Information security threats to information security. Types and features of threats to the security of information resources
In the modern world, information is becoming a strategic resource, one of the main assets of an economically developed state. The rapid improvement of informatization in Russia, its penetration into all spheres of vital interests of the individual, society and state, has caused, in addition to undoubted advantages, the emergence of a number of significant problems.
One of them was the need information protection.
Considering that currently the economic potential is increasingly determined by the level of development of the information structure, the potential vulnerability of the economy from information influences is growing proportionally.
As electronic payment technologies, “paperless” document flow and others develop, a serious failure of local networks can simply paralyze the work of entire corporations and banks, which leads to significant material losses. It is no coincidence that data protection in computer networks is becoming one of the most pressing problems today.
Under threat to information security refers to events or actions that can lead to distortion, unauthorized use or even destruction of the information resources of the managed system, as well as software and hardware.
Information threats may be due to:
Natural factors (natural disasters - fire, flood, hurricane, lightning and other causes);
Human factors.
The latter, in turn, are divided into:
1) Threats that are random or unintentional. These are threats associated with errors in the process of preparing, processing and transmitting information (scientific, technical, commercial, monetary and financial documentation); with untargeted “brain drain”, knowledge, information (for example, in connection with population migration, travel to other countries, to reunite with family, etc.). These are threats associated with errors in the design, development and manufacturing process of systems and their components (buildings, structures, premises, computers, communications, operating systems, application programs, etc.), with errors in the operation of equipment due to poor quality manufacturing; with errors in the process of preparing and processing information (errors of programmers and users due to insufficient qualifications and poor quality service, operator errors in the preparation, input and output of data, correction and processing of information).
2) Threats caused by deliberate, deliberate actions of people. These are threats associated with the transfer, distortion and destruction of scientific discoveries, inventions of production secrets, new technologies for selfish and other antisocial reasons (documentation, drawings, descriptions of discoveries and inventions and other materials); eavesdropping and transmission of official and other scientific, technical and commercial conversations; with a targeted “brain drain”, knowledge and information (for example, in connection with obtaining another citizenship for selfish reasons). These are threats associated with unauthorized access to AIS resources (making technical changes to VT and communication means, connecting to VT means and communication channels, theft of storage media: disks, descriptions, printouts, etc.).
Deliberate threats pursue the goal of causing damage to AIS users and, in turn, are divided into active and passive.
Passive threats, as a rule, are aimed at the unauthorized use of information resources without affecting their functioning. A passive threat is, for example, an attempt to obtain information circulating in communication channels by listening to them.
Active threats have the goal of disrupting the normal functioning of the system through targeted impact on hardware, software and information resources. Active threats include, for example, destruction or electronic jamming of communication lines, disablement of a PC or its operating system, distortion of information in databases or system information, etc. Sources of active threats can be direct actions of attackers, software viruses, etc.
Intentional threats are divided into internal, occurring within the managed organization, and external.
Insider threats are most often determined by social tension and a difficult moral climate in the company’s team.
External threats may be determined by malicious actions of competitors, economic conditions and other reasons (for example, natural disasters). According to foreign sources, it has become widespread industrial espionage– is the illegal collection, appropriation and transfer of information constituting a trade secret by a person not authorized by its owner that is harmful to the owner of a trade secret.
TO major security threats include:
· disclosure of confidential information;
· compromise of information;
· unauthorized use of information resources;
· erroneous use of resources; unauthorized exchange of information;
· refusal of information;
· refusal of service.
The implementation of these threats is a consequence of one of the following actions and events (Figure 1):
Disclosure of confidential information,
Leaks of confidential information and
Unauthorized access to protected information.
Figure 1. Actions and events that violate information security
Methods of impact of threats information objects are divided into:
– informational;
– software and mathematics;
– physical;
– radio-electronic;
– organizational and legal.
TO information methods relate:
– violation of the targeting and timeliness of information exchange, illegal collection and use of information;
– unauthorized access to information resources;
– manipulation of information (disinformation, hiding or compressing information);
– violation of information processing technology.
Program-mathematical methods include:
– introduction of computer viruses;
– installation of software and hardware embedded devices;
– destruction or modification of data in the AIS.
Physical methods include:
– destruction or destruction of information processing and communication facilities;
– destruction, destruction or theft of computer or other storage media;
– theft of software or hardware keys and means of cryptographic information protection;
– impact on personnel;
By radio-electronic means are:
– interception of information in technical channels of its possible leakage;
– introduction of electronic information interception devices into technical means and premises;
– interception, decryption and imposition of false information in data networks and communication lines;
– impact on password-key systems;
– radio-electronic suppression of communication lines and control systems.
Organizational and legal methods include:
– failure to comply with legal requirements regarding the delay in adopting the necessary regulatory provisions in the information sphere;
– unlawful restriction of access to documents containing information important to citizens and organizations.
The essence of such threats comes down, as a rule, to causing some kind of damage to the enterprise.
Manifestations of possible damage can be very different:
· moral and material damage to the business reputation of the organization;
· moral, physical or material damage associated with the disclosure of personal data of individuals;
· material (financial) damage from disclosure of protected (confidential) information;
· material (financial) damage from the need to restore damaged protected information resources;
· material damage (losses) from the inability to fulfill obligations undertaken to a third party;
· moral and material damage from disorganization in the work of the entire enterprise.
The wide range of threats and the consequences of their impact discussed above shows the complexity of solving the problem of ensuring information security and necessitates a scientific approach to building an information security system for an automated information system of an economic entity.
Annotation: The concept of threat and classification of threats according to various criteria. The second part of the lecture discusses quantitative and qualitative approaches to risk assessment, their advantages and disadvantages.
Let's consider other criteria for classifying threats:
Availability threats can be classified as artificial, e.g. equipment damage due to thunderstorms or short circuits, as well as natural threats. Currently, network attacks on the availability of information - DDOS attacks - are widespread, which we will consider in more detail during this course.
Recently, the specialized literature increasingly talks about dynamic and static integrity. To the threats static integrity includes illegal modification of information, falsification of information, as well as denial of authorship. Threats dynamic integrity is a violation transaction atomicity, introduction of illegal packages into the information flow, etc.
It is also important to note that it is not only data that is potentially vulnerable to
Information security concept
The creation of a universal information space and the almost universal use of personal computers and the introduction of computer systems have given rise to the need to solve the complex problem of information security.
The protection of information in a computer system means the regular use of means and methods, the adoption of measures and the implementation of activities in order to systematically ensure the required reliability of information stored and processed using computer systems. The object of protection is information, or a medium, or an information process in respect of which it is necessary to ensure protection in accordance with the stated purpose of protecting information. Protection of computer information includes measures to prevent and monitor unauthorized access (UNA) by unauthorized persons, misuse, damage, destruction, distortion, copying, blocking of information in forms and media related specifically to computer facilities and technologies for storage, processing, transmission and access. To ensure the security of information in a computer system, protection is required: information arrays presented on various computer media; technical means of data processing and transmission; software tools that implement appropriate methods, algorithms and information processing technology; users. information resource war weapons
Information security refers to the security of information from illegal access, transformation and destruction, as well as the security of information resources from influences aimed at disrupting their performance. Information security is achieved by ensuring the confidentiality, integrity and reliability of the processed data, as well as the availability and integrity of the information components and resources of the CS.
Confidentiality is a property that indicates the need to introduce restrictions on access to this information for a certain circle of persons. In other words, it is a guarantee that during the transfer process the data can only be known to legitimate users.
Integrity is the property of information to retain its structure and/or content during transmission and storage in an undistorted form in relation to some fixed state. Information can only be created, modified or destroyed by an authorized person (a legal, authorized user).
Reliability is a property of information, expressed in strict belonging to the subject who is its source, or to the subject from whom this information was received.
Availability is a property of information that characterizes the ability to provide timely and unhindered user access to the necessary information.
Information security is achieved by management of an appropriate level of information security policy. The main document on the basis of which the information security policy is carried out is the information security program. This document is developed as an official guidance document by the highest government bodies of the state, department, or organization. The document provides the goals of the information security policy and the main directions for solving information security problems in the CC. Information security programs also contain general requirements and principles for constructing information security systems in the CS.
When considering problems related to security, the concept of “unauthorized access” is used - this is unauthorized access to information resources for the purpose of using them (reading, modifying), as well as damaging or destroying them. This concept is also associated with the spread of various types of computer viruses.
In turn, “authorized access” is access to objects, programs and data of users who have the right to perform certain actions (reading, copying, etc.), as well as the powers and rights of users to use resources and services determined by the computer system administrator.
Protected information is considered to be information that has not undergone illegal changes in the process of transmission, storage and preservation, and has not changed such properties as the reliability, completeness and integrity of data.
The terms “information protection” and “information security” mean a set of methods, means and measures aimed at eliminating distortion, destruction and unauthorized use of accumulated, processed and stored data.
Information security threats
Concept and classification of information security threats
In order to ensure effective information protection, it is necessary first to consider and analyze all factors that pose a threat to information security.
A threat to information security of a computer system is usually understood as a potential event, action, process or phenomenon that could have an undesirable impact on the system and the information that is stored and processed in it. Such threats, affecting information through CS components, can lead to destruction, distortion, copying, unauthorized distribution of information, and restricting or blocking access to it. Currently, a fairly extensive list of threats is known, which are classified according to several criteria.
According to the nature of occurrence, they are distinguished:
- -- natural threats caused by impacts on the CS of objective physical processes or natural phenomena;
- -- man-made security threats caused by human activity.
Depending on the degree of intentionality of the manifestation, a distinction is made between accidental and deliberate security threats.
According to the direct source of threats. Sources of threats can be:
- -- natural environment, such as natural disasters;
- -- person, for example, disclosure of confidential data;
- -- authorized software and hardware, for example, failure of the operating system;
- -- unauthorized software and hardware, for example, infection of a computer with viruses.
According to the position of the threat source. The source of threats can be located:
- -- outside the controlled area of the CS, for example, interception of data transmitted via communication channels;
- -- within the controlled area of the CS, for example, theft of printouts and storage media;
- -- directly to the CS, for example, incorrect use of resources.
According to the degree of impact on the CS, they are distinguished:
- -- passive threats that, when implemented, do not change anything in the structure and content of the CS (the threat of data copying);
- -- active threats that, when exposed, make changes to the structure and content of the computer system (introduction of hardware and software special investments).
By stages of user or program access to CS resources:
- -- threats that may appear at the stage of access to CS resources;
- -- threats that appear after access is granted (unauthorized use of resources).
According to the current location of information in the CS:
- -- threat of access to information on external storage devices (storage devices), for example, copying data from a hard drive;
- -- threat of access to information in RAM (unauthorized access to memory);
- -- threat of access to information circulating in communication lines (through illegal connection).
By method of accessing CS resources:
- -- threats that use a direct standard path to access resources using illegally obtained passwords or through unauthorized use of legitimate users' terminals;
- -- threats that use a hidden, non-standard path to access CS resources, bypassing existing security measures.
According to the degree of dependence on the activity of the CS, they are distinguished:
- -- threats that appear regardless of the activity of the CS (theft of information carriers);
- -- threats that appear only during data processing (spread of viruses).
Types of security threats
The entire set of potential threats to information security in a computer system can be divided into 2 main classes.
Threats that are not associated with the intentional actions of attackers and occur at random times are called accidental or unintentional. The mechanism for implementing random threats is generally quite well studied, and considerable experience has been accumulated in countering these threats.
Natural disasters and accidents are fraught with the most devastating consequences for computer systems, since the latter are subject to physical destruction, information is lost or access to it becomes impossible.
Failures and failures of complex systems are inevitable. As a result of failures and malfunctions, the performance of technical equipment is disrupted, data and programs are destroyed and distorted, and the operating algorithm of devices is disrupted.
Threats to information security in the CS
Errors in the development of computer systems, algorithmic and software errors lead to consequences similar to the consequences of failures and failures of technical means. In addition, such errors can be used by attackers to influence CS resources.
As a result of user and service personnel errors, security breaches occur in 65% of cases. Incompetent, careless or inattentive performance of functional duties by employees leads to the destruction, violation of the integrity and confidentiality of information.
Intentional threats involve targeted actions by the perpetrator. This class of threats has not been sufficiently studied, is very dynamic and is constantly updated with new threats.
Methods and means of espionage and sabotage are most often used to obtain information about the security system in order to penetrate the security system, as well as to steal and destroy information resources. Such methods include eavesdropping, visual surveillance, theft of documents and computer storage media, theft of programs and security system attributes, collection and analysis of computer storage media waste, and arson.
Unauthorized access to information (UAI) usually occurs using standard CS hardware and software, as a result of which the established rules for restricting access of users or processes to information resources are violated. Access control rules are understood as a set of provisions regulating the access rights of persons or processes to units of information. The most common violations are:
Password interception is carried out by specially designed
programs;
- -- “masquerade” - performance of any actions by one user on behalf of another;
- -- illegal use of privileges - seizure of privileges of legitimate users by an intruder.
The process of processing and transmitting information by technical means of a computer system is accompanied by electromagnetic radiation into the surrounding space and the induction of electrical signals in communication lines. They are called spurious electromagnetic radiation and interference (PEMIN). With the help of special equipment, signals are received, isolated, amplified and can either be viewed or recorded in storage devices (memory devices). Electromagnetic radiation is used by attackers not only to obtain information, but also to destroy it.
A major threat to the security of information in a computer system is posed by unauthorized modification of the algorithmic, software and technical structures of the system, which is called “bookmarking”. As a rule, “bookmarks” are embedded in specialized systems and are used either for direct harmful effects on the computer system, or to provide uncontrolled entry into the system.
One of the main sources of security threats is the use of special programs, collectively called “malware.” Such programs include:
- -- “computer viruses” - small programs that, after being introduced into a computer, spread independently by creating copies of themselves, and if certain conditions are met, have a negative impact on the computer system;
- -- “worms” are programs that are executed every time the system boots, with the ability to move into a computer system or network and self-reproduce copies. An avalanche-like proliferation of programs leads to overload of communication channels, memory, and then to blocking of the system;
- -- “Trojan horses” - programs that look like a useful application, but in fact perform harmful functions (destruction of software, copying and sending files with confidential information to an attacker, etc.).
Percentages
In addition to the security threats mentioned above, there is also the threat of information leakage, which is becoming an increasingly significant security issue every year. To effectively deal with leaks, you need to know how they occur.
Four main types of leaks account for the vast majority (84%) of incidents, with half of this share (40%) accounting for the most popular threat - media theft. 15% is inside information. This category includes incidents caused by the actions of employees who had legal access to information. For example, an employee did not have access rights to information, but managed to bypass security systems. Or an insider had access to information and took it outside the organization. Hacker attacks also account for 15% of threats. This broad group of incidents includes all leaks that occurred as a result of external intrusion. The not too high proportion of hacker intrusions is explained by the fact that the intrusions themselves have become less noticeable. 14% were web leaks. This category includes all leaks associated with the publication of confidential information in public places, for example, on Global Networks. 9% is a paper leak. By definition, a paper leak is any leak that occurs as a result of printing confidential information on paper. 7% are other possible threats. This category includes incidents for which the exact cause could not be determined, as well as leaks that became known after the fact, after personal information was used for illegal purposes.
In addition, phishing is currently actively developing - an Internet fraud technology that involves stealing personal confidential data such as access passwords, credit card numbers, bank accounts and other personal information. Phishing (from English. Fishing- fishing) stands for fishing for a password and uses not the technical shortcomings of the CS, but the gullibility of Internet users. The attacker throws bait onto the Internet and “catch all the fish” - users who fall for it.
Regardless of the specifics of specific types of threats, information security must maintain integrity, confidentiality, and availability. Threats to integrity, confidentiality and availability are primary. Violation of integrity includes any deliberate modification of information stored in a computer system or transmitted from one system to another. A breach of confidentiality can result in a situation where information becomes known to someone who does not have the authority to access it. The threat of information inaccessibility arises whenever, as a result of deliberate actions of other users or attackers, access to some CS resource is blocked.
Another type of information security threat is the threat of disclosure of CS parameters. As a result of its implementation, no damage is caused to the information processed in the CS, but at the same time the possibilities for the manifestation of primary threats are significantly enhanced.
Chapter 2 The concept of information threats and their types
2.1 Information threats
Since the late 80s and early 90s, problems related to information security have worried both specialists in the field of computer security and numerous ordinary users of personal computers. This is due to the profound changes computer technology brings to our lives.
Modern automated information systems (AIS) in economics are complex mechanisms consisting of a large number of components of varying degrees of autonomy, interconnected and exchanging data. Almost each of them can fail or be exposed to external influences.
Despite the expensive methods taken, the functioning of computer information systems has revealed the presence of weaknesses in information security. The inevitable consequence has been ever-increasing costs and efforts to protect information. However, in order for the measures taken to be effective, it is necessary to determine what a threat to information security is, to identify possible channels of information leakage and ways of unauthorized access to protected data.
Under threat to information security (information threat) means an action or event that can lead to destruction, distortion or unauthorized use of information resources, including stored, transmitted and processed information, as well as software and hardware. If the value of information is lost during its storage and/or distribution, then threat of violation confidentiality of information. If information is changed or destroyed with loss of its value, then it is realized threat to information integrity. If information does not reach the legal user on time, then its value decreases and over time is completely depreciated, thereby threatening the efficiency of use or availability of information.
So, the implementation of threats to information security consists in violating the confidentiality, integrity and availability of information. An attacker can view confidential information, modify it, or even destroy it, as well as limit or block a legitimate user’s access to information. In this case, the attacker can be either an employee of the organization or an outsider. But, besides this, the value of information may decrease due to accidental, unintentional errors of personnel, as well as surprises sometimes presented by nature itself.
Information threats can be caused by:
natural factors (natural disasters - fire, flood, hurricane, lightning and other causes);
human factors. The latter, in turn, are divided into:
– threats that are random, unintentional in nature. These are threats associated with errors in the process of preparing, processing and transmitting information (scientific, technical, commercial, monetary and financial documentation); with untargeted “brain drain”, knowledge, information (for example, in connection with population migration, travel to other countries, to reunite with family, etc.) These are threats associated with errors in the design, development and manufacturing process of systems and their components (buildings, structures, premises, computers, communications equipment, operating systems, application programs, etc.) with errors in the operation of equipment due to poor quality manufacturing; with errors in the process of preparing and processing information (errors of programmers and users due to insufficient qualifications and poor quality service, operator errors in the preparation, input and output of data, correction and processing of information);
– threats caused by deliberate, deliberate actions of people. These are threats associated with the transfer, distortion and destruction of scientific discoveries, inventions of production secrets, new technologies for selfish and other antisocial reasons (documentation, drawings, descriptions of discoveries and inventions and other materials); eavesdropping and transmission of official and other scientific, technical and commercial conversations; with a targeted “brain drain”, knowledge and information (for example, in connection with obtaining another citizenship for selfish reasons). These are threats associated with unauthorized access to the resources of an automated information system (making technical changes to computers and communications, connecting to computers and communication channels, theft of storage media: floppy disks, descriptions, printouts, etc.).
Deliberate threats are aimed at causing damage to AIS users and, in turn, are divided into active and passive.
Passive threats, as a rule, are aimed at the unauthorized use of information resources without affecting their functioning. A passive threat is, for example, an attempt to obtain information circulating in communication channels by listening to them.
Active threats have the goal of disrupting the normal functioning of the system through targeted impact on hardware, software and information resources. Active threats include, for example, destruction or electronic jamming of communication lines, disablement of a PC or its operating system, distortion of information in databases or in system information, etc. Sources of active threats can be direct actions of attackers, software viruses, etc.
Deliberate threats are divided into internal arising within the managed organization, and external .
Internal threats are most often determined by social tension and a difficult moral climate.
External threats can be determined by malicious actions of competitors, economic conditions and other reasons (for example, natural disasters). According to foreign sources, it has become widespread industrial espionage - is the illegal collection, appropriation and transfer of information constituting a trade secret by a person not authorized by its owner that is harmful to the owner of a trade secret.
The main security threats include:
disclosure of confidential information;
compromise of information;
unauthorized use of information resources;
misuse of resources; unauthorized exchange of information;
refusal of information;
refusal of service.
Means of threat implementation disclosure of confidential information There may be unauthorized access to databases, wiretapping of channels, etc. In any case, obtaining information that is the property of a certain person (group of persons), which leads to a decrease and even loss of the value of the information.
The implementation of threats is a consequence of one of the following actions and events: disclosures confidential information, leakage of confidential information and unauthorized access to protected information (106). When disclosed or leaked, the confidentiality of information with limited access is violated (Fig. 2).
Rice. 2 Actions and events that violate information security
Leakage of confidential information - this is the uncontrolled release of confidential information beyond the boundaries of the IP or the circle of persons to whom it was entrusted through service or became known in the course of work. This leak may be due to:
disclosure of confidential information;
the flow of information through various, mainly technical, channels;
unauthorized access to confidential information in various ways.
Disclosure of information its owner or possessor is the intentional or careless actions of officials and users to whom the relevant information was entrusted in the prescribed manner through their service or work, which led to the familiarization with it of persons who were not allowed to have access to this information.
Available uncontrolled removal of confidential information via visual-optical, acoustic, electromagnetic and other channels.
Due to their physical nature, the following means of information transfer are possible:
Light rays.
Sound waves.
Electromagnetic waves.
Materials and substances.
By an information leakage channel we mean a physical path from a source of confidential information to an attacker, through which leakage or unauthorized receipt of protected information is possible. For the emergence (formation, establishment) of an information leakage channel, certain spatial, energy and temporal conditions are required, as well as appropriate means of perceiving and recording information on the attacker’s side.
In relation to practice, taking into account the physical nature of education, information leakage channels can be divided into the following groups:
visual-optical;
acoustic (including acoustic-transforming);
electromagnetic (including magnetic and electric);
tangible (paper, photos, magnetic media, industrial waste of various types - solid, liquid, gaseous).
Visual optical channels– this is, as a rule, direct or remote (including television) observation. The carrier of information is light emitted by sources of confidential information or reflected from it in the visible, infrared and ultraviolet ranges.
Acoustic channels. For a person, hearing is the second most informative after vision. Therefore, one of the fairly common channels of information leakage is the acoustic channel. In the acoustic channel, the carrier of information is sound lying in the ultra (more than 20,000 Hz), audible and infrasound ranges. The range of sound frequencies heard by humans ranges from 16 to 20,000 Hz, and those contained in human speech - from 100 to 6,000 Hz.
In free air space, acoustic channels are formed in rooms during negotiations in the case of open doors, windows, and vents. In addition, such channels are formed by the air ventilation system of the premises. In this case, the formation of channels significantly depends on the geometric dimensions and shape of the air ducts, the acoustic characteristics of the shaped elements of the valves, air distributors and similar elements.
Electromagnetic channels. The carrier of information are electromagnetic waves in the range from ultra-long with a wavelength of 10,000 m (frequencies less than 30 Hz) to sublimated with a wavelength of 1 - 0.1 mm. (frequencies from 300 to 3000 GHz). Each of these types of electromagnetic waves has specific propagation characteristics, both in range and in space. Long waves, for example, propagate over very long distances, while millimeter waves, on the contrary, extend only to a line of sight within a few or tens of kilometers. In addition, various telephone and other wires and communication cables create magnetic and electric fields around themselves, which also act as elements of information leakage due to interference with other wires and equipment elements in the near zone of their location.
Material and material channels Information leaks include a variety of materials in solid, liquid, gaseous or corpuscular (radioactive elements) form. Very often these are various production wastes, defective products, rough materials, etc.
Obviously, each source of confidential information may have, to one degree or another, a set of information leakage channels. The causes of leakage are usually associated with imperfect standards for storing information, as well as violations of these standards (including imperfect ones), deviations from the rules for handling relevant documents, technical means, product samples and other materials containing confidential information.
Leakage factors may include, for example:
insufficient knowledge by enterprise employees of information security rules and lack of understanding (or lack of understanding) of the need for their careful compliance;
weak control over compliance with information protection rules by legal, organizational and engineering measures.
Unauthorized access (UNA)
This most common type of information threat involves a user gaining access to an object for which he does not have permission in accordance with the organization's security policy. The biggest challenge is usually determining who should have access to which data sets and who should not. In other words, the term “unauthorized” needs to be defined.
By nature, the influence of NSD is an active influence that uses system errors. NSD usually directly accesses the required set of data, or affects information about authorized access in order to legalize the NSD. Any system object can be subject to NSD. NSD can be carried out using both standard and specially developed software tools for objects.
There are also quite primitive ways of unauthorized access:
theft of storage media and documentary waste;
proactive cooperation;
inducement to cooperation on the part of the burglar;
probing;
eavesdropping;
observation and other ways.
Any methods of leaking confidential information can lead to significant material and moral damage both for the organization where the information system operates and for its users.
Managers should remember that quite a large part of the reasons and conditions that create the preconditions and the possibility of unlawful acquisition of confidential information arise due to elementary shortcomings of organizational leaders and their employees. For example, the reasons and conditions that create the prerequisites for the leakage of trade secrets may include:
insufficient knowledge by the organization’s employees of the rules for protecting confidential information and a lack of understanding of the need for their careful compliance;
use of uncertified technical means for processing confidential information;
weak control over compliance with information protection rules by legal organizational and engineering measures, etc.
Example No. 1 (M. Nakamoto “Japan is fighting leaks”, “Monday” dated 03/02/2004)
Japanese companies have long been defendants in industrial espionage scandals and disputes, with one of the most famous examples being the 1982 case of Hitachi employees accused of stealing intellectual property from IBM. Now, however, as international competition intensifies in areas where the Japanese have traditionally dominated, they themselves are increasingly becoming victims of industrial spies.
The Sharp Corporation, which carefully guards its own technological developments, has located its ultra-modern plant for the production of liquid crystal panels in the town of Kameyama - in a remote mountainous area, far from prying eyes. But even here, the giant of the electronics industry does not feel completely safe: for some time, Sharp employees began to be alarmed by a mysterious car that drove around the corporation’s secret facility about once a month. The suspicious car, according to Sharp representatives, may well belong to an agent of a competing company hoping to find out important details of someone else's know-how.
“Technology leakage from Japan reduces the country's competitiveness and leads to a decline in employment,” said Yoshinori Komiya, director of the Intellectual Property Protection Agency at the Ministry of Economy, Trade and Industry (METI). We recognize that some technologies are subject to overseas transfer; but now technologies are often transferred that company leaders seek to keep secret.”
This problem has become especially painful for the Japanese government now that the neighbors of the land of the rising sun have achieved serious success in the high-tech market. Even the largest and most powerful Japanese companies now have to take a defensive stance and carefully guard their intellectual property.
According to the METI, many companies that become victims of industrial espionage try not to stir up a scandal, since their own employees, and not outside agents, are guilty of the thefts. As Yokio Sotoku, vice-president of Matsushita, admits, violations by fifth columnists, such as employees working at rival firms on weekends, are still common in Japanese business.
METP research also shows that one of the channels for the leakage of commercial information is former employees of Japanese companies who take jobs in other Asian countries and take with them the know-how of their former employers. METP identified the main ways in which confidential information leaks to competitors of Japanese companies, including copying of data by employees during non-working hours; employees work part-time in competing companies (for example, on weekends); creating a joint venture with a foreign company with an insufficiently developed information security policy; violation of a confidentiality agreement by a partner-equipment supplier, etc.
METI notes that many companies that did not realize in time the risk associated with leakage of know-how suffer significant losses because of this, but the courts in such cases treat them without sympathy, since we are talking about negligence and carelessness. Of the 48 court cases in which Japanese companies sought compensation for damages from intellectual property theft, only 16 cases were found to have merit.
Example No. 2 (B. Gossage “Chatterbox - a godsend for a competitor”; “Monday” dated 02/16/2004)
Phil Sipowicz, founder and head of the American IT consulting company Everynetwork, has never considered himself talkative or prone to indiscreet statements. When negotiating a possible partnership with one of his competitors, Sipovich tried not to reveal his cards, saying only what he considered truly necessary to advance the deal.
After the negotiations, an optimistic Sipovich, together with his lawyer, drafted a non-disclosure agreement and faxed it to his partner. The answer came only a few weeks later and was unexpected - the partner said that he was not interested in a merger, an alliance, or anything else... And a month later, one of Sipovich’s clients called and said that he had been contacted by proposal from another consultant. As it turned out, that same failed partner! Only then did Sipovich remember that during the negotiations he accidentally mentioned three of his key clients. His suspicions were justified: soon two other clients also received offers from an alternative consultant. “This was not a large-scale marketing campaign, they were looking for an approach only to those clients whom I myself mentioned,” states Sipovich. “I couldn’t do anything, since I spilled the beans myself.”
Disclosure and leakage leads to unauthorized access to confidential information with minimal effort on the part of the attacker. This is facilitated by some not the best personal and professional characteristics and actions of the company’s employees, presented in Fig. 3
Rice. 3 Personal and professional characteristics and actions of employees that contribute to the implementation of information security threats
And even if the employee is not an attacker, he may make mistakes unintentionally due to fatigue, illness, etc.
Erroneous use of information resources, being sanctioned, nevertheless, can lead to destruction and disclosure. or compromise of specified resources. This threat is most often a consequence of errors in AIS software.
Destruction of computer information- this is erasing it in the computer memory, deleting it from physical media, as well as unauthorized changes to its constituent data, radically changing the content (for example, introducing false information, adding, changing, deleting records). The simultaneous transfer of information to another computer medium is not considered in the context of criminal law to be the destruction of computer information only if, as a result of these actions, access to the information by lawful users was not significantly hindered or excluded.
The user's ability to restore destroyed information using software or to obtain this information from another user does not relieve the offender from liability.
Destruction of information does not mean renaming the file where it is contained, nor does it automatically “evict” it. older versions of files are up to date.
Blocking computer information– this is an artificial difficulty in accessing computer information for users, not related to its destruction. In other words, this is the performance of actions with information, the result of which is the impossibility of obtaining or using it for its intended purpose, with complete safety of the information itself.
Compromise of information, as a rule, is implemented by making unauthorized changes to databases, as a result of which its consumer is forced to either abandon it or make additional efforts to identify changes and restore true information. If compromised information is used, the consumer is exposed to the risk of making wrong decisions with all the ensuing consequences.
Refusal of information, in particular, non-recognition of a transaction (bank operation) consists in the non-recognition by the recipient or sender of information of the facts of its receipt or sending. In the context of marketing activities, this, in particular, allows one of the parties to terminate the concluded financial agreements “technically”; way, without formally renouncing them and thereby causing significant damage to the other party.
Modification of computer information- this is the introduction of any changes to it, except those related to the adaptation of a computer program or database. Adaptation of a computer program or database is “the introduction of changes carried out solely for the purpose of ensuring the functioning of a computer program or database on specific technical means of the user or under the control of specific user programs” (Part 1 of Article 1 of the Law of the Russian Federation of September 23, 1992 year "On the legal protection of programs for electronic computers and databases";). In other words, this means a change in its content compared to the information that was initially (before the act was committed) at the disposal of the owner or legal user.
Copying computer information– production and permanent recording of the second and subsequent copies of the database, files in any material form, as well as their recording on computer media, in computer memory.
Denial of service represents a very significant and widespread threat, the source of which is the AIS itself. Such a refusal is especially dangerous in situations where a delay in providing resources to a subscriber can lead to dire consequences for him. Thus, the user’s lack of data necessary to make a decision during the period when this decision can still be effectively implemented may cause him to act irrationally.
The main typical ways of unauthorized access to information are:
Document... informationalsecurity. 8.2.9. General collateral requirements informationalsecurity banking information technological processes 8.2.9.1. System provision informationalsecurity banking informational ... -economic ...
Information security
TutorialBy provision informationalsecurity RF; insufficient economic the power of the state; decreased efficiency systems education and upbringing...
Information security of entrepreneurial activity educational and methodological complex
Training and metodology complexMathematics, computer science, economic theory, statistics, ... informationalsecurity. B. Cryptographic assurance methods informationalsecurity. B. Collateral requirements informationalsecurity corporate informationalsystems ...
interception of electronic radiation;