Information security and protection textbook. Information Security

Discussed by the Department of Methodology and Modeling of Safe Development of Process Systems of the Russian Academy

natural sciences and approved for publication by the Presidium of the Russian Academy of Natural Sciences

Reviewers:

Head of the Faculty of Information Security ICSI Candidate of Technical Sciences S.N. Smirnov

Full member of the International Academy of Informatization, Doctor of Technical Sciences, Professor A. V. Petrakov

Full member of the International Academy of Informatization, Doctor of Sociological Sciences, Professor G. A. Kabakovich

Rep. editor - candidate of military sciences L.I. Filippenko

Yarochkin V.I.

Information Security: Textbook for university students. - M.: Academic Project; Gaudeamus, 2nd ed.-

2004. - 544 p. (Gaudeamus).

ISBN 5-8291-0408-3 (Academic Project) ISBN 5-98426-008-5 (Gaudeamus)

In modern information society information has become a special resource for any activity, therefore, like any other resource, it needs to be protected, to ensure its safety, integrity and without danger. Who and how threatens information security and how to counter these threats, you will learn by reading this book. The textbook is designed for higher education students educational institutions, institutes for advanced training and schools for training specialists studying the problems of protecting confidential information.

UDC 002-004 BBK

© Yarochkin V.I., 2003

ISBN 5-829I-0408-3 ©Academic Project, original layout, design, 2004

Introduction Chapter 1 CONCEPT OF INFORMATION SECURITY

1.1. Basic conceptual provisions of the information security system

1.2. Conceptual model of information security

1.3. Threats to confidential information

1.4. Actions leading to unlawful possession

confidential information

Chapter 2 GUIDELINES FOR ENSURING INFORMATION SECURITY

2.1. Legal protection

2.2. Organizational defense

2.3. Engineering and technical protection

2.3.1. General provisions

2.3.2. Physical protection

2.3.3. Hardware protection

2.3.4. Security software

2.3.5. Cryptographic protections

Chapter 3 WAYS TO PROTECT INFORMATION

3.1. General provisions

3.2. Characteristics of protective actions

Chapter 4 SUPPRESSION OF DISCLOSURE OF CONFIDENTIAL INFORMATION

4.1. General provisions

4.2. Ways to suppress disclosure

Chapter 5 PROTECTION OF INFORMATION FROM LEAKAGE THROUGH TECHNICAL CHANNELS

5.1. General provisions

5.2. Protection of information from leakage via visual optical channels

5.2.1. General provisions

5.2.2. Means and methods of protection

5.3. Protection of information from leakage via acoustic channels

5.3.1. General provisions

5.3.2. Methods and means of protection

5.4. Protecting information from leakage via electromagnetic channels

5.4.1. Protection against heat due to the microphone effect

5.4.2. Protection against leakage due to electromagnetic radiation

5.4.4. Protection against thermal leakage in power supply circuits

5.4.5. Protection against leakage via grounding circuits

5.4.6. Protection against heat leakage due to the mutual influence of wires and communication lines

5.4.7. Protection against heat due to high-frequency imposition

5.4.8. Protection against heat in estrus fiber optic lines and communication systems

5.5. Protection of information from leakage through material channels

Chapter 6 COUNTERING UNAUTHORIZED ACCESS TO SOURCES OF CONFIDENTIAL INFORMATION

6.1. Methods of unauthorized access

6.2. Technical means of unauthorized access to information

6.3. Protection against surveillance and photography

6.4. Protection against eavesdropping

6.4.1. Counteracting eavesdropping through

microphone systems

6.4.2. Countering radio acoustic eavesdropping systems

6.4.3. Ensuring the security of telephone conversations

6.4.4. Countering laser eavesdropping

6.5. Countering illegal connection to communication lines

6.5.1. Anti-contact connection

6.5.2. Anti-contact connection

6.6. Interception protection

Chapter 7. CONFIDENTIALITY WHEN WORKING WITH FOREIGN PEOPLE AND PARTNERS

7.1. Areas of interaction with foreign partners

7.1.1. Scientific and technical cooperation with foreign partners

7.1.2. Scientific and technical cooperation. Technologically, exchange and its regulation.

7.1.3. Types of commercial international transactions

7.1.4. Scientific and technical documentation - a source of confidential information

7.1.5. Possible conditions for disclosing information constituting a trade secret

7.1.6. Examination of the value transmitted scientifically-technical

documentation

7.2. Organization of work with foreign partners

7.2.1. Assessment of potential partners

7.2.2. Receiving foreign representatives and conducting commercial negotiations

7.2.3. Procedure for working with foreign partners

7.2.4. Procedure for protecting confidential information when working with foreign partners

Chapter 8 INFORMATION SECURITY AUDIT [^]

Afterword

Applications

1. State Technical Commission of Russia. Guiding document Protection against unauthorized access to information. Terms and Definitions

2. The concept of information security Russian Federation

3. List of information classified as state secret. Decree of the President of the Russian Federation on the list of information classified as state secrets. January 24, 1998 No. 61

4. Decree of the President of the Russian Federation. On approval of the list of confidential information

5. Regulations on licensing of technical activities

protection of confidential information. Decree of the Government of the Russian Federation of April 30, 200 2 No. 290 Moscow

6. INSTRUCTIONS for protecting confidential information when working with foreign partners

7. ENSURING THE PRESERVATION OF COMMAND SECRET

ENTERPRISES 8.CATALOG of generalized protection measures

confidential information

Bibliography

Introduction [^]

A notable feature of the current period is the transition from an industrial society to an information society, in which information becomes more important resource than material or energy resources. As you know, resources are the elements of economic potential that society has and which, if necessary, can be used to achieve specific goals of economic activity. Categories such as material, financial, labor, and natural resources that are involved in economic turnover have long become familiar and commonly used, and their purpose is clear to everyone. But then the concept of “information resources” appeared, and although it has been legalized, it is not yet sufficiently understood. In the literature cited this concept is stated as follows: “ Informational resources

Individual documents and individual arrays of documents, documents and arrays of documents in information systems ah (libraries, archives, funds, data banks, other information systems).” Information resources are property, are under the jurisdiction of the relevant bodies and organizations, are subject to accounting and protection, since information can be used not only for the production of goods and services, but also turn it into cash by selling it to someone, or, what even worse, destroy.

Proprietary information for the manufacturer is of significant value, since often obtaining (creating) such information is a very labor-intensive and expensive process. It is obvious that the value of information (real or potential) is determined primarily by the income it generates.

A special place is given to information resources in a market economy.

The most important factor in a market economy is competition. The winner is the one who produces and sells better, better, cheaper and more quickly (time is money!). In essence, this is a universal market rule. And in these conditions, the main rule is: who owns the information, owns the world.

In competition, various actions aimed at obtaining (extracting, acquiring) confidential information are widespread.

in various ways, up to direct industrial espionage using modern technical means intelligence. It has been established that 47% of stored information is obtained

With using technical means of industrial espionage.

IN Under these conditions, the protection of information from unlawful acquisition is given a very significant place. Wherein

“The goals of information protection are: preventing disclosure, leakage and unauthorized access to protected information; prevention of illegal actions of destruction, modification, distortion, copying, blocking of information; prevention of other forms of illegal interference in information resources and information systems; ensuring the legal regime of documented information as an object of property; protection of the constitutional rights of citizens to maintain personal secrets and confidentiality of personal data available in information systems; maintaining state secrets, confidentiality of documented information in accordance with the law; ensuring the rights of subjects in information processes and in the development, production and application of information systems, technologies and means of ensuring them.”

As can be seen from this definition of protection objectives,

information security is quite capacious and a multifaceted problem that covers not only determining the need to protect information, but also how to protect it, what to protect from, when to protect, what to protect and what this protection should be.

The author is fully aware and aware of the complexity of the problem of information protection in general, and with the help of technical means in particular. Nevertheless, he sets out his view on this problem in this book, believing that this does not cover all aspects complex problem, but only certain parts of it.

* * *

The coming 21st century will be the century of triumph of the theory and practice of information - the information age.

Chapter 1 CONCEPT OF INFORMATION SECURITY [^]

What we store is what we have

"INFORMATION SECURITY -

this is the state of security of the information environment of society, ensuring its formation, use and development in the interests of citizens, organizations, states.”

(Law of the Russian Federation “On participation in international information exchange”)

Postulates

1. Information is a universal property of matter.

2. Any interaction in nature and society is based on information.

3. Every process of performing work is a process of information interaction.

4. Product information about reflections of reality.

5. Reality is reflected in space and time.

6. Nothing comes from nothing.

7. Information retains its meaning unchanged as long as the information carrier - MEMORY - remains unchanged.

8. Nothing just disappears.

The concept of “information” is used very widely today

And versatile. It is difficult to find an area of ​​knowledge where it is not used. Huge information flows literally

I overwhelm people. The volume of scientific knowledge, for example, according to experts, doubles every five years. This situation leads to the conclusion that the 21st century will be the century of the triumph of the theory and practice of INFORMATION - the information age.

It is legitimate to ask the question: what is information? The literature gives the following definition: information - information about persons, objects, facts, events, phenomena and processes, regardless of the form of their presentation. It is known that information can take various forms, including data embedded in

computers, blueprints, tracing papers, letters or memos, dossiers, formulas, drawings, diagrams, product models and prototypes, dissertations, court documents and more.

Like any product, information has consumers who need it, and therefore has certain consumer qualities, and also has its owners or producers.

From the consumer's point of view, the quality of the information used makes it possible to obtain additional economic or moral benefits.

From the owner's point of view, keeping it secret is commercial important information allows you to successfully compete in the market for the production and sale of goods and services. This naturally requires certain actions aimed at protecting confidential information.

Understanding security as the state of protection of the vital interests of an individual, enterprise, state from internal and external threats, security components can also be distinguished - such as personnel, material and financial resources and information.

1.1. Basic conceptual provisions of the information security system [^]

An analysis of the state of affairs in the field of information security shows that a fully formed concept and structure of protection has already emerged, the basis of which is the following:

 a very developed arsenal of technical means of protecting information, produced on an industrial basis;

 a significant number of firms specializing in solving information security issues;

 a fairly clearly defined system of views on this problem;

 having significant practical experience, etc.

And yet, as evidenced by the domestic and foreign press, malicious actions against information not only do not decrease, but also have a fairly steady upward trend.

Experience shows that to combat this trend, a coherent and purposeful organization of the process of protecting information resources is necessary. Moreover, this should

professional specialists, administration, employees and users actively participate, which determines the increased significance organizational side question.

Experience also shows that:

 ensuring the security of information cannot be

a one-time act. This is a continuous process consisting of justification and implementation of the most rational methods, methods and ways of improving and developing the protection system, continuous monitoring of its condition, identifying its narrow and weak points and illegal actions;

 information security can only be ensured

with the integrated use of the entire arsenal of available means of protection in all structural elements production system and at all stages of the technological cycle of information processing. The greatest effect is achieved when all the means, methods and measures used are combined into a single holistic mechanism - an information security system (IPS). At the same time, the functioning of the system must be monitored, updated and supplemented depending on changes in external and internal conditions;

 no information security system can provide the required level of information security without proper preparation

users and their compliance with all established rules aimed at protecting it (Fig.

The YURAYT book publishing house offers large percentage selection of educational literature on the discipline “Information Security”, as well as related disciplines. Indeed, in today’s century, due to the high growth in the volume and exchange of information, the use of methods and means of protecting transmitted data becomes important.

What is information security as a textbook?

Information protection is a discipline that allows you to comprehend its integrity, openness and secrecy.

The subject of the teaching was introduced to implement necessary measures for its protection in various organizations. They, in turn, use the following methods:

• software;
• hardware;
• cryptographic.

Organizations also organize events to ensure the required level of material protection.

The purpose and objectives of the subject fundamentals of information security: textbook

After learning, students develop a knowledge system regarding information support, as well as the use of its methods and means in practice.

The tasks are formations:

• skills to ensure the protection of information and its objects;
• skills to collect documents for government agencies in the information and communication field;
• skills in performing work in the field of technical regulation, licensing of technical means, materials, systems, processes and equipment;
• skills in supplying intellectual property and research findings;
• setting up and maintaining programs and devices.

Subject specifics: basics of information security: textbook

Characteristic of the discipline being studied is that students are shown the opportunities that give modern means and methods for ensuring information security, and is not the purpose of studying technical details sales of special tools.

This section of science also provides classes in laboratory conditions, that is, completing assignments based on methodological literature. Each student is provided personal computer, which comes with a package certain programs. In conclusion, students acquire:

• familiarization with the means information security;
• experience in research work;
• teaching the sources of designing information security techniques.

Result of the subject fundamentals of information security: textbook

As a result, the subjects of study consist of:

• knowledge;
• skills;
• holdings of activity;
• activity experiences.

The last two points, by and large, relate to the extent to which you create empowerment and enable success.

And most importantly, we do not stop developing; each section of the website catalog is updated with new publications over time, which can be downloaded for free and without registration in our mobile application Yurayt.Library. And then you can read online at any convenient time.

Well, if you want to place an order for printed edition so that you can keep modern educational literature, then feel free to click on the “buy” button. Moreover, the price will definitely not disappoint you.

The basic provisions, concepts and definitions of ensuring information security of the activities of society, its various structural formations, organizational, legal, technical, methodological, software and hardware support are presented. Special attention focuses on the problems of methodological support for the activities of both society and specific firms and systems (OS, DBMS, computer networks) operating in organizations and firms. Cryptographic methods and software and hardware tools for ensuring information security, protecting information processing processes from viral infection, destroying program actions and changes.
For students of higher education institutions.

Basic provisions of informatization of society and ensuring the safety of its activities.
The current stage of development of society is characterized by the increasing role information interactions, which are a set of information infrastructures and entities that collect, generate, distribute and use information. The information sphere, being a system-forming factor in the life of society, actively influences the state of political, economic, defense and other components of the security of the Russian Federation.

Mass computerization, implementation and development of the latest information technologies led to breakthroughs in the fields of education, business, industrial production, scientific research and social life.
Information has become a global inexhaustible resource for humanity, which has entered a new era of civilization development - an era of intensive development of this information resource.

The idea that information can be considered as something independent arose along with a new science - cybernetics, which proved that information is directly related to the processes of management and development that ensure the stability and survival of any systems.

TABLE OF CONTENTS
Preface 3
List of abbreviations 7
Chapter 1. Information security of the company’s activities and its main provisions
1.1. Information geopolitical and economic processes of modern society
1.1.1. Basic provisions of informatization of society and ensuring the safety of its activities 10
1.1.2. Components of the national interests of the Russian Federation in information sphere 18
1.1.3. Basic properties and characteristics of information support for the security of the functioning of information management systems of enterprises and firms...20
1.2. Comprehensive information security support for the state and organizational structures 29
1.2.1. Basic provisions of the state policy for ensuring information security of the Russian Federation 29
1.2.2. The information security system of the Russian Federation, its main functions and organizational foundations 33
1.2.3. General methods for ensuring information security of the Russian Federation 34
1.2.4. Features of providing information security of the Russian Federation in various spheres of society 35
1.3. Organizational, physical and technical, information and software and mathematical threats 43
1.3.1. Complex and global threats Information Security of Humanity and Societies 43
1.3.2. Sources of threats to information security of the Russian Federation 46
Chapter 2. Organizational and legal support for information security 52
2.1. Legal regulation information flows V various types activities of the company 52
2.2. International and domestic legal and regulatory acts for ensuring information security of information processing processes 57
2.2.1. International legal and regulatory acts for information security 58
2.2.2. Domestic organizational, legal and regulatory support and regulation in the field of information security 61
2.3. Organizational regulation of the protection of information processing processes 63
2.3.1. Categorization of objects and protection of information property 64
2.3.2. Responsibility for violation of legislation in the information sphere 71
Chapter 3. Methodological foundations for ensuring information security of the life of society and its structures 75
3.1. Modern approaches to providing solutions to information security problems in society 75
3.2. Methodology of information warfare 81
3.2.1. Goals, objectives, signs and content of geopolitical information confrontation 81
3.2.2. Information and manipulative technologies 85
3.2.3. Technologies of information warfare on the Internet and their analysis 96
3.3. Areas and objects of protection information activities at enterprises and organizations 100
3.3.1. Areas and areas of information security support for enterprises and organizations 100
3.3.2. Industrial and social objects for protecting information activities and ensuring information security 102
3.4. Technologies for ensuring security of information processing in the management of information objects 107
3.4.1. Modern approaches to technologies and methods for providing information security in enterprises 107
3.4.2. Technologies for preventing information security threats to enterprise activities 117
3.4.3. Methods and means of parrying threats 143
3.4.4. Methods and means of neutralizing threats 149
Chapter 4. Methodological and technical support of information security for the functioning of enterprises
4.1. Methodological basis technical support protection of information processing processes and control of its effectiveness 158
4.1.1. Intrusion warning systems 158
4.1.2. Violator identification systems 163
4.1.3. Mechanical protection of an object 166
4.1.4. Automation of technical control of information flow protection 169
4.2. Integrated and systematic approaches to ensuring information security of objects, technical means and individuals 176
4.2.1. Methodology and content of information security support with integrated and systematic approaches
4.2.2. Systematic implementation of protection of information processing processes on individual objects management information systems 180
4.3. General issues organizing counteraction to information and technical aggression. Protection of technical equipment and enterprise facilities from information leakage and unauthorized access 189
4.4. Efficiency of protection of information processing processes and methodology for its calculation 194
Chapter 5. Hardware and software for ensuring information security for the functioning of organizations 202
5.1. Methods and means of restricting access to computer components. Software and hardware protection for PC 202
5.1.1. Methods and means of restricting access to computer components 202
5.1.2. Software and hardware protection for PC 211
5.2. Methods and means of organizing the storage and processing of information in KS 220
5.3. Protection software from studying, virus infection, destructive program actions and changes 223
5.3.1. Basic classification characteristics of computer viruses 223
5.3.2. Some computer viruses 227
5.3.3. Methods and technologies to combat computer viruses 231
5.3.4. Conditions safe work KS and virus infection detection technology 235
5.3.5. Integrity control and system issues of program and data protection 238
5.4. Software and hardware for information security in standard OS, DBMS and computer networks 244
5.4.1. Basic provisions of software, hardware and organizational support for information security in operating systems 244
5.4.2. Protection of information processing processes in DBMS 245
5.4.3. Providing information security in DOS and WINDOWS 248
5.4.4. Providing information security in Linux and UNIX OS 256
5.4.5. Software and hardware for information security in computer networks 277
5.4.6. Methods and means of protecting information processing processes in the local and external segments of CS 286
5.4.7. Protection of information processing processes on the Internet and Intranet 298
References 327.

- Textbook for universities - Belov E.B., Los V.P., Meshcheryakov R.V., Shelupanov A.A. - 2006

Issues of theory and practice of providing information security of the individual, society and state. Much attention is paid to the problem security automated systems , including issues of determining the model of the intruder and requirements for information protection. Analyzed modern methods and information security tools and architecture of information security systems. The appendices provide reference material on a number of regulatory legal documents and an option work program in the discipline “Fundamentals of Information Security”.

For university students, studying in specialties in the field information security, may be useful for a wide range of readers interested in information security issues.

Fundamentals of information security. Textbook for universities / E. B. Belov, V. P. Los, R. V. Meshcheryakov, A. A. Shelupanov. -M.: Hotline- Telecom, 2006. - 544 p.: ill.
ISBN 5-93517-292-5
BBK 32.97
UDC 681.3
0-75

Preface
Introduction

Part 1. FUNDAMENTALS OF STATE INFORMATION POLICY AND INFORMATION SECURITY OF THE RUSSIAN FEDERATION
1. Concept national security
1.1. Interests and threats in the field of national security
1.2. The influence of the processes of informatization of society on the components of national security and their content
2. Information security in the national security system of the Russian Federation
2.1. Basic concepts, general methodological principles of information security
2.2. National interests in the information sphere
2.3. Sources and content of threats in the information sphere
3. State information policy
3.1. Basic provisions of the state information policy Russian Federation
3.2. Priority measures for the implementation of the state policy of ensuring information security
4. Information is the most valuable resource of modern society
4.1. The concept of “information resource”
4.2. Information resource classes
5. Problems of information warfare
5.1. Information weapons and their classification
5.2. Information war
6. Problems of information security in the field of state and municipal government
6.1. Information processes in the field of state and municipal government
6.2. Types of information and information resources in the field of GMU
6.3. State and prospects of informatization of the sphere of State Medical University
7. System of training in the field of information security in the Russian Federation
7.1. Structure of the training system in the field of information security
7.2. The composition of the educational and methodological support of the system and its control subsystem
7.3. Main directions of educational activities
Literature

Part 2. INFORMATION SECURITY OF AUTOMATED SYSTEMS
1. Modern formulation of the information security problem
2. Organizational and legal support, information security
2.1. Information as an object of legal protection. Basic principles of information classification
2.2. State system legal support information protection in the Russian Federation
3. Information systems
3.1. General provisions
3.2. Information as a product
3.3. Information Services
3.4. Sources of confidential information in information systems
3.5. What leads to the unlawful acquisition of confidential information in information systems
3.6. Types of technical means of information systems
4. Information threats
4.1. Classes of channels for unauthorized receipt of information
4.2. Reasons for violation of information integrity
4.3. Types of threats to information systems
4.4. Types of losses
4.5. Information infections
4.6. Losses associated with information exchange
4.7. Information systems intruder model
5. Methods and models for assessing information vulnerability
5.1. Empirical approach to assessing information vulnerability
5.2. Full overlap system
5.3. Practical implementation of the “threat - protection” model
6. Recommendations for the use of information vulnerability assessment models
7. Methods for determining information security requirements
8. Analysis of existing methods for determining information security requirements
8.1. Information system security requirements in the USA
8.2. Security requirements for information systems in Russia
8.3. Fund security classes computer technology from unauthorized access
8.4. Assessing the State of IP Security in France
8.5. Factors influencing the required level of information security
8.6. Criteria for assessing information technology security
9. Functions and tasks of information security
9.1. General provisions
9.2. Methods for generating protection functions
9.3. Classes of information security tasks
9.4. Protection functions
9.5. States and functions of the information security system
10. Information security strategies
11. Methods and means of protecting information
12. Cryptographic methods information protection
12.1. Requirements for cryptosystems
12.2. Basic encryption algorithms
12.3. Digital signatures
12.4. Cryptographic hash functions
12.5. Cryptographic random number generators
12.6. The degree of protection provided by the cipher
12.7. Cryptanalysis and attacks on cryptosystems
13. Architecture of information security systems
13.1. Requirements for information security architecture
13.2. Construction of information protection system
13.3. Core of the information security system
13.4. Information security system resources
13.5. Organizational building
Literature

Annex 1. WORK PROGRAM FOR THE DISCIPLINE “FUNDAMENTALS OF INFORMATION SECURITY”
I. Goals and objectives of the discipline, its place in educational process. Goals of teaching the discipline
Objectives of studying the discipline
General instructions for performing practical exercises
List of disciplines, the mastery of which is necessary to study this course
II. Contents of the discipline
1. Theoretical classes (18 hours)
2. Practical lessons(18 hours)
3. Independent work(28 hours)
III. Educational and methodological materials on the discipline
Main literature
additional literature
Legislation

Appendix 2. INDIVIDUAL TASKS.
First task
Second task
Appendix 3. QUESTIONS FOR THE EXAM
Appendix 4. DOCTRINE OF INFORMATION SECURITY OF THE RUSSIAN FEDERATION.
I. Information security of the Russian Federation
1. National interests of the Russian Federation in the information sphere and their provision
2. Types of threats to information security of the Russian Federation
3. Sources of threats to information security of the Russian Federation
4. The state of information security of the Russian Federation and the main tasks to ensure it
II. Methods for ensuring information security of the Russian Federation
5. General methods of ensuring information security of the Russian Federation
6. Features of ensuring information security of the Russian Federation in various spheres of public life
7. International cooperation of the Russian Federation in the field of information security
III. Basic provisions of the state policy of ensuring information security of the Russian Federation and priority measures for its implementation
8. Basic provisions of the state policy of ensuring information security of the Russian Federation
9. Priority measures for the implementation of the state policy of ensuring information security of the Russian Federation
IV. Organizational basis of the information security system of the Russian Federation
10. Main functions of the information security system of the Russian Federation
11. Basic elements organizational basis information security systems of the Russian Federation

Appendix 5. FEDERAL LAW OF THE RUSSIAN FEDERATION “ON INFORMATION, INFORMATION AND INFORMATION PROTECTION”
Chapter 1. General provisions
Article 1. Scope of this Federal Law
Article 2. Terms used in this Federal Law, their definitions.
Article 3. Responsibilities of the state in the field of formation of information resources and informatization
Chapter 2. Information resources
Article 4. Fundamentals of the legal regime of information resources
Article 5. Documentation of information
Article 6. Information resources as an element of property and an object of property rights
Article 7. State information resources
Article 8. Mandatory submission of documented information for the formation of state information resources.
Article 9. Attribution of information resources to the all-Russian national heritage
Article 10. Information resources by access categories
Article 11. Information about citizens (personal data)
Chapter 3. Use of information resources
Article 12. Implementation of the right to access information from information resources
Article 13. Guarantees for the provision of information
Article 14. Access of citizens and organizations to information about them
Article 15. Duties and responsibilities of the owner of information resources
Chapter 4. Informatization. Information systems, technologies and means of supporting them
Article 16. Development and production of information systems, technologies and means of supporting them
Article 17. Ownership of information systems, technologies and means of supporting them.
Article 18. Right of authorship and ownership of information systems, technologies and means of supporting them
Article 19. Certification of information systems, technologies, means of supporting them and licensing of activities for the formation and use of information resources
Chapter 5. Protection of information and rights of subjects in the field of information processes and informatization
Article 20. Objectives of protection
Article 21. Information protection
Article 22. Rights and obligations of subjects in the field of information protection
Article 23. Protection of the rights of subjects in the field of information processes and informatization
Article 24. Protection of the right to access information
Article 25. Entry into force of this Federal Law

Appendix 6. FEDERAL LAW OF THE RUSSIAN FEDERATION “ON ELECTRONIC DIGITAL SIGNATURES”
Chapter 1. General provisions
Article 1. Purpose and scope of application of this Federal Law
Article 2. Legal regulation of relations in the field of use of electronic digital signature

Chapter 2. Terms of use of electronic digital signature
Article 4. Conditions for recognizing the equivalence of an electronic digital signature and a handwritten signature
Article 5. Use of electronic digital signatures
Article 6. Signature Key Certificate
Article 7. Duration and procedure for storing the signature key certificate in the certification center
Chapter 3. Certification authorities
Article 8. Status of the certification center
Article 9. Activities of the certification center
Article 10. Relations between the certification center and the authorized federal executive body
Article 11. Obligations of the certification center in relation to the owner of the signature key certificate
Article 12. Obligations of the owner of the signature key certificate
Article 13. Suspension of the signature key certificate
Article 14. Cancellation of a signature key certificate
Article 15. Termination of activities of a certification center
Chapter 4. Features of using an electronic digital signature
Article 16. Use of electronic digital signature in the field of public administration
Article 17. Use of electronic digital signature in the corporate information system
Article 18. Recognition of a foreign signature key certificate
Article 19. Cases of replacement of seals
Chapter 5. Final and transitional provisions
Article 20. Bringing regulatory legal acts into compliance with this Federal Law
Article 21. Transitional provisions

Appendix 7. FEDERAL LAW “ON TECHNICAL REGULATION”
Chapter 1. General provisions

Article 2. Basic concepts
Article 3. Principles of technical regulation
Article 4. Legislation of the Russian Federation on technical regulation
Article 5. Features of technical regulation in relation to defense products (works, services) and products (works, services), information about which constitutes a state secret
Chapter 2. Technical regulations
Article 6. Purposes of adoption of technical regulations
Article 7. Contents and application of technical regulations
Article 8. Types of technical regulations
Article 9. Procedure for development, adoption, amendment and cancellation of technical regulations
Article 10. Special procedure for the development and adoption of technical regulations
Chapter 3. Standardization
Article 11. Goals of standardization
Article 12. Principles of standardization
Article 13. Documents in the field of standardization
Article 14. National body of the Russian Federation for standardization, technical committees for standardization
Article 15. National standards, all-Russian classifiers of technical, economic and social information
Article 16. Rules for the development and approval of national standards
Article 17. Standards of organizations
Chapter 4. Confirmation of conformity
Article 18. Purposes of conformity assessment
Article 19. Principles of conformity assessment
Article 20. Forms of confirmation of conformity
Article 21. Voluntary confirmation of compliance
Article 22. Marks of conformity
Article 23. Mandatory confirmation of compliance
Article 24. Declaration of conformity
Article 25. Mandatory certification
Article 26. Organization of mandatory certification
Article 27. Sign of circulation on the market
Article 28. Rights and obligations of the applicant in the field of mandatory confirmation of compliance
Article 29. Conditions for the import into the territory of the Russian Federation of products subject to mandatory confirmation of conformity
Article 30. Recognition of results of conformity assessment
Chapter 5. Accreditation of certification bodies and testing laboratories (centers)
Article 31. Accreditation of certification bodies and testing laboratories (centers)
Chapter 6. State control (supervision) over compliance with the requirements of technical regulations
Article 32. State control (supervision) bodies over compliance with the requirements of technical regulations
Article 33. Objects of state control (supervision) over compliance with the requirements of technical regulations
Article 34. Powers of state control (supervision) bodies.
Article 35. Responsibility of state control (supervision) bodies and their officials when exercising state control (supervision) over compliance with the requirements of technical regulations.
Chapter 7. Information on violation of technical regulations and product recall
Article 36. Liability for non-compliance of products, production processes, operation, storage, transportation, sale and disposal with the requirements of technical regulations
Article 37. Information on non-compliance of products with the requirements of technical regulations
Article 38. Responsibilities of the manufacturer (seller, person performing the functions of a foreign manufacturer) in the event of receiving information about the non-compliance of products with the requirements of technical regulations
Article 39. Rights of state control (supervision) bodies in the event of receiving information about product non-compliance with the requirements of technical regulations.
Article 40. Forced recall of products
Article 41. Liability for violation of the rules for performing certification work
Article 42. Responsibility of an accredited testing laboratory (center)
Chapter 8. Information about technical regulations and standardization documents
Article 43. Information about standardization documents
Article 44. Federal information fund of technical regulations and standards
Chapter 9. Financing in the field of technical regulation
Article 45. Procedure for financing expenses in the field of technical regulation from the federal budget
Chapter 10. Final and transitional provisions
Article 46. Transitional provisions
Article 47. Bringing regulatory legal acts into compliance with this Federal Law
Article 48. Entry into force of this Federal Law

Appendix 8. FEDERAL LAW “ON LICENSING CERTAIN TYPES OF ACTIVITY”
Article 1. Scope of application of this Federal Law
Article 2. Basic concepts
Article 3. Basic principles of licensing
Article 4. Criteria for determining licensed types of activities
Article 5. Determination of the powers of the Government of the Russian Federation in the implementation of licensing
Article 6. Powers of licensing authorities
Article 7. Validity of the license
Article 8. Validity period of the license
Article 9. Making a decision to grant a license
Article 10. Contents of the document confirming the presence of a license and the decision to grant a license
Article 11. Re-issuance of a document confirming the presence of a license
Article 12. Exercise of control
Article 13. Suspension of a license and revocation of a license
Article 14 Maintenance of license registers
Article 15. License fees
Article 16. Financing of licensing
Article 17. List of activities for which licenses are required
Article 18. Transitional provisions
Article 19. Recognition of certain legislative acts as invalid in connection with the adoption of this Federal Law
Article 20. Entry into force of this Federal Law

Appendix 9. FEDERAL LAW “ON TRADE SECRETS”
Article 1. Goals and scope of this Federal Law
Article 2. Legislation of the Russian Federation on trade secrets
Article 3. Basic concepts used in this Federal Law
Article 4. The right to classify information as information constituting a commercial secret, and methods of obtaining such information
Article 5, Information that cannot constitute a commercial secret
Article 6. Provision of information constituting a commercial secret
Article 7. Rights of the owner of information constituting a commercial secret
Article 8. Owner of information constituting a trade secret received within the framework of labor relations
Article 9. The procedure for establishing a trade secret regime when performing government contract for government needs
Article 10. Protection of confidentiality of information
Article 11. Protection of confidentiality of information within the framework of labor relations
Article 12, Protection of confidentiality of information within the framework of civil law relations
Article 13. Protection of confidentiality of information when provided
Article 14. Liability for violation of this Federal Law
Article 15. Responsibility for failure to provide state authorities, other state bodies, and local government bodies with information constituting a trade secret
Article 16. Transitional provisions

Appendix 10. GLOSSARY
Appendix 11. INFORMATION PROTECTION TERMS.