Department of Informatics and Mathematics

Test

“Fundamentals of information security in internal affairs bodies”

Performed:

Bychkova Elena Nikolaevna

2nd year student, 2nd group

Moscow – 2009

Plan

1. The concept and goals of conducting special inspections of informatization objects; main stages of the audit

2. Vulnerability of computer systems. The concept of unauthorized access (UNA). Classes and types of NSD

2.1 Vulnerability of the main structural and functional elements of distributed AS

2.2 Threats to the security of information, AS and subjects of information relations

2.3 Main types of threats to the security of subjects of information relations

List of used literature

1. The concept and goals of conducting special inspections of informatization objects; main stages of the audit

Informatization object - a set of informatization tools together with the premises in which they are installed, intended for processing and transmission of protected information, as well as dedicated premises.

Information technology means computer and communications equipment, office equipment designed for collecting, accumulating, storing, searching, processing data and distributing information to the consumer.

Computer equipment - electronic computers and complexes, personal electronic computers, including software, peripheral equipment, teleprocessing devices.

A computer object (CT) is a stationary or mobile object, which is a complex of computer equipment designed to perform certain information processing functions. Computer facilities include automated systems (AS), automated workstations (AW), information and computing centers (ICC) and other complexes of computer equipment.

Computer facilities can also include individual computer facilities that perform independent information processing functions.

Dedicated premises (VP)- a special room intended for holding meetings, conferences, conversations and other events of a speech nature on secret or confidential issues.

Activities of a speech nature can be carried out in dedicated premises with or without the use of technical means of speech information processing (TSIP).

Technical Information Processing Tool (ITI)- a technical device designed to receive, store, search, transform, display and/or transmit information via communication channels.

ICT includes computer equipment, communication tools and systems, means of recording, amplifying and reproducing sound, intercom and television devices, means of producing and reproducing documents, film projection equipment and other technical means associated with reception, accumulation, storage, search, transformation, display and/or transmission of information via communication channels.

Automated system (AC)- a set of software and hardware designed to automate various processes related to human activity. At the same time, a person is a link in the system.

Special check This is a check of a technical means of information processing carried out with the aim of searching and seizing special electronic embedded devices (hardware embedded).

Certificate of the object of protection- a document issued by a certification body or other specially authorized body confirming the presence at the protection facility of necessary and sufficient conditions to fulfill the established requirements and standards for the effectiveness of information protection.

Certificate of allocated premises- a document issued by the certification (certification) body or other specially authorized body, confirming the presence of the necessary conditions that ensure reliable acoustic protection of the allocated premises in accordance with established norms and rules.

Instructions for use- a document containing requirements for ensuring the security of a technical means of information processing during its operation.

Certification test program- a mandatory organizational and methodological document establishing the object and purpose of the test, the types, sequence and volume of experiments performed, the procedure, conditions, place and timing of the tests, provision and reporting on them, as well as responsibility for the provision and conduct of tests.

Methodology of certification tests- mandatory organizational and methodological document, including test method, means and test conditions, sampling, algorithm for performing operations. By determining one or more interrelated characteristics of the security of an object, a form for presenting data and assessing the accuracy and reliability of the results.

Certification test report- a document containing the necessary information about the test object, the methods used, means and test conditions, as well as a conclusion on the test results, drawn up in the prescribed manner.

Basic technical means and systems (OTSS)- technical means and systems, as well as their communications, used for processing, storing and transmitting confidential (secret) information.

OTSS may include information technology tools and systems (computer tools, automated systems of various levels and purposes based on computer technology, including information and computing complexes, networks and systems, communication and data transmission tools and systems), technical means of reception, transmission and processing of information (telephony, sound recording, sound amplification, sound reproduction, intercom and television devices, means of production, replication of documents and other technical means of processing speech, graphic video, semantic and alphanumeric information) used for processing confidential (secret) information.

Auxiliary technical means and systems (ATSS)- technical means and systems not intended for the transmission, processing and storage of confidential information, installed together with the OTSS or in dedicated premises.

These include:

Various types of telephone facilities and systems;

Means and systems for data transmission in the radio communication system;

Security and fire alarm systems and equipment;

Means and systems of warning and alarm;

Control and measuring equipment;

Air conditioning products and systems;

Tools and systems for wired radio broadcasting networks and reception of radio and television programs (subscriber loudspeakers, radio broadcasting systems, televisions and radios, etc.);

Electronic office equipment.

Preparation of documents based on the results of certification tests:

Based on the results of certification tests in various areas and components, test reports are drawn up. Based on the protocols, a Conclusion is adopted based on the certification results with a brief assessment of the compliance of the informatization object with information security requirements, a conclusion about the possibility of issuing a “Certificate of Conformity” and the necessary recommendations. If the information object meets the established requirements for information security, a Certificate of Compliance is issued for it.

Re-certification of an informatization object is carried out in the case when changes have been made to a recently certified object. Such changes may include:

Changing the location of the OTSS or VTSS;

Replacing OTSS or VTSS with others;

Replacement of technical means of information security;

Changes in the installation and laying of low-current and solo cable lines;

Unauthorized opening of sealed OTSS or VTSS cases;

Carrying out repair and construction work in designated premises, etc.

If it is necessary to re-certify an informatization object, re-certification is carried out according to a simplified program. Simplifications consist in the fact that only elements that have undergone changes are tested.

2. Vulnerability of computer systems. The concept of unauthorized access (UNA). Classes and types of NSD

As analysis shows, most modern automated information processing systems (AS) in the general case are geographically distributed systems of local computer networks (LANs) and individual computers intensively interacting (synchronizing) with each other using data (resources) and managing (events).

In distributed systems, all the “traditional” methods for locally located (centralized) computing systems of unauthorized interference in their operation and access to information are possible. In addition, they are characterized by new specific channels for penetration into the system and unauthorized access to information.

Let us list the main features of distributed speakers:

· territorial separation of system components and the presence of intensive information exchange between them;

· a wide range of used methods for presenting, storing and transmitting information;

· integration of data for various purposes belonging to various subjects within unified databases and, conversely, placement of data required by some subjects in various remote network nodes;

Information security in the activities of internal affairs bodies: theoretical and legal aspect

As a manuscript

Velichko Mikhail Yurievich

INFORMATION SECURITY IN ACTIVITY

OF INTERNAL AFFAIRS: THEORETICAL AND LEGAL ASPECT

Specialty 12.00.01 – theory and history of law and

states; history of doctrines about law and state

PhD in Law

Kazan - 2007 2

The work was carried out at the Department of Theory and History of State and Law of the State Educational Institution of Higher Professional Education “Kazan State University named after. IN AND. Ulyanov-Lenin"

Scientific director Doctor of Law, Professor Gorbachev Ivan Georgievich

Official opponents:

Honored Lawyer of the Russian Federation, Doctor of Law, Professor Alexey Ivanovich Aleksandrov Doctor of Law, Professor Valentin Grigorievich Medvedev

Leading organization State educational institution of higher professional education "Moscow University of the Ministry of Internal Affairs of Russia"

The defense of the dissertation will take place on September 20, 2007 at 14:00 at a meeting of the Dissertation Council K 212.081.01 for the defense of dissertations for the degree of candidate of legal sciences at the State educational institution of higher professional education “Kazan State University named after. IN AND. Ulyanov-Lenin" (420008, Kazan, Kremlevskaya str., 18, room 324).

The dissertation can be found in the scientific library named after. N.I.

Lobachevsky State Educational Institution of Higher Professional Education “Kazan State University named after.

Scientific secretary of the dissertation council, candidate of legal sciences, associate professor G.R. Khabibullina

I.

GENERAL DESCRIPTION OF WORK

Relevance dissertation research topics. As a result of the implementation of socio-economic transformations over the past years, society and public relations in Russia have moved to a qualitatively new state, characterized, in particular, by a strong merging of government bodies, business organizations and criminals, which dictates an urgent need to revise the functions and tasks of law enforcement agencies and security agencies national security, economic security and law enforcement forces.

The transition to a new state of Russian society is inextricably linked with the emergence of new challenges and threats to both national security as a whole and its most important components - economic and public security. The emergence of these threats against the backdrop of a strong lag and insufficient development of the Russian legislative framework is associated, first of all, with the accelerated capitalization of economic relations of society, the rapid development of market relations, the close integration of Russia into global economic relations, the globalization of the world economy, the globalization and transnationalization of crime in the main vital important areas of public relations, the emergence and development of international terrorism, etc.

All this requires serious reflection and the development of new mechanisms for organizing the fight against national and transnational crime.

A necessary condition for the socio-economic development of the Russian Federation is to reduce the crime rate. The current state, the applied law enforcement mechanisms and means of combating modern crime do not fully correspond to the state and dynamics of the spread of organized crime, the shadow economy and economic crime, drug and human trafficking, terrorism and extremism, and corruption.

The information revolution contributes to the creation and inclusion in the socio-economic system of such flows of information that may be quite sufficient to effectively resolve most modern global and regional socio-economic problems, to ensure rational management of natural resources, harmonious economic, political, social and cultural-spiritual development of society and his safety. Crime, which is basically large-scale and organized, covers entire regions and even the entire territory of the country, going beyond its borders, takes full advantage of these same achievements in the field of information, and has great opportunities for access to information, technical and financial resources, their increase and use in their illegal activities.

These circumstances necessitate a radical rethinking of existing views and the development of new conceptual approaches to the problem of information security, combating such new phenomena as cybercrime and cyberterrorism in order to ensure national security.

The relevance of the study of legal and organizational and managerial mechanisms for ensuring information security of internal affairs bodies in the conditions of integration of information systems of law enforcement agencies and special services is also due to the fact that issues of the theory of information security have traditionally been considered, as a rule, from a technical point of view or in relation to pre-existing and established organizational systems.

A number of studies note that the problem of ensuring the protection of information is often narrowed to the problem of ensuring the protection of only computer information. So, O.V. Genne rightly believes that to implement an effective approach, an interconnected consideration of a number of aspects of information security is necessary 1.

The formation of an information security regime is a complex problem, in which four levels can be distinguished: legislative (laws, regulations, standards, etc.); administrative (general actions taken by management); procedural (security measures aimed at monitoring employee compliance with measures aimed at ensuring information security); software and hardware (technical measures).

Based on this, there is a need to develop theoretical provisions and methodological principles for ensuring information security by internal affairs bodies. Of particular importance is the scientific and practical problem of comprehensive consideration of issues of state legal regulation and organizational management in the field of ensuring information security of law enforcement agencies. All this determined the relevance of the research topic and the range of issues under consideration.

State of knowledge of the problem. Issues of state regulation in the information sphere began to be addressed to a significant extent in scientific publications only in the second half of the 20th century, when the international exchange of scientific and technical achievements began to develop at an accelerated pace. The following domestic scientists made a great contribution to the area under consideration: V.D. Anosov, A.B. Antopolsky, G.T. Artamonov, P.I. Asyaev, Yu.M. Baturin, I.L. Bachilo, M. Boer, A.B.

Vengerov, M.I. Dzliev, G.V. Emelyanov, I.F. Ismagilov, V.A. Kopylov, V.A.

Lebedev, V.N. Lopatin, G.G. Pocheptsov, M.M. Rassolov, I.M. Rassolov, A.A.

Streltsov, A.D. Ursul, A.A. Fatyanov, A.P. Fisun and others. Among foreign ones See: Genne O.V. Basic provisions steganography // Information protection Confidential. P.20-25.

Scientists in this direction include the works of R. Goldscheider, I. Gerard, J. Mayer, B. Marcus, J. Romary, S. Philips and others.

Purpose and tasks dissertation research. Purpose The research is to clarify the theoretical and legal provisions, methodological principles for ensuring information security of internal affairs bodies, information warfare and effective information counteraction to criminal structures using legal and law enforcement mechanisms.

In accordance with the formulated goal, the following tasks were set in the work:

Research and clarify the theoretical and methodological foundations of state legal regulation in the field of information protection and organization of information security of internal affairs bodies;

Determine ways to improve legal mechanisms for information protection, organizational measures and management decisions to combat computer crimes;

Identify the role of legal and organizational mechanisms for protecting information in information support systems for the activities of internal affairs bodies;

Develop proposals for the formation of organizational and legal mechanisms for ensuring information security of internal affairs bodies.

The object of the dissertation research is information security of internal affairs bodies.

Subject of research are legal and organizational and managerial mechanisms for ensuring information security of internal affairs bodies.

The theoretical and methodological developments of economic and information security and information protection served as the theoretical and methodological basis of the dissertation research.

The study is based on a systematic methodology developed by V.N. Anishchenko, B.V. Akhlibininsky, L.B. Bazhenov, R.N. Bayguzin, B.V. Biryukov, V.V. Bordyuzhe, V.V. Verzhbitsky, G.G. Vdovichenko, V.A.

Galatenko, A.P. Gerasimov, I.I. Grishkin, D.I. Dubrovsky, L.A. Petrushenko, M.I. Setrov, A.D. Ursul, G.I. Tsaregorodtsev and others.

The theoretical and legal basis of the dissertation research was the works of scientists in the field of criminal law, criminology, computer science theory of law, including the works of: S.S. Alekseeva, Yu.M. Baturina, N.I. Vetrova, V.B. Vekhova, B.V. Zdravomyslova, V.V. Krylova, V.N.

Kudryavtseva, Yu.I. Lyapunova, A.V. Naumova, S.A. Pashina, A.A. Piontkovsky, N.A. Selivanova, A.N. Trainina, O.F. Shishova.

When conducting the research, dialectical, formal-legal, comparative-legal, abstract-logical, analytical methods were used, and methods of applied and special disciplines (criminal law, statistics, computer science, information security theory) were used.

The regulatory and legal basis for the study was the provisions of international legislation, the legal framework of the Russian Federation on information protection, the Criminal Code of the Russian Federation and regulatory legal documents based on them.

a comprehensive analysis of legal and organizational mechanisms for ensuring information security of internal affairs bodies.

Scientific novelty research lies in the very formulation of the problem and the choice of the range of issues to be considered. This dissertation is the first work in domestic legal science devoted to the information security of law enforcement agencies of the Russian Federation, the basis of which is formed by the internal affairs bodies of the Ministry of Internal Affairs of Russia. For the first time, it analyzes modern threats to national security in the information sphere emanating from organized national and transnational crime, corruption, terrorism, extremism and the criminal economy, and substantiates the role and place of information security in the overall system of ensuring national security. For the first time, a comprehensive analysis of the goals, objectives, functions and powers of internal affairs bodies in the field of combating computer crimes and cyber terrorism, ensuring information security in operational activities was carried out. Based on an interconnected assessment of the state of the operational situation and the nature of crimes in the information sphere, the scale, forms, methods and means of information counteraction to law enforcement agencies from crime, the position is substantiated that the internal affairs bodies are in a state of information war against various types of crime, primarily organized and economic. Proposals have been formulated on areas for improving state legal regulation of relations in the field of ensuring information security of internal affairs bodies and developing current legislation.

research lies in its focus on solving the problems facing the internal affairs bodies to ensure law and order, the security of the state, society and the individual.

promote the implementation of a coordinated state policy in the field of ensuring national and information security, the gradual improvement of state-legal regulation of relations between internal affairs bodies in the field of information protection, combating computer crime and cyber terrorism.

The applicant's conclusions and recommendations were used to substantiate state legal measures and mechanisms for ensuring information security of internal affairs bodies, and to prepare reports to the leadership of the Ministry of Internal Affairs of Russia and to the highest executive authorities of the Russian Federation on security issues.

The theoretical developments of the applicant can serve as the basis for further scientific research in the field of ensuring the national security of the Russian state and society, and can also be used in the educational process of higher educational institutions and research institutions of the Ministry of Internal Affairs of Russia.

Provisions for defense. In the process of research, a number of new theoretical provisions were obtained that are put forward for defense:

In modern conditions, information security of society, state and individual is, along with other types of security, including economic, the most important component of national security.

Threats to the country's information security, the sources of which are modern national and transnational criminal communities, in their totality and scale of impact, covering the entire territory of the country and affecting all spheres of society, undermine the foundations of the national security of the Russian Federation, causing significant damage to it.

The internal affairs bodies of the Ministry of Internal Affairs of Russia are an important component of the forces and means of countering information attacks by criminal communities on the rights and freedoms of citizens, the security of the state, society and individuals.

In the current state of crime, which is basically large-scale and organized, covers entire regions and even the entire territory of the country, going beyond its borders, has great opportunities for access to information means and weapons, their expansion and use in their illegal activities, it is impossible ensure information security of internal affairs bodies only through the use of protective equipment and mechanisms. In these conditions, it is necessary to conduct active offensive (combat) operations using offensive weapons in order to ensure superiority over crime in the information sphere.

information war against both national and transnational criminal communities, the specific content and main form of which is information warfare using information, computing and radio means, electronic intelligence equipment, information and telecommunication systems, including space communication channels, geographic information systems and other information systems , complexes and means.

The evolution of the legal regime, organizational foundations and the actual activities of the internal affairs bodies in providing information to cyber terrorism were greatly affected by changes in the political and socio-economic situation of the country. The developed and implemented approaches to the “forceful” provision of law and order and security in conditions of high activity of organized criminal communities require a radical rethinking of existing views and the development of new conceptual approaches to the problem of state legal regulation of relations in the field of information security, the fight against cyber terrorism in order to ensure national security .

The general social nature of the activities of internal affairs bodies, the need for clear legal regulation of their activities in the special conditions of waging an information war against large-scale organized crime, require the creation of an appropriate state legal regime and its reflection in fundamental political and regulatory legal documents. Therefore, it seems logically justified for the information security of the Russian Federation, the RSFSR Law “On Security” to include provisions regarding the concept of “information warfare” and the conditions for the use of information weapons in the fight against cyber crime and cyber terrorism, as well as expanding the range of powers of internal affairs officers in the RSFSR Law “On police" regarding the special conditions for the use of information weapons in order to effectively combat organized crime in the event of direct threats to the information security of society and the state.

provisions of this work were discussed at the scientific and practical conference “Institutional, economic and legal foundations of financial investigations in the fight against terrorism” (Academy of Economic Security of the Ministry of Internal Affairs of Russia, 2006), the interdepartmental round table “Current problems of legislative regulation of operational investigative activities of law enforcement agencies” and the interdepartmental scientific conference “Topical issues of the theory and practice of operational-search activities of internal affairs bodies to combat economic crimes”, All-Russian scientific and practical conference “Combating the legalization of criminal proceeds: problems and ways of their All-Russian Research Institute of the Ministry of Internal Affairs of Russia, 2007).

The dissertation research material was used in the preparation of specialized lectures on the problems of liability for committing crimes in the field of computer information at advanced training courses for authorities to combat economic crimes.

The main provisions and conclusions of the dissertation are presented in six scientific publications.

Scope and structure of the dissertation research. Structure and scope of the dissertation determined by the purpose and objectives of the study. It consists of an introduction, three chapters combining eight paragraphs, a conclusion and a list of references.

II. BASIC THE CONTENT OF THE WORK

the degree of its scientific development is revealed, the object, subject, purpose and objectives of the research are determined, the main provisions submitted for defense are formulated, the theoretical and methodological foundations are substantiated, the scientific novelty and practical significance of the research are revealed, and information about the testing of its results is provided.

Chapter I. Theoretical and legal foundations of information security Chapter one is devoted to the research and theoretical understanding of the category “information security”, as well as the legal nature of this phenomenon, the principles that form the content of information security, which is an independent area of ​​research.

national security: nature, essence, place in the categorical apparatus of the general theory of law" - represents a general theoretical legal justification for the concept of information security.

information security of the Russian Federation, approved by Decree of the President of the Russian Federation of September 9, 2000 No. Pr-1895. Information security refers to the state of protection of national interests in the information sphere, which are determined by the totality of balanced interests of the individual, society and the state.

develops the Concept of National Security of the Russian Federation, approved by the Decree of the President of the Russian Federation of December 17, 1997.

No. 1300 (as amended by Decree of the President of the Russian Federation of January 10, 2000 No. 24), in relation to the information sphere. The National Security Concept notes that the most important tasks of ensuring information security of the Russian Federation are:

implementation of constitutional rights and freedoms of citizens of the Russian Federation in the field of information activities;

infrastructure, integration of Russia into the global information space;

information sphere.

The importance of ensuring the information security of the state can be demonstrated by any examples of a negative nature observed in the process of deformation of the Russian economy; it is enough to just point to the default of 1998. Solving the problems of ensuring the security of the fight in the information sphere is not limited to protecting channels and government communications, information and other issues, which are usually considered when analyzing the totality of threats and the system of measures to ensure information security. Issues of information security in the economic sphere also include the security of information systems for managing industry, sectors (including the defense complex), enterprises, and banks.

represent information technology, a new direction in science has emerged - information security. The influence of threats in the information sphere is increasingly directed at the interests of the individual, society and the state. At the same time, there is an impact on the individual in order to reduce the activity of communications. There is an increasing information impact on the economic system, including the financial sector (for example, information attacks against national currencies and stock markets that swept across the world in the late 1990s), stock markets with the game of reducing the capitalization of enterprises, and then buying them up at a lower price combined with the dissemination of information to create a negative image of a competitor, etc.

Of particular danger are information threats to the state through the spread and introduction of the ideology of international terrorism and separatism.

The second paragraph - “Organizational and legal framework for ensuring information security” - provides an analysis of organizational decisions regulating the sphere of ensuring information security of the individual, society and state.

Organizational and legal support for information security, information security, and the creation and operation of organizational and legal support systems are: development of basic principles for classifying information of a confidential nature as protected information; determination of the system of bodies and officials responsible for ensuring information security in the country, and the procedure for regulating the activities of enterprises and organizations in this area; creation of a full range of legal guidelines and methodological materials (documents) regulating the issues of ensuring information security both in the country as a whole and at a specific facility; determination of measures of responsibility for violations of security rules and the procedure for resolving controversial and conflict situations on information security issues.

The legal aspects of organizational and legal support for information protection are understood as a set of laws and other regulatory legal acts with the help of which the following goals would be achieved: all information protection rules are mandatory for compliance by all persons related to confidential information; all measures of liability for violation of information protection rules are legitimized;

technical and mathematical solutions to issues of organizational and legal support for information protection are legitimized (acquiring legal force), as well as procedural procedures for resolving situations that arise during the functioning of the protection system are legitimized.

The development of a legislative framework for information security of any state is a necessary measure that satisfies the primary need for information protection when determining the socio-economic, political, and military directions of development of this state. Particular attention on the part of Western countries to the formation of such a database is caused by all crimes, which forces them to seriously address issues of information protection legislation. Thus, the first law in this area in the USA was adopted in 1906, and by now there are already more legislative acts on the protection of information, liability for its disclosure and computer crimes.

Legal support for information protection in the Russian Federation is being developed in three areas: protection of individual rights to privacy, protection of state interests and protection of business and financial activities.

The structure of the regulatory framework on information security issues of the Russian Federation includes: the Constitution of the Russian Federation, constitutional federal laws, federal laws, decrees of the Government of the Russian Federation; departmental regulations, GOSTs, guidance documents. Among the federal laws are:

informatization and information protection”, “On the legal protection of programs for electronic computers and databases”, “On participation in international information exchange”, “On communications”, “On trade secrets”, etc.

Chapter II. Threats to information security in activities In the second chapter factors, conditions and phenomena that are or may be sources of threats to information security in the activities of internal affairs bodies are analyzed.

crime" - is devoted to the study of the mechanisms of criminal influence, forecasting and assessment of criminal situations.

has led to the fact that modern society is highly dependent on the management of various processes through computer technology, electronic processing, storage, access and transmission of information. According to information from the Bureau of Special Technical Events of the Russian Ministry of Internal Affairs, more than 14 thousand crimes related to high technology were recorded last year, which is slightly higher than the year before. Analysis of the current situation shows that about 16% of criminals operating in the “computer” sphere of crime are young people under the age of 18, 58% are from 18 to 25 years old, and about 70% of them have higher or incomplete higher education .

Studies have shown that 52% of identified offenders had special training in the field of information technology, 97% were employees of government agencies and organizations using computers and information technology in their daily activities, 30% of them were directly related to the operation of computer equipment.

According to unofficial expert estimates, out of 100% of criminal cases initiated, about 30% go to trial and only 10-15% of defendants serve their sentences in prison. Most cases are reclassified or dropped due to insufficient evidence. The real state of affairs in the CIS countries is a matter of fantasy. Computer crimes are crimes with high latency, reflecting the existence in the country of a real situation in which a certain part of crime remains unaccounted for.

In the second paragraph - “Information terrorism: concept, legal qualification, means of counteraction” - a theoretical and legal analysis of the category “information terrorism” is carried out, the threats and methods of cyber terrorism are determined.

A serious danger to the entire world community is posed by the increasingly spreading technological terrorism, an integral part of which is information or cyber terrorism.

The targets of terrorists are computers and specialized systems created on their basis - banking, stock exchange, archiving, research, management, as well as means of communication - from satellites of direct television broadcasting and communications to radiotelephones and pagers.

The methods of information terrorism are completely different from traditional ones: not the physical destruction of people (or the threat thereof) and the liquidation of material assets, not the destruction of important strategic and economic objects, but large-scale disruption of financial and communication networks and systems, partial destruction of economic infrastructure and imposition on power structures of your own will.

The danger of information terrorism increases immeasurably in the context of globalization, when telecommunications acquire an exceptional role.

In the context of cyber terrorism, a possible model of terrorist influence will have a “three-stage” form: the first stage is the putting forward of political demands with the threat, if they are not met, to paralyze the entire economic system of the country (in any case, that part of it that uses computer technology in its work), the second is to carry out a demonstration attack on the information resources of a fairly large economic structure and paralyze its action, and the third is to repeat the demands in a more stringent form, relying on the effect of a demonstration of force.

A distinctive feature of information terrorism is its low cost and difficulty of detection. The Internet, which connected computer networks across the planet, changed the rules regarding modern weapons. The anonymity provided by the Internet allows a terrorist to become invisible and, as a result, practically invulnerable and not risk anything (primarily his life) when carrying out a criminal act.

The situation is aggravated by the fact that crimes in the information sphere, which include cyber terrorism, entail significantly less punishment than for “traditional” crimes.

terrorist acts. In accordance with the Criminal Code of the Russian Federation (Article 273), creating computer programs or making changes to existing ones, destroying, blocking, modifying or copying information, disrupting the operation of a computer, computer system or their network, as well as the use or distribution of such programs or computer media with such programs is punishable by imprisonment for a maximum of seven years.

For comparison, in the United States, laws punish unauthorized entry into computer networks with up to 20 years in prison.

terrorism is the creation of an effective system of interrelated measures to identify, prevent and suppress this type of activity. Various anti-terrorist bodies work to combat terrorism in all its manifestations. Developed countries of the world pay special attention to the fight against terrorism, considering it perhaps the main danger to society.

The third paragraph - “Information warfare: organizational and legal support for state counteraction to cyber crime” - discusses the concept, nature, means of conducting information warfare and ways to ensure effective information counteraction to crime.

Threats to the information security of the country, the sources of which are transnational communities, which in their totality and scale of impact cover the entire territory of the country and affect all spheres of society, necessitate the need to consider the struggle between organized crime and law enforcement agencies called upon to resist it, primarily internal affairs agencies, as an information one. a war, the main form of waging of which and its specific content is information warfare using information, computing and radio equipment, radio intelligence equipment, information and telecommunication systems, including space communication channels, geographic information systems and other information systems, complexes and means.

In the current state of crime, it is impossible to ensure information security in the activities of internal affairs bodies only through the use of protective equipment and mechanisms. In these conditions, it is necessary to conduct active offensive (combat) operations using offensive weapons in order to ensure superiority over crime in the information sphere.

The emergence and development of new large-scale phenomena in the life of the country and society, new threats to national security from the criminal world, which has modern information weapons at its disposal, and new conditions for the implementation of operational and official activities of internal affairs bodies, determined by the needs of waging information warfare against national and transnational basically organized crime, determine the need for appropriate legislative, state-legal regulation of relations in the field of information security of the state in general and internal affairs bodies in particular.

the implementation of law enforcement activities in the context of an information war against the criminal world is proposed, in particular:

Expand the range of powers of employees of internal affairs bodies in the Law of the Russian Federation “On the Police” in terms of special conditions for the use of information weapons in order to effectively combat organized crime in the event of direct threats to the information security of society and the state, as well as supplement the Concept of National Security of the Russian Federation and the Doctrine of Information Security Russian Federation regulations regarding the concept and conditions for the use of information weapons in the fight against cyber crime and cyber terrorism.

Chapter III. The main directions for improving the legal and organizational support for information security in the activities of internal affairs bodies; improving the legal regulation and organizational and managerial support for information security in the activities of internal affairs bodies.

The first paragraph - “State legal regulation in the field of combating computer crimes” - defines measures of passive and active counteraction to cyber crime.

The main measures of a state-legal nature to ensure information security, carried out, among other things, by internal affairs bodies, are proposed to include: the formation of a regime and security in order to exclude the possibility of secret penetration into the territory where information resources are located; determining methods of working with employees during the selection and placement of personnel; carrying out work with documents and documented information, including the development and use of documents and media of confidential information, their recording, execution, return, storage and destruction;

determining the procedure for using technical means of collecting, processing, accumulating and storing confidential information; creation of technology for analyzing internal and external threats to confidential information and developing measures to ensure its protection; implementation of systematic control over the work of personnel with confidential information, the procedure for recording, storing and destroying documents and technical media.

information security and the state information protection system allows us to highlight the most important powers of internal authorities; comprehensive protection of information resources, as well as the information and telecommunications structure of the state; prevention and resolution of offenses in the information sphere; protection of other important interests of the individual, society and state from external and internal threats.

The second paragraph - “Improving the regulatory framework for the protection of information of internal affairs bodies” - identifies directions and ways to improve legislation on the protection of information of internal affairs bodies.

The legal protection of information as a resource is recognized at the international and state levels. At the international level, it is determined by interstate treaties, conventions, declarations and is implemented by patents, copyright and licenses for their protection. At the state level, legal protection is regulated by state and departmental acts.

It is advisable to include the following as the main directions of development of Russian legislation in order to protect information of internal affairs bodies:

information infrastructure of internal affairs bodies to critically important ones and ensuring their information security, including the development of those objects used in the information infrastructure;

Improving the legislation on operational investigative activities in terms of creating the necessary conditions for conducting operational investigative activities in order to identify, prevent, suppress and solve computer crimes and crimes in the area of ​​the use by internal affairs bodies of information about the private life of citizens, information constituting personal, family, official and commercial secrets; clarifying the composition of operational-search activities;

Strengthening liability for crimes in the field of computer information and clarifying the elements of crimes taking into account the European Convention on Cyber ​​Crime;

Improving criminal procedural legislation in order to create conditions for law enforcement agencies to ensure the organization and implementation of prompt and effective counteraction to crime, carried out using information and telecommunication technologies to obtain the necessary evidence.

The third paragraph - “Organizational, managerial and legal mechanism for protecting information in the activities of internal affairs bodies: ways of further development” - discusses the main directions for improving the organizational and legal aspects of information protection in the activities of internal affairs bodies.

Organizational and managerial measures are a decisive link in the formation and implementation of comprehensive information protection in the activities of internal affairs bodies.

When processing or storing information, internal affairs bodies, as part of protection against unauthorized access, are recommended to carry out the following organizational measures: identifying confidential information and documenting it in the form of a list of information to be protected; determining the procedure for establishing the level of authority of the access subject, as well as the circle of persons to whom this right is granted;

establishment and execution of access control rules, i.e. a set of rules regulating the access rights of subjects to objects of protection;

familiarization of the subject of access with the list of protected information and his level of authority, as well as with organizational, administrative and working confidential information; obtaining from the access object a receipt of non-disclosure of confidential information entrusted to him.

In accordance with the Law of the Russian Federation “On the Police”, to national reference and information funds for operational and forensic accounting. These functions are carried out by the information and technical units of the services of the Ministry of Internal Affairs of Russia in cooperation with units of the criminal police, public security police, penitentiary institutions, other law enforcement agencies, government agencies and organizations in charge of public security issues, as well as law enforcement agencies (police) of other states.

Information interaction in the fight against crime is carried out within the framework of the laws of the Russian Federation “On operational investigative activities”, “On security”, “On accounting and accounting activities in law enforcement agencies”, current criminal and criminal procedural legislation, international agreements of the Ministry of Internal Affairs of Russia in the field of exchange information, Regulations on the Ministry of Internal Affairs of Russia, orders of the Minister of Internal Affairs of Russia.

Research has shown that the conceptual provisions for ensuring information security for law enforcement agencies should include requirements for the transition to a unified regulatory framework governing the use of information in the fight against crime. At the same time, in the system of the Ministry of Internal Affairs, instead of a large group of departmental acts, it is proposed to introduce three groups of regulatory documents on information support: sectoral, general use; sectoral, along service lines; regulatory and legal documentation of the local government level on local applied problems of information support of the territorial internal affairs body.

ways to further improve the mechanism for ensuring information security in the activities of internal affairs bodies are outlined.

1. Velichko M.Yu. Current issues in the fight against cybercrime:

legal aspects / M.Yu. Velichko // Legal world. - 2007. - No. 8. – P.87- (0.4 p.p.).

2. Velichko M.Yu. Information security in the activities of internal affairs bodies: Scientific. ed. / M.Yu. Velichko. - M.: Publishing house INION RAS, 2007. – 130 p. (8.125 p.l.).

security in the activities of internal affairs bodies (theoretical and legal aspect) / M.Yu. Velichko // Anti-money laundering:

Sat. scientific works - M.: RIO AEB Ministry of Internal Affairs of Russia, 2007. – P.132-136 (0.275 p.p.).

4. Velichko M.Yu. Computer crimes on the Internet / M.Yu.

Velichko // Current issues in the theory and practice of operational investigative activities of internal affairs bodies in the fight against economic crimes: Coll. scientific works - M.: RIO AEB Ministry of Internal Affairs of Russia, 2007. – P.220p.p.).

Institutional, economic and legal foundations of financial investigations in the fight against terrorism: Coll. scientific works - M.: RIO AEB Ministry of Internal Affairs of Russia, 2006. – P.205-218 (0.8 p.p.).

6. Velichko M.Yu. Possible threats to economic security during the informatization of society / M.Yu. Velichko // Problems of ensuring economic security, countering the shadow economy and undermining the economic foundations of terrorism: Coll. scientific report – M.: RIO AEB Ministry of Internal Affairs of Russia, 2005. – P.192-199 (0.45 p.p.).

Similar works:

“Obukhova Natalya Igorevna STATE POLICY AND REALITIES OF DEVELOPMENT OF HIGHER AND SECONDARY SPECIALTY EDUCATION IN UDMURTIA IN THE POST-WAR DECADE (1946-1956) Specialty 07.00.02 - domestic history ABSTRACT of the dissertation for the academic degree of a candidate historical sciences Izhevsk - 2003 Work carried out at the Institute for Advanced Training of Teachers Udmurt Republic Scientific supervisor: Doctor of Historical Sciences, Professor - K. A. Ponomarev Official..."

“FARRAHOVA Aigul Yurisovna PEDAGOGICAL CONDITIONS FOR ORGANIZING JOINT EDUCATIONAL ACTIVITIES FOR CHILDREN WITH DIFFERENT STATES OF PHYSICAL HEALTH 13.00.01 – general pedagogy, history of pedagogy and education ABSTRACT of the dissertation for the scientific degree of candidate of pedagogical sciences Izhevsk – 2004 The work was carried out at the state educational institution of higher professional education Bashkir State Medical University Scientific director...”

“Pozdeev Igor Leonidovich Problems of ethnic socialization (using the example of the Udmurt ethnos) Specialty - 07.00.07 - ethnography, ethnology, anthropology Abstract of the dissertation for the degree of candidate of historical sciences Izhevsk - 2005 The work was completed at the Udmurt Institute of History, Language and Literature of the Ural Branch of the Russian Academy Sciences Scientific supervisor: Doctor of Historical Sciences, Professor Galina Arkadyevna Nikitina Official opponents: Doctor...”

“Ibneeva Guzel Vazykhovna The formation of the imperial policy of Russia in the second half of the 18th century: the experience of political interaction between Catherine II and the imperial space Specialty 07.00.02 – Domestic history Abstract of the dissertation for the degree of Doctor of Historical Sciences Kazan - 2007 The work was completed at the Department of Russian History before the 20th century century of the State educational institution of higher professional education Kazan State..."

“TUMAKOV Denis Vasilievich CRIMINAL CRIME AND THE FIGHT AGAINST IT DURING THE GREAT PATRIOTIC WAR 1941-1945. (BASED ON MATERIALS OF THE YAROSLAV REGION) Specialty 07.00.02 – Domestic history ABSTRACT of the dissertation for the academic degree of Candidate of Historical Sciences Yaroslavl-2010 2 The dissertation was completed at the Department of Contemporary Domestic History of Yaroslavl State University. P.G. Demidova Doctor of Historical Sciences, Professor Scientific supervisor: Fedyuk...”

“historical research ABSTRACT of the dissertation for the degree of candidate of historical sciences Kazan 2006 The work was carried out at the Center for the History of Russian Feudalism of the Institute of Russian History of the Russian Academy of Sciences. Scientific supervisor: Doctor of Historical Sciences, V. n. With. Institute of Russian History RAS Bychkov..."

“Klimutina Anna Sergeevna POETICS OF ANATOLY KOROLEV’S PROSE: TEXT AND REALITY Specialty 10.01.01 – Russian literature Abstract of the dissertation for the degree of candidate of philological sciences Tomsk - 2009 The work was completed at the Department of History of Russian Literature of the 20th Century, Tomsk State University. Scientific supervisor: Candidate of Philological Sciences, Associate Professor Tatyana Leonidovna Rybalchenko Official opponents: Doctor of Philological Sciences, Professor...”

“VODKIN MIKHAIL YURIEVICH Problems of reception of Roman property law in European codifications of the 19th-20th centuries. Specialty: 12.00.01 - Theory and history of law and state; history of doctrines about law and state Abstract of a dissertation for the degree of candidate of legal sciences Kazan, 2007 The work was carried out at the Department of Theory and History of State and Law of the Municipal Educational Institution Nayanova University, Samara. Scientific supervisor: doctor...”

“Gumirova Nadezhda Mikhailovna Organizational and pedagogical conditions for the formation of readiness of college students for correctional work in preschool educational institutions Specialty 13.00.01 General pedagogy, history of pedagogy and education Abstract of the dissertation for the degree of candidate of pedagogical sciences Tomsk - 2008 4 The work was completed at the Institution of the RAO Institute of Development educational systems Scientific supervisor: Doctor of Pedagogical Sciences,...”

“TUKTAROVA Roza Ibragimovna PEDAGOGICAL CONDITIONS FOR HUMANIZATION OF THE LIFE-PEDAGOGICAL EDUCATIONAL SPACE OF FUTURE FIRST-GRADE STUDENTS 13.00.01 – general pedagogy, history of pedagogy and education ABSTRACT of the dissertation for the scientific degree of candidate of pedagogical sciences Izhevsk 200 4 The work was carried out at the state educational institution of higher professional education Bashkir State Pedagogical University candidate pedagogical sciences,...”

“MAXIMOVA SVETLANA NIKOLAEVNA DEVELOPMENT TRENDS OF TEACHING ANCIENT LANGUAGES IN THE RUSSIAN CLASSICAL GYMNASIUM XIX - EARLY XX CENTURIES 13.00.01 - general pedagogy, history of pedagogy and education ABSTRACT of the dissertation for the degree of candidate of pedagogical sciences Izhevsk 2002 The work was carried out at the Department of Pedagogy and Educational Psychology of the Udmurt State university. Scientific supervisor: Candidate of Pedagogical Sciences, Associate Professor Kondratyeva Marina...”

“Abstract of the dissertation for the degree of candidate of legal sciences Kazan - 2007 2 The work was completed at the Department of Theory and History of State and Law of the State Educational Institution of Higher Professional Education Kazan State University. IN AND. Ulyanova-Lenina Scientific supervisor:...”

“Bayazitova Rozalia Rafkatovna Traditional etiquette in a Bashkir family Specialty 07.00.07 - ethnography, ethnology, anthropology Abstract of the dissertation for the degree of candidate of historical sciences Izhevsk - 2006 The work was carried out in the Department of Ethnography and Anthropology of the Order of the Badge of Honor of the Institute of History, Language and Literature of the Ufa Scientific Center Russian Academy of Sciences Scientific supervisor – Candidate of Historical Sciences, Honored Worker of Culture of the Republic...”

“Markunin Roman Sergeevich LEGAL RESPONSIBILITY OF DEPUTY AND REPRESENTATIVE AUTHORITY: GENERAL THEORETICAL ASPECT 12.00.01 - theory and history of law and state; history of doctrines about law and state ABSTRACT of the dissertation for the degree of candidate of legal sciences Saratov - 2013 2 The work was completed at the Federal State Budgetary Educational Institution of Higher Professional Education Saratov State Law Academy...”

“Kalachikova Olga Nikolaevna MANAGERIAL SUPPORT OF EDUCATIONAL INNOVATIONS IN THE ACTIVITIES OF TEACHERS OF GENERAL EDUCATION SCHOOL 13.00.01 – general pedagogy, history of pedagogy and education Abstract of the dissertation for the academic degree of candidate of pedagogical sciences Tomsk 2009 The work was completed at the Department of Educational Management of the State Educational Institution of Higher Professional Education Tomsk State University Doctor of Pedagogical Sciences, Professor Scientific supervisor Galina Nikolaevna Prozumentova Doctor...”

“SALIMOVA SULPAN MIDKHATOVNA Implementation of the principle of natural conformity in the preparation of a future teacher 13.00.01 - general pedagogy, history of pedagogy and education ABSTRACT of the dissertation for the degree of candidate of pedagogical sciences Izhevsk - 2005 The work was carried out at the state educational institution of higher professional education of the Sterlitamak State Pedagogical Academy Scientific supervisor: Doctor of Pedagogical Sciences, Professor Kozlova..."

“Zolotareva Natalya Vladimirovna THE PHENOMENON OF ANTHROPOMORPHISATION IN THE TRADITIONAL CULTURE OF THE OB UGRICS (XVIII – XX centuries) Specialty 07.00.07 – Ethnography, ethnology and anthropology ABSTRACT of the dissertation for the degree of candidate of historical sciences Tomsk 2012 The work was completed at the department of museology, cultural and natural heritage of the Federal State budgetary educational institution of higher professional education National Research..."

“Strelkova Irina Vitalievna Formation of philological culture of students in educational activities 13.00.01 - general pedagogy, history of pedagogy and education ABSTRACT of the dissertation for the academic degree of candidate of pedagogical sciences Izhevsk 2004 The work was completed at the State Educational Institution of Higher Professional Education Udmurt State University Scientific supervisor: Doctor of Pedagogical Sciences, Professor A .N. Utekhina Official opponents: Doctor of Pedagogical Sciences, Professor M.A. Kondratieva;..."

"historical research ABSTRACT of the dissertation for the degree of candidate of historical sciences KAZAN - 2006 2 The work was carried out at the Department of Russian History up to the 20th Century, Faculty of History, State Educational Institution of Higher Professional Education, Kazan State..."

“Strelnikova Anna Borisovna F. SOLOGUB – TRANSLATOR OF P. VERLENA’S POETRY Specialty: 01/10/01 – Russian literature Abstract of the dissertation for the academic degree of candidate of philological sciences Tomsk - 2007 The work was completed at the Department of the History of Russian Literature of the 20th Century, Faculty of Philology, State Educational Institution of Higher Professional Education, Tomsk State University, Candidate Philological Sciences, Associate Professor Scientific supervisor: Zinaida Anatolyevna Chubrakova Official opponents: Doctor of Philology...”

BBK73

Lapin, V.V.

Fundamentals of information security in police departments: a course of lectures / V. V. Lapin. - M.: Moscow University of the Ministry of Internal Affairs of Russia, 2009. - 164 p. - ISBN 978-5-9694-0267-6.

The course of lectures on the discipline “Fundamentals of Information Security” contains basic definitions and concepts, classification and description of technical channels of information leakage and methods of preventing leakage, methods of combating unauthorized access, methods of protecting information from network threats and some other issues on the stated topic.

Designed for cadets, students and students of the Moscow University of the Ministry of Internal Affairs of Russia.

BBK 73ISBN 978-5-9694-0267-6

© Moscow University of the Ministry of Internal Affairs of Russia, 2009 V. V. Lapin, 2009

INTRODUCTION

The course of lectures “Fundamentals of information security of internal affairs bodies” was prepared at the Moscow University of the Ministry of Internal Affairs of Russia for conducting classes in the academic discipline of the same name in the specialties: 030501.65 - “Jurisprudence”, 030502.65 - “Forensic Expertise” and 030505.65 - “Law Enforcement”. The course of lectures is written in accordance with the sample and working curriculum.

Lecture 1 is devoted to the basic concepts of information security, classification of threats and sources of threats to information security. The fundamentals of state policy in the field of information security are considered. Russia's national interests in the information sphere are formulated and its structure is shown. Particular attention is paid to the classification of issues of ensuring information security in national information and telecommunication systems (including in the internal affairs department). The most important components of interests in the information sphere and the main threats to the information security of internal affairs bodies are considered.

Lecture 2 gives general information security provisions. Information subject to special protection is classified. An integrated approach to information protection is considered. The articles of the Criminal Code of the Russian Federation and the Code of the Russian Federation on Administrative Offenses, which provide for penalties for information and computer crimes, are analyzed. Particular attention is paid to issues of ensuring information security in the context of operational investigative activities by police officers.

Lecture 3 is devoted to the issues of information leakage and the study of technical channels of information leakage, which discusses the basic concepts, classification of technical channels and methods for preventing information leakage through electromagnetic, acoustic, visual-optical, electrical and material channels. A general description of technical means of unauthorized acquisition of information and technologies for their application is given. The main directions of engineering and technical protection of information from leakage are given.

Lecture 4 is devoted to the protection of information processes in computer systems, which explains the basic concepts and provisions of information protection in computer systems (CS). The main threats to information security in the CS are given, the main methods and means of unauthorized access to information are considered. Methods for protecting information in a CS are discussed. Methods of cryptographic protection are analyzed. Malicious programs and methods to combat them are classified.

Information security in telecommunication systems is described in Lecture 5. It discusses security threats to modern computer networks. The concepts, definitions and issues of risk management are analyzed. Research materials on hackers are provided. The results of five lectures on ensuring information security are summed up. Firewalls and intrusion detection systems are considered.

Thank you for visitinghttp :// Ndki . people . ru

Egoryshev A.S. The problem of information security in the activities of internal affairs bodies. / Social reform in the Russian Federation and the Republic of Bashkortostan and problems of the shadow economy and national security (Proceedings of the Russian Scientific Conference) - Moscow-Ufa, 1997. - P. 102 - 106.

Egoryshev A.S.– student of the Ufa Law Institute of the Ministry of Internal Affairs of the Russian Federation

The problem of information security in the activities of internal affairs bodies.

Modern Russian crime is becoming more and more professional. As an indicator of the professionalism of the criminal world, one can name the emergence of a form of crime that was not previously so widespread in Russia as computer crime. Its modern scale is such that it requires the most active work to protect information from electronic pirates.

Conversion costs caused an outflow of brains from many previously elite spheres of science and production. For example, Russian electronics engineers are considered the most experienced in the field of computer crime. About 100 thousand people work constantly for computer crime in the republics of the former USSR and another 3 million people work from time to time. Moscow, St. Petersburg, Ukraine and the Urals are considered centers of computer crime. Russian computer crime is a growing concern abroad, because as a result of skillful computer fraud carried out by Russian electronic pirates, foreign banks are losing large sums of money disappearing in an unknown direction.

Computer crime has become a real scourge of the economies of developed countries. For example, 90% of firms and organizations in the UK at various times became targets of electronic piracy or found

Under its threat, in the Netherlands 20% of various types of enterprises became victims of computer crime. In Germany, 4 billion marks are stolen annually using computers, and in France - 1 billion francs. Experts note a high level of latency for this type of crime, because in 85% of cases, the facts of software piracy are not disclosed.

The situation is aggravated by the fact that law enforcement agencies themselves are also becoming the object of attention of criminals armed with modern computer technology. Therefore, today the task of protecting their own information has become very relevant for internal affairs bodies.

Information security is the protection of information and supporting infrastructure from accidental or intentional impacts of a natural or artificial nature that could cause damage to owners or users of information and supporting infrastructure.

The problem of information security, especially for internal affairs agencies, is of greatest interest today. The fight against computer crime is one of the most important tasks of law enforcement agencies against the backdrop of the enormous development of information systems, local and global networks.

The problem of ensuring information security is complex in nature, the solution of which requires a combination of legislative, organizational and software and technical measures.

Timely and effective improvement of legislation is necessary, because The current legislative framework in this area lags significantly behind practical needs.

There is a huge shortage of highly qualified personnel in the police department. This problem, in our opinion, can be solved in the following ways:

in connection with a significant reduction in the personnel of the armed forces of the Russian Federation, among whom there are many good specialists in the field of computer work, it is possible for them to be involved in work in law enforcement agencies;

the introduction of special courses on initial and professional training for working on personal computers, the introduction into the curriculum of the course "Information security and the use of information technologies in the fight against crime", approved by the Main Personnel Directorate of the Ministry of Internal Affairs of Russia on June 1, 1997 in educational institutions of higher professional education of the Ministry of Internal Affairs of Russia in specialties: Jurisprudence (specialization "Information Security");

it is necessary to improve the financing of organizations and institutions that are part of the Russian Ministry of Internal Affairs for the purchase of good equipment and modern software, because the material base of the Ministry of Internal Affairs of the Russian Federation in the field of information security is currently at an insufficient level;

It seems possible to raise the issue of improving the training process for police officers specializing in work in the field of information security.

For this purpose, in our opinion, a differential training system is necessary, because solid training in the field of computer science cannot be obtained within the framework of a traditional higher educational institution of the Ministry of Internal Affairs of the Russian Federation;

To maintain the information security regime, software and hardware measures are most important, since it is known that the main threat to computer systems comes from themselves, which can be expressed in software errors, hardware failures, unsatisfactory work of employees, as well as heads of organizations and institutions related to ATS system.

V.A. Galatenko identifies the following key security mechanisms: identification and authentication, access control, logging and auditing, cryptography and shielding, the effective use of which requires advanced analysis of possible threats.

Information security cannot be ensured without a strict distribution of functions for users, administrators of local networks and servers, as well as heads of internal affairs agencies.

Moreover, the responsibilities and functions of the listed groups of police officers must be developed and approved in advance, depending on the goals they will be aimed at achieving. There are several typical functions inherent to employees of any department or department of internal affairs affairs:

Heads of departments are responsible for communicating the approved provisions and principles of the security policy to users and administrators of local networks and servers, and for contacts with them informing about changes in the status of each subordinate (dismissal from internal affairs bodies, appointment to another position, etc.)

This function is most important due to the fact that an employee dismissed for any reason may represent the most significant

danger to the department or department where he worked.

The problem of an “offended” employee has always existed and will continue to exist. Knowing the basic principles of the system’s functioning, he can, guided by negative motives, try to delete, change, or correct any data. Therefore, it is necessary to ensure that upon dismissal of an employee, his access rights to information resources are revoked. Examples of this problem include foreign films, the plot of which is based on real events of our day;

It is also impossible to put into the background the problem of tolerance, i.e. problem of the relationship between goals and means. Indeed, the cost of acquiring comprehensive protection measures should not exceed the cost of possible damage.

Local network administrators must ensure the smooth functioning of the network, responsible for the implementation of technical measures, the effective use of security measures, thereby ensuring the security policy.

Server administrators are responsible for the servers assigned to them and ensure that the mechanisms used to ensure information confidentiality comply with the general principles of security policy.

Users are required to work with the local network, guided by the security policy, follow the orders and instructions of employees responsible for certain aspects of information security, and immediately report to management about all suspicious situations.

Of particular interest, in our opinion, from the point of view of compliance with information security, is the status of users of personal computers. The fact is that a significant part of information losses occurs due to accidental and intentional errors of employees working in information technology. Due to their possible negligence and negligence, they can enter deliberately incorrect data, miss errors in the software, thereby creating a gap in the security system. All this makes us think that the internal threat emanating directly from users of personal

computers are more significant and dangerous than external influences.

In conclusion, it is necessary to recall that maintaining information security is the task not of an individual country, but of all humanity, since the highly developed computer crime of our days has long reached the global level. Therefore, an effective fight against it is only possible with close cooperation between law enforcement agencies from around the world. It is necessary to build a joint set of measures and means, recruit and train highly qualified personnel, and develop in detail the basic principles of security policy, without which normal development is impossible

information communications.

Literature:

4. Selivanov N. Problems of combating computer crime // Legality, 1993. – No. 8. – P. 36.

5. Galatenko V. Information security. // Open Systems, 1996. – No. 1. – P 38.

6. Federal Law "On Information, Informatization and Information Protection". // Russian newspaper, 1995. February 22.

7. President of the Russian Federation. Decree of April 3, 1995 No. 334 “On measures to comply with the law in the field of development, production, sale and operation of encryption tools, as well as the provision of services in the field of information encryption.” information materials and provisions contained... Ensuring security during the election period in Russia: Sat. articles "Current Problems modern...

Information bulletin “Activities of deputies of the A Just Russia faction” September 22-28, 2014

News bulletin

The main thing is to get as close as possible activity organs internal affairs to the population, making the main... weapons, ensuring joint security, problems energy. This... Duma informational politics, informational technology and communications...

Report

Rights and administrative activities organs internal affairs State legal disciplines Civil legal disciplines Informational-legal disciplines...

Information bulletin Krasnoyarsk region: local government No. 16 (104) (October 2013

News bulletin

... "Today is the main problem- lack of federal... public control over activities organs internal affairs. In particular... some security issues security traffic in...government; development informational society. For...

480 rub. | 150 UAH | $7.5 ", MOUSEOFF, FGCOLOR, "#FFFFCC",BGCOLOR, "#393939");" onMouseOut="return nd();"> Dissertation - 480 RUR, delivery 10 minutes, around the clock, seven days a week and holidays

240 rub. | 75 UAH | $3.75 ", MOUSEOFF, FGCOLOR, "#FFFFCC",BGCOLOR, "#393939");" onMouseOut="return nd();"> Abstract - 240 rubles, delivery 1-3 hours, from 10-19 (Moscow time), except Sunday

Fisun Yulia Alexandrovna. State legal foundations of information security in internal affairs bodies: Dis. ...cand. legal Sciences: 12.00.02: Moscow, 2001 213 p. RSL OD, 61:01-12/635-2

Introduction

Chapter I. Concept and legal basis of information security . 14

1. The concept and essence of information security 14

2. Main directions of the state’s activities to ensure information security 35

3. Main directions of formation of legislation in the field of information security 55

Chapter II. Organizational foundations of information security in internal affairs bodies 89

1. Organization of activities of internal affairs bodies to ensure information security 89

2. Forms and methods of ensuring information security in internal affairs bodies

Conclusion 161

References 166

Applications 192

Introduction to the work

Relevance of the research topic. Informatization of the law enforcement sphere, based on the rapid development of information systems, is accompanied by a significant increase in attacks on information both from foreign states and from criminal structures and citizens. One of the features of the informatization process is the formation and use of information resources that have the appropriate properties of reliability, timeliness, relevance, among which their security is important. This, in turn, involves the development of secure information technologies, which should be based on the priority nature of solving problems of ensuring information security. It should be noted that the lag in solving these problems can significantly reduce the pace of informatization of the law enforcement sphere.

Thus, one of the primary tasks facing internal affairs bodies is to resolve the contradictions between the actually existing and necessary quality of protecting their information interests (needs), i.e., ensuring their information security.

The problem of ensuring information security in internal affairs bodies is inextricably linked with the activities of the state in the information sphere, which also includes the field of information security. Over the last period, a large number of regulatory legal acts on information legislation have been adopted. Only a few of them relate to the field of information security and at the same time relate only to general security provisions (for example, the Law of the Russian Federation “On Security”). The very definition of “information security” first appeared in the Federal Law “On Participation in International Information Exchange”. The Federal Law “On Information, Informatization and Information Protection” also speaks about the protection of information, but without defining the concept of information protection. Due to the lack of concepts of types of information, it is not entirely clear what information should be protected.

The National Security Concept adopted in the new edition, the priority task of which is not only the solution of issues of state security, but also its components, is focused primarily on the fight against terrorism. Unfortunately, issues related to information security only affect threats in the information sphere. Nothing is said at all about the role of the Ministry of Internal Affairs as a security entity.

The relevance of the chosen topic is emphasized by the act of adoption of the Information Security Doctrine of the Russian Federation (RF), which for the first time introduced the definition of information security of the Russian Federation, threats to information security, methods of ensuring information security of the Russian Federation, etc.

As for the issues of information security in internal affairs bodies, in the legal literature they are mainly reduced to general provisions: threats to security are listed and some methods of ensuring it are named that are characteristic of the entire law enforcement sphere. The organizational and legal aspects of ensuring information security of internal affairs bodies within the framework of the proposed concept of information security are not fully considered.

Taking into account the above, it is proposed to introduce the concept of information security of internal affairs bodies. Information security of internal affairs bodies is a state of security of the information environment that corresponds to the interests of internal affairs bodies, which ensures their formation, use and development opportunities, regardless of the impact of internal and external information threats. At the same time, taking into account the well-known definitions of a threat, an information threat will be understood as a set of conditions and factors that create a danger to the information environment and the interests of internal affairs bodies.

Thus, the relevance of legal regulation of information security in the activities of internal affairs bodies is beyond doubt. To achieve the proper level of regulatory support for information security, it is necessary to determine its subject areas, regulate the relations of the subjects of support, taking into account the characteristics of the main objects of information security. Therefore, according to the dissertation author, a comprehensive study is needed not only of the legal regulation of information security at the level of ministries and departments, but also a study of the state and development of the regulatory framework in the field of information security.

The degree of development of the research topic. The author's analysis of the research results of scientists allows us to state that the problems of legal regulation of information relations, ensuring information security and its components are relevant for legal science and practice and require further development." A significant number of publications are devoted to particular problems and issues of legal regulation of relations in the information sphere, in the field of information security, ensuring the security of information, which involves its protection from theft, loss, unauthorized access, copying, modification, blocking, etc., considered within the framework of the emerging legal institution of secrecy, domestic scientists and specialists have made a great contribution to the development of this area: A. B. Agapov, V. I. Bulavin, Yu. M. Baturin, S. A. Volkov, V. A. Gerasimenko, V. Yu. Gaikovich, I. N. Glebov, G. V. Grachev, S. N. Grinyaev, G. V. Emelyanov, V. A. Kopylov, A. P. Kurilo, V. N. Lopatin, A. A. Malyuk, A. S. Prudnikov, S. V. Rybak, A. A. Streltsov, A. A. Fatyanov, A. P. Fisun, V. D. Tsigankov, D. S. Chereshkin, A. A. Shiversky and others1.

During the dissertation research, the latest achievements of natural, socio-economic and technical sciences, historical and modern experience in ensuring information security of the individual, society and state were widely used; materials of various scientific periodicals, scientific, scientific and practical conferences and seminars, works of scientists in the field of theory of law and state, monographic studies in the field of law, information legislation, comprehensive information protection and information security.

Object and subject of research. The object of the study is the current and emerging systems of social relations that have developed in the information sphere and the field of information security.

The subject of the study is international legal acts, the content of the Constitution of the Russian Federation, the norms of domestic legislation regulating relations in the field of ensuring information security of the individual, society and the state, as well as the content of legal norms regulating the activities of internal affairs bodies to ensure information security.

Goals and objectives of the study. Based on the analysis and systematization of current legislation in the information sphere and information security, the dissertation candidate developed the fundamentals and introduced scientific and methodological recommendations for the use of legal and organizational tools for ensuring information security both in the activities of internal affairs bodies and in the educational process.

As part of achieving this goal, the following theoretical and scientific-practical tasks were set and solved: basic concepts, types, content of information as an object of ensuring information security and legal relations were analyzed and clarified;

2) existing directions and proposals for the formation of the legal and organizational foundations of information security were systematized, directions for improving the legislative framework in the field of ensuring information security, including in internal affairs bodies, were identified and clarified;

3) regulatory legal acts have been systematized and the structure of the current legislation in the information sphere has been formed;

4) the content of the organizational basis for the activities of internal affairs bodies to ensure information security has been determined;

5) organizational and legal aspects of the information security system and its structure in the activities of internal affairs bodies have been identified;

6) analyzed and selected forms and methods of ensuring information security in internal affairs bodies within the framework of legal regulation of their application and development.

The methodological basis of the dissertation research is made up of universal philosophical methods and principles of materialist dialectics; general scientific methods of comparison, generalization, induction; private scientific methods: system-structural, system-activity, formal-legal, comparative-legal and other research methods.

The regulatory framework for the study is the Constitution of the Russian Federation, regulatory legal acts of the Russian Federation, including international legislation, norms of various branches of law, departmental regulations.

The scientific novelty of dissertation research is:

In the study of the problem of development of the legal and organizational foundations for ensuring information security in internal affairs bodies from the standpoint of the advanced development of the needs of practice and the formation of the information sphere in the context of the widespread introduction of new information technologies and increasing information threats;

Understanding the place and role of constitutional law in the life of Russian society, as well as the further prospects for its development, within the framework of state policy to ensure information security;

Clarifying the system of state legislation in the field of information security;

Implementation of systematization of regulatory legal acts in the field of information security and formation of the structure of legislation in the field of information security of the individual, society, state, including internal affairs bodies;

Development of proposals to improve legislation in the field of information security;

Development of organizational and legal components of the information security system in internal affairs bodies;

Development of scientific and methodological recommendations for the use of legal and organizational training tools for ensuring information security in internal affairs bodies and in the educational process when training specialists in the legal foundations of information security.

Main provisions submitted for defense:

1. Definition of the conceptual apparatus on the legal basis of the current legislation in the field of information security, including the concept of information security, which allows us to form an idea of ​​information as an object of ensuring information security and legal relations, as well as to formulate security threats.

Information security of internal affairs bodies is a state of security of the information environment that corresponds to the interests of internal affairs bodies, which ensures their formation, use and development opportunities, regardless of the impact of internal and external threats.

2. The problem of ensuring information security at the state level requires a deeper theoretical and practical understanding of the place and role of constitutional law in the life of Russian society, as well as the further prospects for its development within the following areas:

Improving the constitutional legislation "On state states and regimes", in particular in the field of information security, and improving on this basis the legislation of the constituent entities of the Russian Federation in this area;

Priority implementation of the constitutional rights of citizens in the information sphere;

Implementation of a unified state policy in the field of information security, ensuring an optimal balance of interests of subjects in the information sphere and eliminating gaps in constitutional legislation.

3. Proposals to clarify the main directions of the state’s activities in the formation of legislation in the information sphere, including the field of information security, which represent ways to improve the regulatory framework of information legislation and make it possible to determine the legal basis for the activities of internal affairs bodies in the field of information security. They come from a set of balanced interests of the individual, society and the state in the economic, social, domestic political, international, information and other spheres. The following areas are prioritized:

To respect the interests of the individual in the information sphere;

Improving legal mechanisms for regulating public relations in the information sphere;

Protection of national spiritual values, moral standards and public morality.

4. It is proposed to improve the structure of legislation in the field of information security, which is a system of interconnected elements, including a set of regulatory and departmental acts, which makes it possible to visualize the many relations in the information sphere and the field of information security, and the complexity of their regulation.

5. Organizational and legal components of the system for ensuring information security in internal affairs bodies, including the content of the organization of their activities (from the perspective of its legal regulation), represented by the structure of necessary and interrelated elements and including:

Subjects of ensuring the security of the Russian Federation;

Information security objects of internal affairs bodies;

Organization of activities of internal affairs bodies;

Forms, methods and means of ensuring information security.

6. The content of organizing the activities of internal affairs bodies to ensure information security (from the point of view of its legal regulation), which is a purposeful continuous process in terms of analysis, development, implementation of legal, organizational, technical and other activities related to the field of information security, and also ensuring the rights and legitimate interests of citizens.

The practical significance of the dissertation research is:

In the use of proposals in the development of new regulations and improvement of current legislation in the information sphere of activity of public authorities of the constituent entities of the Russian Federation, departments, ministries;

Increasing the efficiency of the activities of internal affairs bodies to ensure information security;

Improving the training of specialists in the system of higher professional education, improving the qualifications of specialists in the field of integrated information security and legal regulation of information security in the interests of various ministries and departments based on the development of a version of educational and methodological support;

Development of scientific and methodological recommendations for the use of legal and organizational training tools for information security in the educational process, allowing to ensure the necessary level of training of specialists in the legal foundations of information security.

Approbation, implementation of research results and publications.

Theoretical provisions, conclusions, proposals and practical recommendations set out in this study were reported and discussed at the 8th and 9th International Conferences at the Academy of Management of the Ministry of Internal Affairs

Russia "Informatization of law enforcement systems" (Moscow, 1999-2000), Interuniversity regional conference "University Declaration of Human Rights: problems of improving Russian legislation and the practice of its application" at the Academy of Management of the Ministry of Internal Affairs of Russia (Moscow, 1999) , scientific seminar "Problems of federalism in the development of Russian statehood" and the International scientific and practical conference "Law enforcement in transport: results and prospects", held on the basis of the Orel Law Institute of the Ministry of Internal Affairs of Russia (Orel, 1999). Based on the results of the study, eight scientific papers with a total volume of 8 printed pages were published.

The structure and volume of the dissertation are determined by the logic of the research and consist of an introduction, two chapters, a conclusion, a list of references and an appendix.

The concept and essence of information security

An integral part of the subject of science and scientific research, including the developing scientific direction of information protection and legal regulation of information security, is its conceptual apparatus. Naturally, one of the central concepts in this subject area is the concept of “information”1, which can be classified as abstract categories and primary concepts. Analysis of the above concept gives an idea of ​​its understanding in a system-wide, philosophical sense (information is a reflection of the material world) and to the narrowest, technocratic and pragmatic sense (information is all information that is the object of storage, transmission and transformation).

In a number of works, information is understood as certain properties of matter perceived by the control system both from the surrounding external material world and from processes occurring in the system itself. There is a view that identifies the concepts of “information” and “message”, in which information is defined as an essential part of the message for the recipient, and the message is defined as a material carrier of information, one of the specific elements of a finite or infinite set transmitted over a communication channel and perceived at the receiving end of the system communication with some recipient.

We can to some extent turn to the well-known content of the concept of “information”, defined by R. Shannon, where information is the amount of the unpredictable contained in a message. Quantity is a measure of the newness that a given message introduces into the sphere surrounding the recipient.

The Federal Law “On Information, Informatization and Information Protection” provides a fairly generalized definition of this concept and its derivatives. Thus, information is presented as information about objects, objects, phenomena, processes, regardless of the form of their presentation. This generic concept of information is also used to form its derivative definitions used in other regulatory legal acts1. Let's look at some of them in more detail.

Documented information (documents) is information recorded on a tangible medium with details that allow it to be identified.

Confidential information is documented information, access to which is limited in accordance with the law.

Mass information - printed, audio messages, audiovisual and other messages and materials intended for an unlimited number of people.

Information resources - individual documents and individual arrays of documents, documents and arrays of documents in information systems (libraries, archives, funds, data banks, other types of information systems).

Information products (products) - documented information prepared in accordance with user needs and intended or used to meet user needs.

State secret is information protected by the state in the field of its military, foreign policy, economic, intelligence, counterintelligence and operational investigative activities, the dissemination of which could harm the security of the Russian Federation.

Computer information is information on a machine medium, in a computer, a computer system or their network."

Article 128 of the Civil Code defines information as an object of civil legal relations. When analyzing information from these positions, it is necessary to pay attention to the aspect related to the legal protection of information as an object of property rights5. This approach to information is explained by the fact that, on the one hand, the historical and traditional object of property rights is a material object, on the other hand, information, not being a material object of the surrounding world, is inextricably linked with a material carrier: this is the human brain or material carriers alienated from humans (book, floppy disk, etc.)

Considering information as a reflection of reality by an object in the surrounding world, we can talk about information as an abstract substance that exists on its own, but for us neither storage nor transmission of information without a material carrier is possible. It is known that information, on the one hand, as an object of property rights, can be copied (replicated) using a material medium1, on the other hand, as an object of property rights, it is easily moved from one to the next subject of property rights without an obvious (noticeable) violation of the property rights to information. But the movement of a material object of property rights is inevitable and, as a rule, entails the loss of this object by the original subject of property rights. In this case, there is an obvious violation of his property rights. It should be noted that a violation of this right occurs only in the case of unlawful movement of a particular material object1. The danger of copying and moving information is aggravated by the fact that it is usually alienated from the owner, i.e., it is stored and processed within the reach of a large number of entities that are not subjects of ownership of this information. This includes, for example, automated systems, including networks. A complex system of relationships between subjects of property rights arises, which determines the methods of their implementation, and, consequently, the directions for the formation of a system of legal protection that ensure the prevention of violations of property rights to information.

Having analyzed the features of information as an object of property rights, we can conclude that otherwise information is no different from traditional objects of property rights. The analysis of the content of information, including as an object of law, made it possible to identify its main types that are subject to legal protection (Appendix 1): - information classified as state secret by authorized bodies on the basis of the Law of the Russian Federation “On State Secrets”; - confidential documented information - of the owner of information resources or an authorized person on the basis of the Federal Law "On Information, Informatization and Information Protection"; - Personal Information.

The main directions of government activity to ensure information security

The trends in constitutional development are such that they focus attention on the problem of the nature of constitutional legislation. Along with the currently pressing issues of the priority of human rights and freedoms of civil society, government and its organization, the problem of “state regimes and states” comes to the forefront - ensuring security (information security as an integral part), defense, state of emergency, etc. 1

The need for constitutional regulation of information security is obvious. After all, information security of an individual is nothing more than the protection of constitutional rights and freedoms of a person. And one of the directions of state policy in the field of information security is the observance and implementation of the constitutional rights of man and citizen in the area under consideration. Firstly, according to the Law of the Russian Federation “On Security”, security is achieved by implementing a unified state policy in the field of security. It is obvious that information security is achieved by implementing state policy in the field of ensuring information security of the Russian Federation. This policy, in turn, determines the main directions of state activity in the area under discussion and deserves some attention.

Secondly, the relevance of the study of the main directions of state activity in the area under consideration is determined by the following: - the need to develop and improve constitutional legislation, ensuring an optimal combination of the priorities of the interests of the individual, departments and the state as a whole within the framework of one of the areas of ensuring information security; - improving the state’s activities in implementing its functions of ensuring the security of all subjects of information relations; - the need of citizens to protect their interests in the information sphere; - the need to form a unified legal field in the field of information relations. The development of state policy in the field of information security is reflected in the consistent development and development of the National Security Concept of the Russian Federation. Its features are the following provisions: - not a single sphere of life in modern society can function without a developed information structure; - the national information resource is currently one of the main sources of economic and military power of the state; - penetrating into all spheres of state activity, information acquires specific political, material and cost expressions; - issues of ensuring information security of the Russian Federation as an integral element of its national security are becoming increasingly relevant, and information protection is becoming one of the priority government tasks; - the system of national interests of Russia in the field of economics, social, domestic political, international, information spheres, in the field of military, border and environmental security is determined by the totality of balanced interests of the individual, society and the state; - the state policy of ensuring information security of the Russian Federation determines the main directions of activity of federal government bodies and government bodies of constituent entities of the Russian Federation in this area. The concept also defines Russia's national interests in the information sphere,1 which are aimed at concentrating the efforts of society and the state in solving the following tasks: - respect for the constitutional rights and freedoms of citizens in the field of obtaining information and exchanging it; - protection of national spiritual values, promotion of national cultural heritage, moral standards and public morality; - ensuring the right of citizens to receive reliable information; - development of modern telecommunication technologies.

The systematic activities of the state to implement these tasks will allow the Russian Federation to become one of the centers of global development and the formation of an information society that provides for the needs of the individual, society, and the state in the information sphere, including their protection from the destructive effects of information to manipulate mass consciousness, as well as the necessary protection state information resource from leakage of important political, economic, scientific, technical and military information.

Taking into account the above provisions, the following principles can be identified on which the state policy of ensuring information security of the Russian Federation should be based:

Compliance with the Constitution of the Russian Federation, the legislation of the Russian Federation, generally recognized norms of international law when carrying out activities to ensure the information security of the country;

Legal equality of all participants in the process of information interaction, regardless of their political, social and economic status, based on the constitutional right of citizens to freely search, receive, transmit, produce and disseminate information in any legal way;

Openness, which provides for the implementation of the functions of federal government bodies and government bodies of constituent entities of the Russian Federation, public associations, including informing the public about their activities, taking into account the restrictions established by the legislation of the Russian Federation;

Priority for the development of domestic modern information and telecommunication technologies, the production of hardware and software capable of ensuring the improvement of national telecommunication networks, their connection to global information networks in order to comply with the vital interests of the Russian Federation.

Organization of activities of internal affairs bodies to ensure information security

To ensure information security, it is necessary to have relevant bodies, organizations, departments and ensure their effective functioning. The combination of these organs constitutes a security system. To identify the features of the organization and activities of internal affairs bodies to ensure information security, we will consider the security system as a whole.

According to the Law of the Russian Federation “On Security”, the security system, and therefore information security, is formed by: - ​​bodies of the legislative, executive and judicial authorities; state, public and other organizations and associations; citizens taking part in ensuring security; - legislation regulating relations in the field of security. This law establishes only the organizational structure of the security system. The security system itself is much broader. Its consideration is not possible, since it is beyond the scope of the dissertation research. Therefore, we will consider only the organizational structure of the security system. Analysis of current regulatory legal acts made it possible to identify the following components as security subjects representing the organizational structure of the information security system1: - federal government bodies; state authorities of the constituent entities of the Russian Federation; local government bodies that solve problems in the field of information security within their competence; - state and interdepartmental commissions and councils specializing in solving information security problems; - structural and cross-industry divisions for the protection of confidential information of government bodies of the Russian Federation, as well as structural divisions of enterprises carrying out work using information classified as state secrets, or specializing in work in the field of information protection; - research, design and engineering organizations performing work to ensure information security; - educational institutions that provide training and retraining of personnel to work in the information security system; - citizens, public and other organizations with rights and responsibilities to ensure information security in the manner prescribed by law;

The main functions of the considered information security system of the Russian Federation are1: - development and implementation of an information security strategy; - creating conditions for the implementation of the rights of citizens and organizations to activities permitted by law in the information sphere; - assessment of the state of information security in the country; identifying sources of internal and external threats to information security; identifying priority areas for preventing, countering and neutralizing these threats; - coordination and control of the information security system; - organizing the development of federal and departmental information security programs and coordinating work on their implementation; - implementation of a unified technical policy in the field of information security; - organization of fundamental, exploratory and applied scientific research in the field of information security; - ensuring control over the creation and use of information security tools through mandatory licensing of activities in the field of information security and certification of information security tools; - implementation of international cooperation in the field of information security, representation of the interests of the Russian Federation in relevant international organizations.

Analysis of the structure and functions of the information security system, taking into account the existing system of separation of powers, revealed the following: 1) the main goal of the information security system is to protect the constitutional rights and freedoms of citizens; 2) the state is the main and main subject of ensuring information security; 3) general management of the subjects of information security, within the framework of certain powers, is exercised by the President of the Russian Federation. His powers in the field of ensuring information security include: - management and interaction of public authorities; - control and coordination of the activities of information security authorities; - determination of the vital interests of the Russian Federation in the information sphere; - identification of internal and external threats to these interests; - determination of the main directions of the information security strategy. 4) The Federal Assembly of the Russian Federation forms the legislative framework in the field of information security on the basis of the Constitution of the Russian Federation; 5) The Government of the Russian Federation, within the limits of its powers, provides leadership to state bodies ensuring information security, organizes and controls the development and implementation of measures to ensure information security by ministries and other bodies subordinate to it; 6) judicial authorities are also subjects of information security. They provide judicial protection to citizens whose rights have been violated in connection with activities to ensure information security, administer justice in cases of crimes in the information sphere; 7) a special role in ensuring state security, including information security, belongs to the Security Council of the Russian Federation. This is a constitutional body that does not have the status of a federal executive body, but is endowed with sufficient powers in the field of security. The Security Council is the only advisory body under the President of the Russian Federation, the creation of which is provided for by the current Constitution.

Forms and methods of ensuring information security in internal affairs bodies

The issues of organizing a security system, including the areas of ensuring information security, discussed in the previous paragraph, require clarification of the content of the tasks of ensuring information security, methods, means and forms of their solution.

Forms, methods and means are considered through the prism of legal regulation of activities to ensure information security, which is inextricably linked with them, and therefore requires clarification and determination of the legal boundaries of their use. In addition, solving any theoretical or practical problem is impossible without certain methods - methods and means.

The choice of appropriate methods and means of ensuring information security is proposed to be undertaken as part of the creation of an information protection system that would guarantee recognition and protection of the fundamental rights and freedoms of citizens; formation and development of the rule of law, political, economic, social stability of society; preservation of national values ​​and traditions.

At the same time, such a system must ensure the protection of information, including information constituting state, commercial, official and other secrets protected by law, taking into account the peculiarities of the protected information in the field of regulation, organization and implementation of protection. Within the framework of this variety of types of protected information, in the author’s opinion, the following most general features of the protection of any type of protected information can be identified: - information protection is organized and carried out by the owner or owner of the information or persons authorized by him (legal or natural); - organizing effective information protection allows the owner to protect his rights to own and dispose of information, to strive to protect it from illegal possession and use to the detriment of his interests; - information protection is carried out through a set of measures to limit access to protected information and create conditions that exclude or significantly complicate unauthorized, illegal access to protected information and its media.

To exclude access to protected information by unauthorized persons, the owner of the information, who protects it, including its classification, establishes a certain regime, rules for its protection, determines forms and methods of protection. Thus, information protection is the proper provision of circulation of protected information in a special area limited by security measures. This is confirmed by a number of approaches of famous scientists2, who consider information protection as “the regular use of means and methods, the adoption of measures and the implementation of activities in order to systematically ensure the required reliability of information

Taking into account the content of this definition, as well as other definitions of the concept of information protection and the main purposes of information protection highlighted in them, including preventing the destruction or distortion of information; prevention of unauthorized receipt and reproduction of information, we can highlight the main task of protecting information in internal affairs bodies. This is maintaining the secrecy of protected information.

In a comprehensive information security system, this problem is solved in relation to protection levels and destabilizing factors. And the formation of a relatively complete set of tasks for these groups is carried out on the basis of an analysis of the objective possibilities of achieving the set protection goals, ensuring the required degree of information security. Taking into account the provisions considered, the tasks can be divided into two main groups:

1) timely and complete satisfaction of information needs arising in the process of management and other activities, that is, providing specialists of internal affairs bodies with confidential information;

2) protecting classified information from unauthorized access to it by other entities.

When solving the first group of problems - providing specialists with information - it is necessary to take into account that specialists can use both open and confidential information. The provision of open information is not limited by anything other than its actual availability. When providing classified information, restrictions apply that require access to information of the appropriate degree of secrecy and permission to access specific information. An analysis of current practice and regulatory legal acts that determine the procedure for a specialist’s access to relevant information has made it possible to identify a number of contradictions. On the one hand, maximum restriction of access to classified information reduces the likelihood of leakage of this information; on the other hand, in order to meaningfully and effectively solve official problems, it is necessary to most fully satisfy the specialist’s information needs. Under normal, non-routine conditions, a specialist has the opportunity to use a variety of information to solve the problem facing him. When providing him with classified information, his ability to access it is limited by two factors: his official position and the problem the specialist is currently solving.

The second group of tasks involves protecting confidential information from unauthorized access to it by unauthorized persons. It is common both for internal affairs bodies and for all government bodies and includes:

1) protecting the country’s information sovereignty and expanding the state’s ability to strengthen its power through the formation and management of the development of its information potential;

2) creating conditions for the effective use of information resources of society and the state;

3) ensuring the security of protected information: preventing theft, loss, unauthorized destruction, modification, blocking of information;

4) maintaining the confidentiality of information in accordance with the established rules for its protection, including preventing leaks and unauthorized access to its media, preventing its copying, modification, etc.;

5) maintaining the completeness, reliability, integrity of information and its arrays and processing programs established by the owner of the information or his authorized persons.