Questions for working with regulations:

What relations are regulated by Federal Law No. 149-FZ?

How does Law No. 149-FZ define the concepts of “information”, “information systems”, “ information Technology»?

Define the goals and objectives of building an information society in Russia (“Strategy…”)

Determine the main directions of development information society in Russia ( Government program"Information society…")

1. the federal law Russian Federation dated July 27, 2006 N 149-FZ

   1. About information, information technologies and information protection

Adopted by the State Duma on July 8, 2006 Approved by the Federation Council on July 14, 2006

Article 1. Scope of this Federal Law

1. This Federal Law regulates relations arising when:

1) exercising the right to search, receive, transmit, produce and distribute information;

2) application of information technologies;

3) ensuring information security.

2. The provisions of this Federal Law do not apply to relations arising during the legal protection of the results of intellectual activity and equivalent means of individualization.

Article 2. Basic concepts used in this Federal Law

This Federal Law uses the following basic concepts:

1) information - information (messages, data) regardless of the form of their presentation;

2) information technologies - processes, methods of searching, collecting, storing, processing, providing, distributing information and methods of implementing such processes and methods;

3) information system - a set of information contained in databases and information technologies and technical means that ensure its processing;

4) information and telecommunications network - a technological system designed to transmit information over communication lines, access to which is carried out using means computer technology;

5) owner of information - a person who independently created information or received, on the basis of a law or agreement, the right to permit or restrict access to information determined by any criteria;

6) access to information - the ability to obtain information and use it;

7) confidentiality of information - a mandatory requirement for a person who has gained access to certain information not to transfer such information to third parties without the consent of its owner;

8) provision of information - actions aimed at obtaining information by a certain circle of persons or transmitting information to a certain circle of persons;

9) dissemination of information - actions aimed at obtaining information by an indefinite circle of persons or transmitting information to an indefinite circle of persons;

10) electronic message - information transmitted or received by a user of an information and telecommunication network;

11) documented information - recorded on material medium by documenting information with details allowing to identify such information or, in cases established by the legislation of the Russian Federation, its material carrier;

12) information system operator - a citizen or legal entity engaged in operating an information system, including processing information contained in its databases.

Article 3. Principles of legal regulation of relations in the field of information, information technology and information protection

Legal regulation of relations arising in the field of information, information technology and information protection is based on the following principles:

1) freedom to search, receive, transmit, produce and disseminate information in any legal way;

2) establishing restrictions on access to information only federal laws;

3) openness of information about the activities of state bodies and local government bodies and free access to such information, except in cases established by federal laws;

4) equality of rights for the languages ​​of the peoples of the Russian Federation in the creation of information systems and their operation;

5) ensuring the security of the Russian Federation during the creation of information systems, their operation and protection of the information contained in them;

6) reliability of information and timeliness of its provision;

7) inviolability of private life, inadmissibility of collecting, storing, using and disseminating information about the private life of a person without his consent;

8) the inadmissibility of establishing by regulatory legal acts any advantages of using some information technologies over others, unless the mandatory use of certain information technologies for the creation and operation of state information systems is established by federal laws.

Article 4. Legislation of the Russian Federation on information, information technologies and information protection

1. The legislation of the Russian Federation on information, information technology and information protection is based on the Constitution of the Russian Federation, international treaties of the Russian Federation and consists of this Federal Law and other federal laws governing relations on the use of information.

2. Legal regulation of relations related to the organization and activities of the media is carried out in accordance with the legislation of the Russian Federation on the media.

3. The procedure for storing and using documented information included in archival funds is established by the legislation on archival affairs in the Russian Federation.

Article 5. Information as an object of legal relations

1. Information may be the object of public, civil and other legal relations. Information can be freely used by any person and transferred by one person to another person, unless federal laws establish restrictions on access to information or other requirements for the procedure for its provision or distribution.

2. Information, depending on the category of access to it, is divided into publicly available information, as well as information to which access is limited by federal laws (restricted information).

3. Information, depending on the procedure for its provision or distribution, is divided into:

1) information freely disseminated;

2) information provided by agreement of persons participating in the relevant relationship;

3) information that, in accordance with federal laws, is subject to provision or distribution;

4) information the distribution of which is restricted or prohibited in the Russian Federation.

4. The legislation of the Russian Federation may establish types of information depending on its content or owner.

Article 6. Holder of information

1. The owner of information can be a citizen (individual), legal entity, the Russian Federation, a subject of the Russian Federation, a municipal entity.

2. On behalf of the Russian Federation, a subject of the Russian Federation, a municipal entity, the powers of the information owner are exercised respectively by state bodies and local government bodies within the limits of their powers established by the relevant regulatory legal acts.

3. The owner of information, unless otherwise provided by federal laws, has the right:

1) allow or restrict access to information, determine the procedure and conditions for such access;

2) use the information, including disseminating it, at your own discretion;

3) transfer information to other persons under a contract or on other grounds established by law;

4) protect their rights in the manner established by law in the event of illegal receipt of information or its illegal use other persons;

5) carry out other actions with information or authorize such actions.

4. The owner of information, when exercising his rights, is obliged to:

1) respect the rights and legitimate interests of other persons;

2) take measures to protect information;

3) limit access to information if such an obligation is established by federal laws.

Article 7. Public information

1. Public information includes generally known information and other information to which access is not limited.

2. Public information can be used by any persons at their discretion, subject to the restrictions established by federal laws regarding the dissemination of such information.

3. The owner of information that has become publicly available by his decision has the right to demand that persons distributing such information indicate themselves as the source of such information.

Article 8. Right to access information

1. Citizens (individuals) and organizations ( legal entities) (hereinafter referred to as organizations) have the right to search and receive any information in any forms and from any sources, subject to compliance with the requirements established by this Federal Law and other federal laws.

2. A citizen (individual) has the right to receive from state bodies, local self-government bodies, and their officials in the manner established by the legislation of the Russian Federation, information that directly affects his rights and freedoms.

3. The organization has the right to receive from state bodies and local self-government bodies information directly related to the rights and obligations of this organization, as well as information necessary in connection with interaction with these bodies when this organization carries out its statutory activities.

4. Access to:

1) regulatory legal acts affecting the rights, freedoms and responsibilities of humans and citizens, as well as establishing the legal status of organizations and the powers of state bodies and local governments;

2) information about the state of the environment;

3) information on the activities of state bodies and local governments, as well as on the use budget funds(except for information constituting state or official secrets);

4) information accumulated in open collections of libraries, museums and archives, as well as in state, municipal and other information systems created or intended to provide citizens ( individuals) and organizations with such information;

5) other information, the inadmissibility of restricting access to which is established by federal laws.

5. State bodies and local self-government bodies are obliged to provide access to information about their activities in Russian and the state language of the corresponding republic within the Russian Federation in accordance with federal laws, laws of constituent entities of the Russian Federation and regulatory legal acts of local self-government bodies. A person wishing to gain access to such information is not required to justify the need to obtain it.

6. Decisions and actions (inaction) of state bodies and local self-government bodies, public associations, officials that violate the right to access to information can be appealed to a higher body or higher official or to the court.

7. If, as a result of an unlawful refusal of access to information, its untimely provision, or the provision of information that is knowingly unreliable or inconsistent with the content of the request, losses were caused, such losses are subject to compensation in accordance with civil law.

8. Information is provided free of charge:

1) on the activities of state bodies and local government bodies, posted by such bodies in information and telecommunication networks;

2) affecting the rights and obligations of the interested person established by the legislation of the Russian Federation;

3) other information established by law.

9. Establishing a fee for the provision by a state body or local government body of information about its activities is possible only in cases and under the conditions established by federal laws.

Article 9. Restricting access to information

1. Restrictions on access to information are established by federal laws in order to protect the foundations of the constitutional system, morality, health, rights and legitimate interests of other persons, to ensure the defense of the country and the security of the state.

2. It is mandatory to maintain the confidentiality of information, access to which is limited by federal laws.

3. Protection of information constituting a state secret is carried out in accordance with the legislation of the Russian Federation on state secrets.

4. Federal laws establish the conditions for classifying information as information constituting a trade secret, official secret and other secret, the obligation to maintain the confidentiality of such information, as well as responsibility for its disclosure.

5. Information received by citizens (individuals) in the performance of their professional duties or by organizations in the performance of certain types of activities (professional secrets) is subject to protection in cases where these persons are obligated by federal laws to maintain the confidentiality of such information.

6. Information constituting a professional secret may be provided to third parties in accordance with federal laws and (or) by court decision.

7. The period for fulfilling obligations to maintain the confidentiality of information constituting a professional secret can be limited only with the consent of the citizen (individual) who provided such information about himself.

8. It is prohibited to require a citizen (individual) to provide information about his private life, including information constituting a personal or family secret, and to receive such information against the will of the citizen (individual), unless otherwise provided by federal laws.

9. The procedure for access to personal data of citizens (individuals) is established by the federal law on personal data.

Article 10. Dissemination of information or provision of information

1. In the Russian Federation, the dissemination of information is carried out freely subject to the requirements established by the legislation of the Russian Federation.

2. Information disseminated without the use of the media must include reliable information about its owner or about another person disseminating information, in a form and volume that is sufficient to identify such person.

3. When using means to disseminate information that allow identifying recipients of information, including postal items and electronic messages, the person disseminating the information is obliged to provide the recipient of the information with the opportunity to refuse such information.

4. The provision of information is carried out in the manner established by agreement of the persons participating in the exchange of information.

5. Cases and conditions for the mandatory dissemination of information or provision of information, including the provision of legal copies of documents, are established by federal laws.

6. It is prohibited to disseminate information that is aimed at promoting war, inciting national, racial or religious hatred and enmity, as well as other information for the dissemination of which criminal or administrative liability is provided.

Article 11. Documenting information

1. The legislation of the Russian Federation or agreement of the parties may establish requirements for documenting information.

2. In federal executive authorities, documentation of information is carried out in the manner established by the Government of the Russian Federation. The rules of office work and document flow established by other state bodies and local government bodies within their competence must comply with the requirements established by the Government of the Russian Federation in terms of office work and document flow for federal executive authorities.

3. An electronic message signed with an electronic digital signature or another analogue of a handwritten signature is recognized as an electronic document equivalent to a document signed with a handwritten signature, in cases where federal laws or other regulatory legal acts do not establish or imply a requirement for the preparation of such a document on paper. .

4. For the purpose of concluding civil contracts or formalizing other legal relations in which persons exchanging electronic messages participate, the exchange of electronic messages, each of which is signed with an electronic digital signature or other analogue of the handwritten signature of the sender of such a message, in the manner established by federal laws, other regulatory legal acts or agreement of the parties is considered as an exchange of documents.

5. Ownership and other proprietary rights to material media containing documented information are established by civil law.

Article 12. State regulation in the field of application of information technologies

1. State regulation in the field of application of information technologies provides for:

1) regulation of relations related to the search, receipt, transmission, production and dissemination of information using information technology (informatization), based on the principles established by this Federal Law;

2) development of information systems for various purposes to provide citizens (individuals), organizations, state bodies and local governments with information, as well as ensuring the interaction of such systems;

3) creating conditions for effective use in the Russian Federation information and telecommunication networks, including the Internet and other similar information and telecommunication networks.

2. State bodies, local government bodies in accordance with their powers:

1) participate in the development and implementation targeted programs application of information technology;

2) create information systems and provide access to the information contained in them in Russian and the state language of the corresponding republic within the Russian Federation.

Article 13. Information Systems

1. Information systems include:

1) state information systems - federal information systems and regional information systems created on the basis of, respectively, federal laws, laws of constituent entities of the Russian Federation, on the basis of legal acts of state bodies;

2) municipal information systems created on the basis of a decision of a local government body;

3) other information systems.

2. Unless otherwise established by federal laws, the operator of an information system is the owner of the technical means used to process information contained in databases, who lawfully uses such databases, or the person with whom this owner has entered into an agreement on the operation of the information system.

3. The rights of the owner of information contained in information system databases are subject to protection regardless of copyright and other rights to such databases.

4. The requirements for state information systems established by this Federal Law apply to municipal information systems, unless otherwise provided by the legislation of the Russian Federation on local self-government.

5. Features of the operation of state information systems and municipal information systems can be established in accordance with technical regulations, regulatory legal acts of state bodies, regulatory legal acts of local governments that make decisions on the creation of such information systems.

6. The procedure for the creation and operation of information systems that are not state information systems or municipal information systems is determined by the operators of such information systems in accordance with the requirements established by this Federal Law or other federal laws.

Article 14. State information systems

1. State information systems are created in order to implement the powers of state bodies and ensure the exchange of information between these bodies, as well as for other purposes established by federal laws.

2. State information systems are created taking into account the requirements stipulated by Federal Law No. 94-FZ of July 21, 2005 “On placing orders for the supply of goods, performance of work, provision of services for state and municipal needs.”

3. State information systems are created and operated on the basis of statistical and other documented information provided by citizens (individuals), organizations, government agencies, and local governments.

4. Lists of types of information provided on a mandatory basis are established by federal laws, the conditions for its provision - by the Government of the Russian Federation or relevant government bodies, unless otherwise provided by federal laws.

5. Unless otherwise established by the decision on the creation of a state information system, the functions of its operator are carried out by the customer who has entered into a state contract for the creation of such an information system. In this case, the commissioning of the state information system is carried out in the manner established by the specified customer.

6. The Government of the Russian Federation has the right to establish mandatory requirements for the procedure for commissioning certain state information systems.

7. It is not allowed to operate the state information system without properly registering the rights to use its components, which are objects of intellectual property.

8. Technical means intended for processing information contained in state information systems, including software technical means and information security means must comply with the requirements of the legislation of the Russian Federation on technical regulation.

9. Information contained in state information systems, as well as other information and documents available to state bodies are state information resources.

Article 15. Use of information and telecommunication networks

1. On the territory of the Russian Federation, the use of information and telecommunication networks is carried out in compliance with the requirements of the legislation of the Russian Federation in the field of communications, this Federal Law and other regulatory legal acts of the Russian Federation.

2. Regulation of the use of information and telecommunication networks, access to which is not limited to a certain circle of persons, is carried out in the Russian Federation taking into account the generally accepted international practice of self-regulatory organizations in this area. The procedure for using other information and telecommunication networks is determined by the owners of such networks, taking into account the requirements established by this Federal Law.

3. The use of information and telecommunication networks in economic or other activities on the territory of the Russian Federation cannot serve as a basis for establishing additional requirements or restrictions regarding the regulation of these activities carried out without the use of such networks, as well as for non-compliance with the requirements established by federal laws.

4. Federal laws may provide for mandatory identification of individuals and organizations using the information and telecommunications network when carrying out business activities. In this case, the recipient of an electronic message located on the territory of the Russian Federation has the right to conduct a check to determine the sender of the electronic message, and in cases established by federal laws or an agreement of the parties, he is obliged to conduct such a check.

5. The transfer of information through the use of information and telecommunication networks is carried out without restrictions, subject to compliance with the requirements established by federal laws for the dissemination of information and the protection of intellectual property. The transfer of information may be limited only in the manner and under the conditions established by federal laws.

6. Features of connecting state information systems to information and telecommunication networks can be established by a regulatory legal act of the President of the Russian Federation or a regulatory legal act of the Government of the Russian Federation.

Article 16. Data protection

1. Information protection is the adoption of legal, organizational and technical measures aimed at:

1) ensuring the protection of information from unauthorized access, destruction, modification, blocking, copying, provision, distribution, as well as from other unlawful actions in relation to such information;

2) maintaining the confidentiality of restricted information,

3) implementation of the right to access information.

2. State regulation of relations in the field of information protection is carried out by establishing requirements for the protection of information, as well as liability for violation of the legislation of the Russian Federation on information, information technologies and information protection.

3. Requirements for the protection of publicly available information may be established only to achieve the goals specified in paragraphs 1 and 3 of part 1 of this article.

4. The owner of information, the operator of the information system in cases established by the legislation of the Russian Federation, are obliged to ensure:

1) prevention of unauthorized access to information and (or) transfer of it to persons who do not have the right to access information;

2) timely detection of facts of unauthorized access to information;

3) preventing the possibility of adverse consequences of violating the procedure for access to information;

4) preventing influence on technical means of information processing, as a result of which their functioning is disrupted;

5) the possibility of immediate restoration of information modified or destroyed due to unauthorized access to it;

6) constant monitoring of ensuring the level of information security.

5. Requirements for the protection of information contained in state information systems are established by the federal executive body in the field of security and the federal executive body authorized in the field of countering technical intelligence and technical protection information within the limits of their authority. When creating and operating state information systems, the methods and methods used to protect information must comply with the specified requirements.

6. Federal laws may establish restrictions on the use of certain information security tools and the implementation of certain types of activities in the field of information security.

Article 17. Responsibility for offenses in the field of information, information technology and information protection

1. Violation of the requirements of this Federal Law entails disciplinary, civil, administrative or criminal liability in accordance with the legislation of the Russian Federation.

2. Persons whose rights and legitimate interests were violated in connection with the disclosure of restricted information or other unlawful use of such information have the right to apply in the prescribed manner for judicial protection of their rights, including claims for damages, compensation for moral damage, protection honor, dignity and business reputation. A claim for compensation for damages cannot be satisfied if it is presented by a person who did not take measures to maintain the confidentiality of information or violated the requirements for the protection of information established by the legislation of the Russian Federation, if the adoption of these measures and compliance with such requirements were the responsibilities of this person.

3. If the dissemination of certain information is limited or prohibited by federal laws, the person providing the services does not bear civil liability for the dissemination of such information:

1) or by transfer of information provided by another person, provided that it is transferred without changes or corrections;

2) or for storing information and providing access to it, provided that this person could not know about the illegality of the dissemination of information.

Article 18. On the recognition as invalid of certain legislative acts (provisions of legislative acts) of the Russian Federation

From the date of entry into force of this Federal Law, the following shall be declared invalid:

1) Federal Law of February 20, 1995 No. 24-FZ “On information, informatization and information protection” (Collected Legislation of the Russian Federation, 1995, No. 8, Art. 609);

2) Federal Law of July 4, 1996 N 85-FZ “On participation in international information exchange” (Collected Legislation of the Russian Federation, 1996, N 28, Art. 3347);

3) Article 16 of the Federal Law of January 10, 2003 N 15-FZ “On introducing amendments and additions to certain legislative acts of the Russian Federation in connection with the adoption of the Federal Law “On licensing of certain types of activities” (Collected Legislation of the Russian Federation, 2003, N 2 , Art. 167);

4) Article 21 of the Federal Law of June 30, 2003 N 86-FZ “On introducing amendments and additions to certain legislative acts of the Russian Federation, recognizing as invalid certain legislative acts of the Russian Federation, providing certain guarantees to employees of internal affairs bodies, turnover control bodies narcotic drugs and psychotropic substances and the abolished federal tax police bodies in connection with the implementation of measures to improve public administration" (Collected Legislation of the Russian Federation, 2003, No. 27, Art. 2700);

5) Article 39 of the Federal Law of June 29, 2004 N 58-FZ “On amendments to certain legislative acts of the Russian Federation and the recognition as invalid of certain legislative acts of the Russian Federation in connection with the implementation of measures to improve public administration” (Collection of Legislation of the Russian Federation, 2004, No. 27, Article 2711).

President of the Russian Federation V. Putin

Doctrine information security Russian Federation

The Information Security Doctrine of the Russian Federation is a set of official views on the goals, objectives, principles and main directions of ensuring information security of the Russian Federation. This Doctrine serves as the basis for: the formation of state policy in the field of ensuring information security of the Russian Federation; preparing proposals for improving the legal, methodological, scientific, technical and organizational support for information security of the Russian Federation; development of targeted programs to ensure information security of the Russian Federation. This Doctrine develops the Concept of National Security of the Russian Federation in relation to the information sphere.

The fundamental law among Russian laws devoted to information security issues should be considered the law “On Information, Informatization and Information Protection” dated February 20, 1995, No. 24-FZ (adopted by the State Duma on January 25, 1995). It provides basic definitions and outlines directions for the development of legislation in this area.

Let us quote some of these definitions:

information - information about persons, objects, facts, events, phenomena and processes, regardless of the form of their presentation;

documented information (document) - information recorded on a tangible medium with details that allow its identification;

information processes - processes of collecting, processing, accumulating, storing, searching and distributing information;

Information system - an organizationally ordered set of documents (arrays of documents) and information technologies, including the use of computer technology and communications that implement information processes;

informational resources - individual documents and individual arrays of documents, documents and arrays of documents in information systems (libraries, archives, funds, data banks, other information systems);

information about citizens (personal data)- information about the facts, events and circumstances of a citizen’s life, allowing his personality to be identified;

confidential information - documented information, access to which is limited in accordance with the legislation of the Russian Federation;

user (consumer) of information- a subject who turns to an information system or intermediary to obtain the information he needs and uses it.

We will, of course, not discuss the quality of data in the Law of Definitions. Let us only pay attention to the flexibility of defining confidential information, which cannot be reduced to information constituting a state secret, as well as to the concept of personal data, which lays the foundation for the protection of the latter.

The law identifies the following purposes of information protection:

prevention of leakage, theft, loss, distortion, falsification of information;

preventing threats to the security of individuals, society, and the state;

prevention of unauthorized actions to destroy, modify, distort, copy, block information;

preventing other forms of illegal interference in information resources and information systems, ensuring the legal regime of documented information as an object of property;

protection of the constitutional rights of citizens to maintain personal secrets and confidentiality of personal data available in information systems;

maintaining state secrets, confidentiality of documented information in accordance with the law;

ensuring the rights of subjects in information processes and in the development, production and application of information systems, technologies and means of supporting them.

It should be noted that the Law places the highest priority on maintaining the confidentiality of information. Integrity is also presented quite fully, although in second place. Very little is said about accessibility (“preventing unauthorized actions to... block information”).

Let's continue quoting:

“Any documented information is subject to protection, the unlawful handling of which may cause damage to its owner, possessor, user or other person.”

In essence, this provision states that information protection is aimed at ensuring the interests of subjects of information relations.

in relation to information classified as state secrets - by authorized bodies on the basis of the Law of the Russian Federation “On State Secrets”;

in relation to confidential documented information - by the owner of information resources or an authorized person on the basis of this Federal Law;

in relation to personal data - by federal law."

Three types of protected information are clearly identified here, the second of which includes, in particular, commercial information. Since only documented information is subject to protection, a necessary condition is to record commercial information on a tangible medium and provide it with details. Note that in this place Law we're talking about only about confidentiality; other aspects of information security are forgotten.

Please note that the state takes upon itself the protection of state secrets and personal data; Other confidential information is the responsibility of its owners.

How to protect information? As a basic principle, the law offers powerful universal means for this purpose: licensing and certification. Let us quote article 19.

Information systems, databases and data banks intended for information services to citizens and organizations are subject to certification in the manner established by the Law of the Russian Federation "On Certification of Products and Services".

Information systems of government bodies of the Russian Federation and government bodies of the constituent entities of the Russian Federation, other government bodies, organizations that process documented information with limited access, as well as the means of protection of these systems are subject to mandatory certification. The certification procedure is determined by the legislation of the Russian Federation.

Organizations performing work in the field of design, production of information security equipment and processing of personal data receive licenses for this type of activity. The licensing procedure is determined by the legislation of the Russian Federation.

The interests of the information consumer when using imported products in information systems are protected by the customs authorities of the Russian Federation on the basis of the international certification system.

Here it is difficult to resist a rhetorical question: are there information systems in Russia without imported products? It turns out that protecting the interests of consumers is based on in this case only customs...

And a few more points, now from Article 22:

2. The owner of documents, an array of documents, information systems ensures the level of information protection in accordance with the legislation of the Russian Federation.

3. The risk associated with the use of uncertified information systems and means of supporting them lies with the owner (possessor) of these systems and means. The risk associated with the use of information obtained from an uncertified system lies with the consumer of the information.

4. The owner of documents, an array of documents, information systems can contact organizations that certify means of protecting information systems and information resources to analyze the sufficiency of measures to protect their resources and systems and receive advice.

5. The owner of documents, an array of documents, information systems is obliged to notify the owner of information resources and (or) information systems about all facts of violation of the information security regime.

It follows from point 5 that all (successful) attacks on the IP must be detected. Let us recall in this regard one of the survey results (see lecture 1): about a third of American respondents did not know whether their IP had been hacked in the last 12 months. According to our legislation, they could be held accountable...

2. Protection of the rights of subjects in this area is carried out by a court, an arbitration court, or an arbitration court, taking into account the specifics of the offenses and the damage caused. The clauses of Article 5 regarding legal force are very important. electronic document And electronic digital signature:

3. Legal force a document stored, processed and transmitted using automated information and telecommunication systems can be confirmed by an electronic digital signature. The legal force of an electronic digital signature is recognized if the automated information system has software and hardware tools that ensure signature identification, and compliance established mode their use.

4. The right to certify the identity of an electronic digital signature is exercised on the basis of a license. The procedure for issuing licenses is determined by the legislation of the Russian Federation.

Thus, the Law offers an effective means of controlling integrity and solving the problem of “non-repudiation” (the inability to refuse one’s own signature).

These are, in our opinion, the most important provisions of the Law “On Information, Informatization and Information Protection”. The next page will discuss other laws of the Russian Federation in the field of information security.

Law of the Russian Federation “On information, informatization and protection of information” .

Federal Law of February 20, 1995 N 24-FZ “On Information, Informatization and Information Protection” (as amended on January 10, 2003). Adopted by the State Duma on January 25, 1995.

1. This Federal Law regulates relations arising when:

Formation and use of information resources based on the creation, collection, processing, accumulation, storage, search, distribution and provision of documented information to the consumer;

Creation and use of information technologies and means of supporting them;

Protection of information, rights of subjects participating in information processes and informatization.

State policy in the field of formation of information resources and informatization is aimed at creating conditions for effective and high-quality information support strategic and operational tasks social and economic development of the Russian Federation.

The main directions of state policy in the field of informatization are:

· providing conditions for the development and protection of all forms of ownership of information resources;

· formation and protection of state information resources;

· creation and development of federal and regional information systems and networks, ensuring their compatibility and interaction in a single information space Russian Federation;

· creating conditions for high-quality and effective information support for citizens, government bodies, local governments, organizations and public associations based on state information resources;

· ensuring national security in the field of informatization, as well as ensuring the implementation of the rights of citizens and organizations in the conditions of informatization;

· promoting the formation of a market for information resources, services, information systems, technologies, and means of supporting them;

· formation and implementation of a unified scientific, technical and industrial policy in the field of informatization, taking into account the current world level of information technology development;

· support for informatization projects and programs;

· creation and improvement of a system for attracting investments and a mechanism for stimulating the development and implementation of informatization projects;

· development of legislation in the field of information processes, informatization and information protection.

Protection of information and rights of subjects in the field of information processes and informatization

The goals of protection are:

1. prevention of leakage, theft, loss, distortion, falsification of information;

2. preventing threats to the security of the individual, society, and state;

3. prevention of unauthorized actions to destroy, modify, distort, copy, block information; preventing other forms of illegal interference in information resources and information systems, ensuring the legal regime of documented information as an object of property;

4. protection of the constitutional rights of citizens to maintain personal secrets and confidentiality of personal data available in information systems;

5. preservation of state secrets, confidentiality of documented information in accordance with the law;

6. ensuring the rights of subjects in information processes and in the development, production and application of information systems, technologies and means of supporting them.

Data protection.

1. Any documented information is subject to protection, the unlawful handling of which may cause damage to its owner, possessor, user or other person.

The information protection mode is set:

· in relation to information classified as state secrets - by authorized bodies on the basis of the Law of the Russian Federation “On State Secrets”;

· in relation to confidential documented information - by the owner of information resources or an authorized person on the basis of this Federal Law;

· in relation to personal data - by Federal Law.

2. Government bodies and organizations responsible for the formation and use of information resources subject to protection, as well as bodies and organizations developing and using information systems and information technologies for the formation and use of information resources with limited access, are guided in their activities by the legislation of the Russian Federation .

3. Monitoring compliance with information protection requirements and the operation of special software and hardware protection tools, as well as ensuring organizational measures to protect information systems that process information with limited access in non-state structures, are carried out by government bodies. Control is carried out in the manner determined by the Government of the Russian Federation.

4. Organizations processing information with limited access, which is the property of the state, create special services to ensure the protection of information.

5. The owner of information resources or persons authorized by him have the right to monitor compliance with information protection requirements and prohibit or suspend the processing of information in case of failure to comply with these requirements.

6. The owner or holder of documented information has the right to contact government authorities to assess the correctness of compliance with the norms and requirements for the protection of his information in information systems. The relevant authorities are determined by the Government of the Russian Federation. These authorities observe the confidentiality of the information itself and the results of the audit.

Rights and obligations of subjects in the field of information protection.

1. The owner of documents, an array of documents, information systems or persons authorized by him in accordance with this Federal Law establish the procedure for providing the user with information indicating the place, time, responsible officials, as well as the necessary procedures and provide conditions for user access to information.

2. The owner of documents, an array of documents, information systems ensures the level of information protection in accordance with the legislation of the Russian Federation.

3. The risk associated with the use of non-certified information systems and means of supporting them lies with the owner (possessor) of these systems and means.

The risk associated with the use of information obtained from a non-certified system lies with the consumer of the information.

4. The owner of documents, an array of documents, information systems can contact organizations that certify means of protecting information systems and information resources to analyze the sufficiency of measures to protect their resources and systems and receive advice.

5. The owner of documents, an array of documents, information systems is obliged to notify the owner of information resources or information systems about all facts of violation of the information security regime.

Protection of the right to access information.

1. Denial of access to open information or provision of knowingly false information to users may be appealed in court.

Failure to fulfill or improper fulfillment of obligations under a supply, purchase and sale agreement, or other forms of exchange information resources between organizations are considered by an arbitration court.

In all cases, persons denied access to information and persons who have received false information have the right to compensation for the damage they have suffered.

2. The court considers disputes about the unreasonable classification of information as information with limited access, claims for compensation for damage in cases of unjustified refusal to provide information to users or as a result of other violations of user rights.

3. Managers and other employees of public authorities and organizations guilty of illegally restricting access to information and violating the information protection regime are liable in accordance with criminal, civil legislation and legislation on administrative offenses.

Bibliography.

Federal Law of February 20, 1995 N 24-FZ “On Information, Informatization and Information Protection” (as amended on January 10, 2003).

Information security is a field of science that studies the protection of data of a specific (state or commercial) enterprise. Specialists (auditors) check information channels to ensure the protection of sensitive data.

All classified data channels are checked for a sufficient level of protection. If a specialist discovers a flaw in file system, he must immediately notify the management of the enterprise about this.

Basic laws that relate to information security:

• . regulates relations between public authorities during the search for important information and ensures information security of personal data;
• . The Federal Law regulates relations between executive authorities and determines methods of licensing certain types of activities;
• . The Federal Law lists the areas of activity in which electronic digital signature for the purpose of ensuring information security. For example: purchase of goods, provision of services, etc.;
• . regulates the relationships that arise in the production of various goods. The description of technical products must correspond to their actual characteristics in accordance with information security regulations.

There is also Federal Safety Law 390. Details

Article 8. Right of access to information

1. Citizens (individuals) and organizations (legal entities) (hereinafter referred to as organizations) have the right to search and receive any information in any forms and from any sources, subject to compliance with the requirements established by this Federal Law and other federal laws.

2. A citizen (individual) has the right to receive from state bodies, local self-government bodies, and their officials in the manner established by the legislation of the Russian Federation, information that directly affects his rights and freedoms.

3. The organization has the right to receive from state bodies and local self-government bodies information directly related to the rights and obligations of this organization, as well as information necessary in connection with interaction with these bodies when this organization carries out its statutory activities.

4. Access to:

1) regulatory legal acts affecting the rights, freedoms and responsibilities of humans and citizens, as well as establishing the legal status of organizations and the powers of state bodies and local governments;

2) information about the state of the environment;

3) information on the activities of state bodies and local self-government bodies, as well as on the use of budget funds (except for information constituting state or official secrets);

4) information accumulated in open collections of libraries, museums and archives, as well as in state, municipal and other information systems created or intended to provide citizens (individuals) and organizations with such information;

5) other information, the inadmissibility of restricting access to which is established by federal laws.

5. State bodies and local self-government bodies are obliged to provide access, including using information and telecommunication networks, including the Internet, to information about their activities in Russian and the state language of the corresponding republic within the Russian Federation in accordance with federal laws, laws of constituent entities of the Russian Federation and regulatory legal acts of local governments. A person wishing to gain access to such information is not required to justify the need to obtain it.

6. Decisions and actions (inaction) of state bodies and local self-government bodies, public associations, officials that violate the right to access to information can be appealed to a higher body or higher official or to the court.

7. If, as a result of an unlawful refusal of access to information, its untimely provision, or the provision of information that is knowingly unreliable or inconsistent with the content of the request, losses were caused, such losses are subject to compensation in accordance with civil law.

8. Information is provided free of charge:

1) on the activities of state bodies and local government bodies, posted by such bodies in information and telecommunication networks;

2) affecting the rights and obligations of the interested person established by the legislation of the Russian Federation;

3) other information established by law.

9. Setting fees for provision government agency or a local government body, information about its activities is possible only in cases and under the conditions established by federal laws.