There is a fairly large class of information processing systems in enterprises where the security factor is paramount (e.g. banking information systems).
Security of the system-protection from accidental or
Intentional interference in the normal process of its functioning, from attempts of theft (unauthorized receipt) of information, modification or physical destruction of its components. In other words, it is the ability to counteract various disturbing effects on IP.
The threat of information security-events or actions that can lead to distortion, unauthorized use or even destruction of information resources of the managed system, as well as software and hardware.
Among the threats to the security of information should be singled out as a type of threat random, or unintentional.
Their source may be a failure of hardware, incorrect actions of IP employees or their users, unintentional errors in software, etc. Dr. Such threats should also be taken into account, as the damage from them can be significant.
In addition, there are intentional threats that, unlike random threats, are intended to harm the system or users. This is often done to gain personal benefit.
A person attempting to disrupt the operation of an information system or gain unauthorized access to information is commonly referred to as a burglar, and sometimes a “computer pirate” (hacker). As a rule, hackers try to find such sources of confidential information, which would give the most valuable information in the maximum volumes with minimal expenses on their receipt. In this case, the source of information refers to a material object with certain information of particular interest to the intruders or competitors.
Protection against intentional threats is a kind of competition of defense and attack: Who knows more, provides effective measures, and wins.
Numerous publications in recent years have shown that the misuse of information circulating in IP or transmitted through communication channels has been improved as much as measures of protection against them. At present, the protection of information requires not only the development of private protection mechanisms, but the implementation of a systemic approach that includes a set of interrelated measures: the use of special technical and programmatic tools, Organizational measures, normative-legal acts, moral-ethical measures of counteraction, etc. Dr.
The complex nature of protection stems from the complex actions of the intruders, seeking by any means to get important information for them.
Today we can say that a new modern technology is being born-technology of information protection in computer information systems and data transmission networks. The realization of this technology requires increasing costs and efforts. All of this, however, avoids the vastly superior losses and damage that can occur in the real implementation of IP and it threats.
Types of threats
Passive threats are mainly aimed at unauthorized use of IP information resources without influencing its functioning. For example, unauthorized access to databases, listening to communication channels, etc. Dr.
Active threats are intended to disrupt the normal functioning of IP by purposefully influencing its components. Active threats include, for example, failure of the computer or its operating system, distortion of information in the database, destruction of computers, disruption of communication lines, etc. Dr. The source of active threats can be actions of crackers, malicious programs, etc. P.
Intentional threats are divided into internal and external. Internal threats (emerging within a managed organization) are most often determined by social tensions and a severe moral climate.
External threats can be determined by the malicious actions of competitors, economic conditions and other causes (e.g. natural disasters). Industrial espionage was widely disseminated-illegal collection, appropriation and transmission of information constituting a commercial secret by a person not authorized to do so by its owner, damaging the owner of a trade secret.
The main threats to information security and the normal functioning of IP include:
- leakage of confidential information;
- Compromise information;
- Unauthorized use of information resources;
- Erroneous use of information resources;
- Unauthorized exchange of information between subscribers;
- refusal of information;
- Disruption of information services;
- illegal use of privileges.
If you liked this article (or did not like it) or you disagree with me, write, I will be glad to comments. Ask your questions, I will answer them.