RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2
2012/09/10 15:31:30

Information security

Information security is the comprehensive security of information and its supporting infrastructure against any accidental or malicious impacts that may result in damage to the information itself, its owners or supporting infrastructure. Information security tasks are reduced to minimizing damage, as well as predicting and preventing such impacts.

Content

Since the 2000s, cyber threats have become relevant for everyone, from the largest state information systems to the computers of ordinary citizens. Cyber ​ ​ threats are the illegal entry or threat of malicious penetration into the virtual space to achieve political, social or other goals.

Cyber wars between countries

The largest cyber conflicts are unfolding between states that have the most computational and intelligent resources for conducting cyber wars. Information on agreements on electronic non-aggression, as well as on confrontation in the virtual space between countries, is highlighted in a separate article:

Russia is forced to take measures to contain other countries in the field of cyberspace and thus becomes involved in cyber wars. The key opponent in this area is traditionally the United States:

Cybercrime and loss of organizations

Cybercrime has become the world's largest destination in the criminal world. Chronicle of events in the article:

Cyber ​ ​ fraudsters annually cause gigantic economic damage to individual organizations and entire countries:

Banks are the biggest targets of cybercriminals. Information on losses of financial institutions is provided in a separate article:

Often, financial damage to organizations is not caused by criminals, but by their own employees who steal, delete data or lose media outside the organization's contour:

Industry specific

Cars

Banks

Health care

Logistics and Transport

E-commerce

Power

Information Security Solutions and Services Market

Cybersecurity's coverage area is expanding to become Digital Security. Source: Gartner (August 2016)

To prevent losses associated with cybercrime, governments and companies purchase equipment, software and services to protect information.

Threats to information security

Analysis of potential cyber threats to an organization is a service that can be bought on the market:

Actions that pose a threat to information systems can be divided into two main categories: internal (intentional and unintentional actions of employees) and external (network cyber attacks, theft of media).

Internal threats

Internal threats are primarily related to data leaks:

Most often, leaks are caused by the following actions carried out by authorized users (employees, insiders):

  • purposeful theft, replacement with knowingly false or destruction of data on a workstation or server;
  • User data corruption caused by careless or negligent actions
  • loss of media outside the perimeter of the organization.

External threats

Electronic methods of influence carried out by hackers:

  • unauthorized entry into computer networks;
  • DoS and DDoS attacks;

Computer viruses

Spam

Natural threats: the information security of a company can be influenced by various external factors: the cause of data loss can be improper storage, theft of computers and media, force majeure and other circumstances.

Key Data Protection Challenges in Information Systems


The ultimate goal of implementing safety measures

Improving the consumer properties of the protected service, namely:

  • Usability of the service
  • Service Security

  • With regard to RBS systems, this means the safety of money
  • With regard to electronic interaction systems, this means control over the rights to the object and the safety of resources
  • Loss of any security property means loss of trust in the security service


What undermines trust in security services?

At the domestic level

  • Information on embezzlement of money and property, often stated hypertrophied
  • Intimidation of people incomprehensible to them, which means uncontrolled threats (cyber attacks, hackers, viruses, etc.)
  • Poor performance of the provided service, (failures, errors, inaccurate information, loss of information)
  • Not strong enough identity authentication
  • Fraud facts people face or hear about

At the legal level

  • Loss of data authenticity
  • Loss of the legitimacy of the security service on a formal basis (expiration of the certificate, certificate for the facility, licenses for the type of activity, end of support)
  • Failures in the operation of the CDS -SDA, violation of confidentiality
  • Weak level of trust in the authentication service
  • Failures and shortcomings in the operation of security systems that make it possible to challenge the legitimacy of operations


The construction of any computer network begins with the installation of workstations, therefore the information security subsystem begins with the protection of these objects.

The following are possible here:

The first level of information security subsystems in automated systems is built on the basis of the listed information protection tools. At the second stage of the system development, individual workstations are combined into local networks, dedicated servers are installed and exit from the local network to the Internet is organized.

At this stage, the means of protecting information of the second level - the layer of protection of the local network are used:

  • Security features for network operating systems
  • means for distinguishing access to shared resources;
  • Local network domain security features
  • User authentication server
  • Firewall proxies
  • detection tools for attacks and local network security vulnerabilities.

When combining local networks into a common intranet using public networks (including the Internet) as a communication environment, the security of information exchange is ensured by the use of VPN technology, which forms the basis of the third level of information security.

Read the article "Information Security: Protective Equipment" "

Physical ways to ensure information security

Physical protection measures are various kinds of mechanical, electrical and electronic-mechanical devices and structures specially designed to create physical obstacles on possible ways of penetration and access of potential violators to components of the information system and protected information. The list of physical methods of information protection includes:

  • organization of access control;
  • organization of accounting, storage, use and destruction of documents and media with confidential information;
  • distribution of access delimitation details;
  • organization of hidden control over the activities of users and maintenance personnel of the information system;
  • measures taken in the design, development, repair and modification of hardware and software.

When physical and technical methods are not available, administrative measures to ensure information security are applied. The experience of organizations with a complex organization of the information system has shown that the best results in achieving information security are achieved using a system approach.

Why are information security risks high in the SMB

Many small business leaders underestimate the importance of information security, believing that small companies are not as interesting to hackers as large ones. It's a misconception. Small business is just very attractive for Internet scammers. First of all, the fact that it is not too concerned about information security.

Not at any small enterprise in the state there is an information technology specialist, but illegal software, a "left" antivirus are often found. Data can be stored in public folders, keys to the remote banking system (RBS) - in the manager's desk drawer. Increases the risk of corporate information leakage and the use of smartphones and tablets in the work.

As the analysis of emerging incidents shows, attackers, as a rule, do not prey on any particular company, "pitting" viruses against everyone who comes to hand.

"And those who are less protected or not at all are the first" victims "of hackers who, penetrating the company's information network, steal secret keys, data on operations or clients," said Oleg Ilyukhin, director of the information technology department of SDM-Bank.

Safety rules

There are several mandatory information security rules that are simply necessary to comply with (2014).

Virus and Spam Barrier

Barrier for viruses and spam. The biggest threat to the company's security, according to experts, is malware. As of August 2014, about 200 thousand new samples of it appear daily. According to participants in the information security market, 2013 Russian companies were hacked at least once in 95%. An equally serious threat is a leak due to the unprotected exchange of corporate information through employees' mobile devices.

To prevent these threats, you need to abandon the "left" software, install a firewall and modern antivirus, and update it regularly.

Use computer for RBS only for RBS

The computer on which the RBS is installed must be disconnected from the local networks. It is impossible to access the Internet from it, except for communication with the bank.

Do not use social networks and open Wi-Fi from work computers

If smartphones and tablet computers are used in the work or for storing information, you do not need to go out of them on social networks and use the public Wi-Fi[1].

Keep keys and passwords locked

Often, the heads of the SMB themselves give cards in the hands of fraudsters, holding the keys to the RBS and electronic signature in an accessible place.

"Moreover, some negligent employees of the company do not remove the USB flash drive with the RBS key from the computer at all. If the hacker gains control over the computer, this will lead to the theft of all secret keys and the use of the RBS system by a fraudster on behalf of the organization, "warns Oleg Ilyukhin, director of the information technology department of SDM-Bank.

This information must be stored in a safe or other safe place, access by strangers to them must be prohibited.

Enterprise data must be stored on a remote server

It is best to entrust commercial and personal data to cloud services. This is safer than in a folder on a table or computer, on a flash drive or removable drive. Data in data centers is stored in encrypted form, and you can get to them only using electronic keys and a digital signature.

Differentiate access to data between employees

It is also important to prevent internal threats - intentional or accidental violations of the information security policy by company employees. These risks can be minimized by establishing access to corporate information depending on the level of authority of employees. For example, a sales manager has only his/her customer information, and the full database and entire sales history will only be available to the sales manager. The chief accountant should only have access to financial statements, and management reports will only be available to the CEO. Of course, in a small company it is difficult to achieve complete separation of functions, but it is still necessary to try to distinguish the flows of information between employees. All this will also reduce the likelihood of a data breach.

Links