the Ministry of Internal Affairs of Russia;
• formation and maintenance of records of persons declared on the federal and interstate wanted list, preparation and distribution to the internal affairs bodies of the Russian Federation and other states in accordance with the established procedure of materials on the announcement and termination of the search, bulletins of operational-search information and collections of orientations;
• establishing, at the request of the NCB of Interpol under the Ministry of Internal Affairs of Russia, the Ministry of Foreign Affairs of Russia, the Central Committee of the Russian Red Cross Society, the location (fate) of foreign citizens (subjects) and stateless persons arrested and convicted on the territory of Russia and the states of the former USSR;
• formation and maintenance of a data bank of the system of scientific and technical information of the Ministry of Internal Affairs of Russia about the experience of the internal affairs bodies of the Russian Federation and law enforcement agencies of other states; issuance of this information in accordance with the established procedure at the request of subdivisions of the system of the Ministry of Internal Affairs of Russia;
• formation and maintenance of a fund of all-Russian classifiers of technical and economic information in the part related to the Ministry of Internal Affairs of Russia, development and registration of sectoral and intra-system classifiers operating in the internal affairs bodies;
• reception, registration, preservation and use in the prescribed manner of archival documents of units of the Ministry of Internal Affairs of Russia and internal affairs bodies;
• analysis of the processes of formation and use of statistical, operational reference, investigative, forensic records of the internal affairs bodies, the creation, implementation, development of modern information technologies in the system of the Ministry of Internal Affairs of Russia, provision of information and analytical materials to the leadership of the Ministry and divisions of the Ministry of Internal Affairs of Russia.

The structure of the Main Information and Analytical Center of the Ministry of Internal Affairs of Russia includes:

• Center for Statistical Information;
• Criminal Information Center;
• Operational Information Center;
• Center for Operational Investigative Information;
• Center for Information Technologies and Systems of Internal Affairs;
• Computing Center;
• Center for Rehabilitation of Victims of Political Repression and Archival Information;
• Department of Scientific and Technical Information;
• Department of Documentation and Security Regime;
• Organizational and Methodological Department;
• Human Resources Department;
• Financial and economic department;
• Second department (special communications);
• Fifth department (information interaction with the CIS FSO of Russia);
• Logistics Department;
• Legal group.

All operational and preventive measures and the overwhelming majority of operational and search activities carried out in the internal affairs bodies are provided with information support carried out by the GIAC and the IC.

The role of information departments is increasing from year to year, as evidenced by the following facts. If in 1976 with the help of our records 4% of the total number of solved crimes were solved, in 1996 - 25%, in 1999 - 43%, in 2002 - 60%, then in 2009 - over 70% 5 .

Today, GIAC carries out fully automated collection and generalization of statistical information. The information is summarized as a whole for Russia, for federal districts and subjects of the Russian Federation. The automated database of statistical indicators of the GIAC contains information since 1970.

Public data banks have been deployed in the GIAC and information centers of the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate, and a standard integrated data bank of the regional level has been introduced.

At the regional and federal levels, a set of measures was carried out to equip all information centers of the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate and the GIAC with standard software and hardware complexes.

The centralized equipping of the regions with modern information processing complexes made it possible to purposefully carry out measures to integrate open information resources at the regional and federal levels.

Completed work on the creation of an integrated data bank of the federal level. It combined the resources of 9 existing systems ("Kartoteka", "ABD-Center", "ASV-RIF" and "Crime-Foreigners", "Antiques", "FR-Alert", "Weapons", "Autopoisk" and "Dossier- scammer"). This made it possible, by one request of operational workers, investigators and interrogators, to receive the information available in the automated records of the GIAC in the form of a "dossier" and to increase the effectiveness of assistance in solving crimes.

The integrated bank of the federal level systematizes information about issued, lost, stolen passports (passport blanks) of citizens of the Russian Federation; about foreign citizens staying and residing (temporarily and permanently) in the Russian Federation; about registered vehicles.

A step-by-step interaction of the Federal Automated Fingerprint System "AFIS-GIC" with similar interregional systems of federal districts, regional systems of information centers and NCB of Interpol is being carried out. The possibility of obtaining fingerprint information in electronic form allows in the shortest possible time to identify the identity of suspects, to increase the efficiency of disclosing and investigating crimes.

On the basis of the GIAC of the Ministry of Internal Affairs of Russia, an interdepartmental automated system for maintaining the Register of the Federal Integrated Information Fund was created, providing for the integration of information resources and information interaction between ministries and departments (Ministry of Internal Affairs, FSB, Ministry of Finance, Ministry of Justice, Prosecutor General's Office, Supreme Court of the Russian Federation, etc.).

Using the mode of direct access to the data bank (within 7-10 minutes without breaking the communication line) and the mode of deferred request (within 1 hour using e-mail) will greatly facilitate the work of employees of operational services, investigation and inquiry units, and other law enforcement agencies.

The total number of users who are provided with access to the automated centralized accounting of the vertical "Main information and analytical center - information centers of the Ministry of Internal Affairs, GUVD, ATC" is more than 30 thousand. More than a third of them are users of the GROVD level and police departments (divisions).

For information support of the operational activities of bodies, divisions and institutions of internal affairs, the educational process and scientific activities of research and higher educational institutions of the Ministry of Internal Affairs of Russia, the Data Bank of the Scientific and Technical Information System (DB SNTI) of the Ministry of Internal Affairs of Russia was created at the GIAC. DB STTI contains materials on the experience of the internal affairs bodies of Russia, the activities of law enforcement agencies of foreign countries, as well as information on the results of research and development work and dissertation research carried out in the system of the Ministry of Internal Affairs of Russia.

The most effective means of increasing the availability and ease of obtaining information, bringing it to the consumer is the data bank of the scientific and technical information system (DB STTI) of the Ministry of Internal Affairs of Russia.

The data bank of the SNTI of the Ministry of Internal Affairs of the Russian Federation is intended to provide information to employees of bodies and institutions of the Ministry of Internal Affairs of Russia with information about the experience of the internal affairs bodies of Russia, the activities of law enforcement agencies of foreign countries and the results of scientific research carried out in the system of the Ministry of Internal Affairs of Russia.

Structurally, the databank consists of three sections:

• domestic experience - express information, bulletins, guidelines, analytical reviews, criminological forecasts;
• foreign experience - information publications, translations of articles of foreign magazines, reports on foreign business trips and other materials on the activities of law enforcement agencies of foreign countries;
• scientific research - reporting documents on research and development work, abstracts of defended dissertations prepared by employees of research and higher educational institutions of the Ministry of Internal Affairs of Russia.

As of January 1, 2010, the SNTI database contains over 5 thousand materials, of which 30% are about the work experience of the Internal Affairs Directorate of Russia, 38% of foreign law enforcement activities, and 32% of scientific research.

The databank is installed on the communication node of the GIAC as part of the data transmission backbone (MRTD) of the Ministry of Internal Affairs of Russia. All employees of the Ministry of Internal Affairs of Russia, the Ministry of Internal Affairs, the Central Internal Affairs Directorate, the Internal Affairs Directorate of the constituent entities of the Russian Federation, UVDT, research and educational institutions, who are subscribers of the GIAC node, can directly contact the DB STTI.

It also provides an opportunity to select materials in the deferred request mode for all subscribers of the MRTD of the Ministry of Internal Affairs of Russia.

Along with the growth in the use of the SNTI DB at the GIAC communication node in 65 regions of the Russian Federation, regional data banks of scientific and technical information have been created and are being formed on the basis of information arrays of the SNTI DB. 6 .

The NTI regional databanks are provided with access to services, divisions and city district agencies. In a number of regions (the Republic of Sakha (Yakutia), Krasnodar Territory, Magadan Region, etc.), which occupy a significant territory, subregional STI data banks are organized in remote cities. Information arrays for them are regularly replicated and sent out on CD-ROMs.

The creation and development of regional data banks NTI is one of the promising ways to solve the problem of bringing information to the practitioners of the territorial bodies of internal affairs.

Together with the interested departments and divisions of the Ministry of Internal Affairs of Russia, work is underway to create a Central Data Bank for registering foreign citizens and stateless persons temporarily staying and residing in the Russian Federation.

conclusions

The main directions of protection of the information sphere.

1. Protection of the interests of the individual, society and the state from the impact of harmful, poor-quality information. Such protection is provided by institutions: mass media, documented and other information.

2. Protection of information, information resources and information system from unlawful influence in various situations. Such protection is provided by:

Institute of State Secrets;

Personal data.

3. Protection of information rights and freedoms (Institute of Intellectual Property).

The main task of information security is to balance the interests of society, the state and the individual. This balance should be adequate to the goals for the security of the country as a whole. Ensuring information security should be focused on the specifics of the information environment, determined by the social structure.

The focus of information security should be on the information environment of public authorities.

In the context of the globalization process, it is necessary to ensure a constant analysis of changes in policies and legislation in other countries.

The last task is to take into account the fulfillment of factors in the process of expanding the legal attention of the Russian Federation in the peaceful information space, including cooperation within the CIS, and the practice of using the Internet.

List of used literature

Constitution of the Russian Federation. - 1993

The concept of national security of the Russian Federation (as amended by the Decree of the President of the Russian Federation of January 10, 2000 No. 24).

Information security doctrine of the Russian Federation (approved by the President of the Russian Federation on September 9, 2000, No. Pr-1895).

Law of the Russian Federation of July 27, 2006 No. 149-FZ "On Information, Information Technologies and Information Protection".

Bot E., Sichert K .. Windows Security. - SPb .: Peter, 2006.

Dvoryankin S.V. Information confrontation in the law enforcement sphere / In collection: "Russia, XXI century - anti-terror ". - M .: "BIZON-95ST", 2000.

Karetnikov M.K. On the content of the concept "Information security of internal affairs bodies" / In collection: "International conference" Informatization of law enforcement systems ". - M .: Academy of Management of the Ministry of Internal Affairs of Russia, 1998.

Nikiforov S.V. Introduction to networking technologies. - M .: Finance and statistics, 2005 .-- 224c.

A.A. Torokin Engineering and technical information security: Textbook. - M .: "Helios ARV", 2005.

1 Beloglazov E.G. and other Fundamentals of information security of internal affairs bodies: Textbook. - M .: MosU of the Ministry of Internal Affairs of Russia, 2005.

2 V.I. Yarochkin Information Security: A Textbook for University Students. - M .: Academic Project; Gaudeamus, 2007.

3 Karetnikov M.K. On the content of the concept "Information security of internal affairs bodies" / In collection: "International conference" Informatization of law enforcement systems ". - M .: Academy of Management of the Ministry of Internal Affairs of Russia, 1998.

4 Dvoryankin S.V. Information confrontation in the law enforcement sphere / In collection: "Russia, XXI century - anti-terror." - M .: "BIZON-95ST", 2000.

5 Zhuravlenko N.I., Kadulin V.E., Borzunov K.K .. Fundamentals of information security: a textbook. - M .: MosU of the Ministry of Internal Affairs of Russia. 2007.

6 Zhuravlenko N.I., Kadulin V.E., Borzunov K.K .. Fundamentals of information security: a textbook. - M .: MosU of the Ministry of Internal Affairs of Russia. 2007.

				Ministry of Internal Affairs of the Russian Federation University of Moscow Faculty of correspondence and evening studies Small Ivanovsky per. House. 2
				Department of "Jurisprudence"
	Residence address:			F. Gorbatov
	Moscow region
	Istra district			O. Sergeevich
	p. Kostrovo st. Central			Course 2 (set) 2009 (6 years)
	d. 15 sq. 39			Group no. 2
				Gradebook No. 7029
	Test work "Fundamentals of information security in ATS"
	(name of the discipline)
	Theme option number 29
	Date of receipt of the job by the secretariat			Date of receipt of work by the department
	Date of submission of the work by the secretariat			Completion date of work check
				teacher

Modern hardware and software for network protection of computer information.

In general, the means of ensuring the protection of information in terms of preventing deliberate actions, depending on the method of implementation, can be divided into groups:

Technical (hardware) means... These are devices of various types (mechanical, electromechanical, electronic, etc.) that solve information security problems with hardware. They either prevent physical penetration, or, if the penetration did take place, access to information, including by masking it. The first part of the problem is solved by locks, grilles on windows, security alarms, etc. The second is the above-mentioned noise generators, power filters, scanning radios and many other devices that "block" potential information leakage channels or allow them to be detected. The advantages of technical means are associated with their reliability, independence from subjective factors, and high resistance to modification. Weaknesses - lack of flexibility, relatively large volume and weight, high cost.

Software include programs for user identification, access control, encryption of information, deletion of residual (working) information such as temporary files, test control of the protection system, etc. The advantages of the software are versatility, flexibility, reliability, ease of installation, the ability to modify and develop. Disadvantages - limited network functionality, the use of some of the resources of the file server and workstations, high sensitivity to accidental or deliberate changes, possible dependence on the types of computers (their hardware).

Mixed hardware and software provide the same functionality as hardware and software separately, and have intermediate properties.

Organizational means consist of organizational and technical (preparation of premises with computers, laying of a cable system, taking into account the requirements of restricting access to it, etc.) and organizational and legal (national legislation and work rules established by the management of a particular enterprise). The advantages of organizational tools are that they allow you to solve many different problems, are easy to implement, quickly respond to unwanted actions in the network, and have unlimited possibilities for modification and development. Disadvantages - high dependence on subjective factors, including the general organization of work in a particular department.

According to the degree of distribution and availability, software tools are allocated, therefore, they are considered in more detail below. Other means are used in cases where an additional level of information protection is required.

Data encryption is a kind of information security software and is of particular importance in practice as the only reliable protection of information transmitted over long serial lines from leakage. Encryption forms the last, almost insurmountable "line" of protection against unauthorized attacks. Encryption is often used in conjunction with the more general concept of cryptography. Cryptography includes methods and means of ensuring the confidentiality of information (including using encryption) and authentication. Confidentiality - protection of information from familiarization with its content by persons who do not have the right to access it. In turn, authentication is the establishment of the authenticity of various aspects of information interaction: communication session, parties (identification), content (imitation protection) and source (attribution using a digital signature).

The number of encryption programs used is limited, and some of them are de facto or de jure standards. However, even if the encryption algorithm is not a secret, it is extremely difficult to decrypt (decrypt) without knowing the private key. This property in modern encryption programs is provided in the process of multi-stage transformation of the original open information (plain text in English literature) using a key (or two keys - one for encryption and decryption). Ultimately, any complex encryption method (algorithm) is a combination of relatively simple methods.

Classic data encryption algorithms

The following "classic" encryption methods are available:

substitution (simple - one-alphabetic, multi-alphabetic one-loop, multi-alphabetic multi-loop);

permutation (simple, complicated);

gamma (mixing with short, long or unlimited mask).

The resistance of each of the listed methods to decryption without knowing the key is quantified using the Sk index, which is the minimum amount of ciphertext that can be decrypted by means of statistical analysis.

Substitution assumes the use of an alternative alphabet (or several) instead of the original one. In the case of a simple substitution for the characters of the English alphabet, one can propose, for example, the following replacement (see Table 1).

Table 1. An example of substitution of characters for substitution

Original alphabet

A B C D E F G H I J… X Y Z

Alternative alphabet

S O U H K T L X N W… A P J

Permutation potentially provides greater resistance to decryption than substitution and is performed using a digital key or an equivalent keyword, as shown in the following example. A numeric key consists of non-repeating digits, and its corresponding keyword consists of non-repeating characters. The original text (plain text) is written under the key line by line. The encrypted message (cipher text) is written out column by column in the order as prescribed by the key digits or in the order in which the individual characters of the keyword are located.

Gumming (mixing with a mask) is based on modulo 2 bitwise addition (in accordance with the EXCLUSIVE OR logic) of the original message with a preselected binary sequence (mask). The compact representation of the mask can be numbers in decimal notation or some text (in this case, internal character codes are considered - for English text, the ASCII table). In fig. 9.2 shows how the original character "A", when added to the mask 0110 10012, is transformed into the character "(" in the encrypted message.

The operation of summation modulo 2 (EXCLUSIVE OR) is reversible, so that when the encrypted message is added with the same mask (key), the original text is obtained (decryption occurs). Constants of type or e can be used as a mask (key). The greatest resistance to decryption can be provided by using a mask with an infinite length, which is formed by a generator of random (more precisely, pseudo-random) sequences. Such a generator can be easily implemented in hardware or software, for example, using a shift register with feedback, which is used to calculate the error-correcting cyclic code. Accurate reproduction of the pseudo-random sequence in the generator at the receiving end of the line is ensured by setting the same initial state (contents of the shift register) and the same feedback structure as in the generator at the transmitting end.

The listed "classic" encryption methods (substitution, permutation, and gamming) are linear in the sense that the length of the encrypted message is equal to the length of the original text. A non-linear transformation of the substitution type is possible instead of the original characters (or whole words, phrases, sentences) of pre-selected combinations of characters of a different length. Protection of information by the dissection-diversity method is also effective, when the original data is divided into blocks, each of which does not carry useful information, and these blocks are stored and transmitted independently of each other. For text information, the selection of data for such blocks can be performed in groups that include a fixed number of bits, less than the number of bits per character in the encoding table. Recently, the so-called computer steganography (from the Greek words steganos - secret, secret and graphy - recording) has become popular, which is the hiding of a message or file in another message or file. For example, you can hide an encrypted audio or video file in a large information or graphic file. File size - the container must be at least eight times larger than the original file. Examples of common programs that implement computer steganography are S - Tools (for Windows 95 / NT). and Steganos for Windows'95. The actual encryption of information is carried out using standard or non-standard algorithms.

Information security software

Built-in information security tools in network operating systems are available, but they cannot always completely solve problems that arise in practice. For example, network operating systems NetWare 3.x, 4.x provide reliable "layered" data protection from hardware failures and damage. Novell's SFT (System Fault Tolerance) system has three main layers:

SFT Level I provides, in particular, the creation of additional copies of FAT and Directory Entries Tables, immediate verification of each newly written data block to the file server, as well as backing up on each hard disk about 2% of the disk space. If a failure is detected, the data is redirected to the reserved area of ​​the disk, and the bad block is marked as "bad" and is not used in the future.

SFT Level II includes additional options for creating "mirrored" drives, as well as duplicating disk controllers, power supplies, and interface cables.

SFT Level III allows you to use duplicated servers in a local network, one of which is the "master", and the second, containing a copy of all information, comes into operation in the event of a "master" server failure.

The system for controlling and limiting access rights in NetWare networks (protection against unauthorized access) also contains several levels:

initial access level (includes username and password, system of accounting restrictions - such as explicit permission or denial of work, allowed time on the network, hard disk space occupied by personal files of a given user, etc.);

the level of user rights (restrictions on the performance of certain operations and / or on the work of a given user, as a member of a department, in certain parts of the network file system);

the level of attributes of directories and files (restrictions on performing certain operations, including deleting, editing or creating, coming from the file system and affecting all users trying to work with these directories or files);

the file server console level (blocking the file server keyboard during the absence of the network administrator before entering a special password).

However, it is not always possible to rely on this part of the information security system in NetWare. This is evidenced by numerous instructions on the Internet and ready-made available programs that allow you to hack certain elements of protection against unauthorized access.

The same remark is true for later versions of NetWare OS (up to the latest 6th version) and other "powerful" network operating systems with built-in information security tools (Windows NT, UNIX). The fact is that information protection is only part of the many tasks that are solved by network operating systems. Improvement of one of the functions to the detriment of others (with understandable reasonable restrictions on the volume occupied by a given OS on a hard disk) cannot be the main direction of development of such general-purpose software products, which are network operating systems. At the same time, due to the severity of the information security problem, there is a tendency to integrate (embed) separate, well-proven and become standard tools in network operating systems, or to develop their own "proprietary" analogs to well-known information security programs. For example, the NetWare 4.1 network operating system provides the ability to encode data according to the "public key" principle (RSA algorithm) with the formation of an electronic signature for packets transmitted over the network.

Specialized software tools for protecting information from unauthorized access have, on the whole, better capabilities and characteristics than the built-in tools of a network operating system. In addition to encryption programs and cryptographic systems, there are many other external information security tools available. Of the most frequently mentioned solutions, the following two systems should be noted, which allow limiting and controlling information flows.

Firewalls - firewalls (literally firewall - wall of fire). Between the LAN and WAN, special intermediate servers are created that inspect and filter all network / transport layer traffic passing through them. This can dramatically reduce the threat of unauthorized access from outside to corporate networks, but does not completely eliminate this danger. A more secure version of the method is masquerading, when all traffic originating from the local network is sent on behalf of the firewall server, making the local network almost invisible.

Proxy-servers (proxy - power of attorney, trusted person). All network / transport layer traffic between the local and global networks is completely prohibited - there is no routing as such, and calls from the local network to the global network occur through special intermediary servers. Obviously, in this case, calls from the global network to the local one become impossible in principle. This method does not provide sufficient protection against attacks at higher levels - for example, at the application level (viruses, Java code, and JavaScript).

Unauthorized copying of programs as a type of unauthorized access. Legal aspects of unauthorized copying of programs. Copy protection methods.

Unauthorized copying of confidential information - in the process of work of each company, cases of leakage of confidential information are inevitable. Despite the fact that the security systems responsible for storing and accessing internal information are constantly being improved, the problem continues to exist. Organizations suffer huge losses due to the unauthorized distribution of confidential information. Unauthorized copying can be carried out by means of confiscation of computer equipment; interception of information; unauthorized access to equipment, as well as manipulation of data and control commands.

Information and information legal relations are increasingly becoming a new subject of criminal encroachment. Crimes of this category of the Criminal Code of the Russian Federation include: unlawful access to computer information (Art. 272); creation, use and distribution of malicious programs for computers (Article 273); violation of the rules for the operation of computers, computer systems or their networks (Art. 274).

The general object of these crimes is public relations to ensure information security, and the direct objects of criminal encroachment are: databases and data banks, individual files of specific computer systems and networks, as well as computer technologies and software, including those that protect computer information from unauthorized access ...

Information is understood as information about persons, objects, facts, events, phenomena and processes, regardless of the form of their presentation. Documented information is information recorded on a material carrier with details that allow them to be identified. Computer information is considered documented, but stored in a computer or controlling it in accordance with the program and (or) instructions of the user.

Computer storage media include computer memory blocks, its peripheral systems, computer communication facilities, network devices and telecommunication networks.

Responsibility under Art. 272 of the Criminal Code of the Russian Federation occurs if illegal access to computer information has led to such dangerous consequences as destruction, blocking, modification, copying of information or disruption of the operation of computers, their systems or networks.

Destruction is such a change in information that deprives it of its original quality, as a result of which it ceases to meet its intended purpose. Blocking means a temporary or permanent impossibility of access to information by a legitimate user, and modification means its modification with the emergence of new, undesirable properties. Copying is a reproduction of an exact or relatively accurate analogue of the original; and disruption of the operation of computers, their systems or networks, deceleration, looping, termination of the program, violation of the order of execution of commands, refusal to issue information, disconnection of elements of the computer system, other abnormal situations. In this case, a system is considered to be an interconnected set of computers with their unified organizational and technical support, and a network is an association of computer systems operating in a certain territory.

Software products and computer databases are the subject of the intellectual work of highly qualified specialists. The process of designing and implementing software products is characterized by significant material and labor costs, is based on the use of science-intensive technologies and tools, and requires the use of an appropriate level of expensive computing equipment. This necessitates taking measures to protect the interests of the software developer and the creators of computer databases from their unauthorized use.

Software is also subject to protection due to the complexity and laboriousness of restoring its operability, the importance of software for the operation of the information system.

Software protection aims to:

Restriction of unauthorized access to programs or their deliberate destruction and theft;

Elimination of unauthorized copying (duplication) of programs.

The software product and databases must be protected in several ways from exposure:

1) human - theft of machine media and software documentation; malfunction of the software product, etc.;

2) hardware - connecting hardware to a computer for reading programs and data or their physical destruction;

3) specialized programs - making a software product or database inoperable (for example, virus infection), unauthorized copying of programs and databases, etc.

The easiest and most affordable way to protect software products and databases is to restrict access. Access control to the software product and the database is built by:

Password protection of programs when they are launched;

Using a key diskette to run programs;

Restrictions on programs or data, processing functions available to users, etc.

Cryptographic methods of protecting database information or head program modules can also be used.

Software systems for protection against unauthorized copying.

These systems prevent unlicensed use of software products and databases. The program is executed only upon recognition of some unique non-copyable key element.

Such key elements can be:

A floppy disk containing a non-copyable key;

Specific characteristics of the computer hardware;

A special device (electronic key) connected to a computer and designed to issue an identification code.

Software systems for copy protection of software products:

identify the environment from which the program will be launched;

establish the correspondence of the environment from which the program is launched to the one for which

authorized launch allowed;

develop a response to launch from an unauthorized environment;

authorized copying is registered;

counteract the study of algorithms and programs of the system.

The following methods are used to identify startup floppies:

1) damage to the surface of the floppy disk ("laser hole"), which can hardly be reproduced in an unauthorized copy of the floppy disk;

2) non-standard formatting of the startup diskette.

Identification of the computer environment is ensured by:

1) fixing the location of programs on a hard magnetic disk (the so-called non-relocatable programs);

2) binding to the BIOS number (calculation and memorization with subsequent verification when starting the system checksum);

3) binding to a hardware (electronic) key inserted into the I / O port, etc.

In the West, the most popular methods of legal protection of software products and databases.

Legal methods of protection of software products and databases

Legal methods of protecting software include:

Patent protection;

Trade Secrets Act;

License agreements and contracts;

Economic rights that give their owners the right to obtain economic benefits from the sale or use of software products and databases;

Moral rights that protect the identity of the author in his work.

In many civilized countries, unauthorized copying of software for sale or free distribution is considered a state crime, punishable by a fine or imprisonment. But, unfortunately, copyright itself does not provide protection for a new idea, concept, methodology and technology of software development, so additional protection measures are required.

Patent protection sets the priority in the development and use of a new approach or method used in the development of programs, certifies their originality.

The status of a trade secret for a program limits the circle of persons familiar or allowed to operate it, and also determines the extent of their responsibility for disclosing secrets. For example, password access to a software product or database is used, up to passwords for individual modes (reading, writing, correcting, etc.). Programs, like any material object of high value, must be protected from theft and deliberate destruction.

License agreements cover all aspects of legal protection of software products, including copyright, patent protection, trade secrets. The most commonly used copyright licensing agreements.

License - an agreement for the transfer by one person (licensor) to another person (licensee) of the right to use a name, product, technology or service. The licensor increases its income by collecting royalties, expands the scope of distribution of the software product or database; the licensee derives revenues from their use.

The license agreement stipulates all conditions for the use of programs, including the creation of copies. Each copy of the program should have the same marks as on the original:

Patent protection mark or trade secret;

Trademarks corresponding to other software products used in the program (usually the name of the company that developed the software product);

The symbol for the registered distribution of a software product (usually ®).

There are several types of software licenses

Exclusive license - sale of all property rights to a software product or database, the buyer of the license is granted the exclusive right to use them, and the author or patent owner refuses to independently use them or provide them to others.

This is the most expensive type of license; it is used for monopoly ownership in order to generate additional profit or to terminate the existence of a software product on the software market.

Simple license - the licensor grants the licensee the right to use the software product or database, reserving the right to use them and provide them on similar terms to an unlimited number of persons (the licensee cannot issue sublicenses himself, he can only sell copies of the purchased software product or database).

This type of license is acquired by a dealer (trader) or manufacturing firms that use the purchased licenses as an accompanying product to the main activity. For example, many manufacturers and firms selling computer equipment sell computers with licensed software installed (operating system, word processor, spreadsheet, graphics packages, etc.).

Label License - A license for one copy of a software product or database. This license type applies to retail sales. Each official buyer enters into a licensing agreement with the seller for their use, but the copyright of the developer remains.

The economic relationship between the licensor and the licensee can be built in different ways. A one-time fee (lump-sum payment) is paid for the right to use a software product or database, which is the actual price of the license. Periodic payments to the licensor for the right to use in the form of royalties are also possible - a flat rate at certain intervals during the validity of the license agreement, as a rule, a percentage of the cost of software products or databases.

Bibliography:

Law of the Russian Federation of July 27, 2006 No. 149-FZ "On Information, Information Technologies and Information Protection".

Beloglazov E.G. and etc. Fundamentals of Information Security of Internal Affairs Bodies: Textbook. - M .: MosU of the Ministry of Internal Affairs of Russia, 2005.

H I. Zhuravlenko, V. E. Kadulin, K. K. Borzunov. Fundamentals of Information Security: A Study Guide. - M .: MosU of the Ministry of Internal Affairs of Russia. 2007.

V.I. Yarochkin Information Security: A Textbook for University Students. - M .: Academic Project; Gaudeamus, 2007.

Zegzhda D.P., Ivashko A.M. Fundamentals of information systems security. - M .: Hot line-Telecom, 2000.

E. Bot, K. Sichert. Windows Security. - SPb .: Peter, 2006.

A.N. Ensuring internet security. Workshop: Textbook for universities. - M .: Hot line-Telecom, 2007.

A.A. Torokin Engineering and technical information security: Textbook. - M .: "Helios ARV", 2005. Department of Internal Affairs on to the Koptevo district of ... The basics automation control in ATS ed. Minaeva V.A., Polezhaeva V.P. - M .: Academy of the Ministry of Internal Affairs of Russia, 1993. Information ...

1. Security regional children's center Constellation

   Abstract >> Life Safety

   ... security... V basis her ... Organs ATS have a clear ... Informational collection "Regional Children's Center" Constellation "REGULATIONS ON STATE INSPECTION SAFETY ... on fire department security carried out as part of the initial briefing on technique security ...

2. The severity of personal characteristics in female employees ATS Ministry of Internal Affairs of Russia

   Thesis >> Psychology

   Female employees ATS Methodological and theoretical basis studies were ... more often as a result of exposure information pressure), with more ... security, maturity, social culture, spirituality (Fig. 4). Fig. 4. Distribution of female employees ATS on ...

3. Social protection of employees in the internal affairs bodies (for example, ATC on Amur region)

   Thesis >> Sociology

   Employees ATS 1.1 Legal basics staff activities ATS 1.2 ... planned on the following directions: informational security: ... ATS are representatives of the authorities and carry out activities on providing personal and public security, on ...