PROTECTION OF INFORMATION
Rapid development of automation processes and the penetration of the computers in all fields of life have lead to appearance of a range of peculiar problems. One of these problems is the necessity of providing effective protection to information and means of its processing.
A lot of ways to access information, considerable quantity of qualified specialists, vast use of special technical equipment in social production make it possible for violators practically at any moment and in any place carry out the actions, which represent a threat to information safety.
Particular role in this process has been played by appearance of personal computer (PC), which has made computers, software and other informational technologies available to general public. Wide distribution of PC and impossibility of conducting effective control of their use have resulted in the decreasing security level of information systems.
In the current situation, data processing has moved the problems of information security forward to the rank of most important problems of national economy. Solving the problem of poor information security presupposes a complex of measures. First of all, such actions of government as development of classification system, documentation of information and protection methods, data access regulations and punishing measures against information security violators.
PROTECTION OF INFORMATION
a. State informational sources
Formation of state informational sources is carried out by citizens, state authorities, organizations and social unions. Documents, which belong to a person, can be included in the state structure of informational sources, of course, if the person wishes. State informational sources are open and generally available. Documented information with limited access is divided into state secret and confidential information.
b. Citizen information (personal information)
Personal data refers to confidential information. The collection, storage, use and distribution of private information are not allowed. The information, which breaks personal and family secret, secret of correspondence, telephone, postal, telegraph talks and other messages of a person without his/her permission, is also confidential.
Personal data may not be used with purpose of causing damage to person's property and reputation, difficulties of realization its right. Collected data must be limited to necessary information. The information, which carries strong probability of causing damage to a citizen's interests shouldn't be collected.
There are some categories of personal information:
official department rules and instructions;
information, which is not to be made public in accordance with legislative acts;
confidential business information;
information, which touches private life of a person;
information of financial institutions;
c. Development and production of informational systems
All types of informational systems and networks, technologies and means of their providing compose a special branch of economic activity, whose development is defined by the state scientific, technological and industrial policy of informatization.
State and non-state organizations and, of course, the citizens have equal rights in terms of access to the development and producing of informational systems, technologies.
Owner of informational systems
The informational systems, technologies and means of their providing can be the property objects of juridical person, non-juridical person and state. The owner of informational system is a person, who purchased these objects or got as a gift, heredity or by any other legal way.
The informational systems, technologies and means of their providing can be considered as a good (product), if the producer rights are not broken. The owner of informational system determines the using conditions of this product.
Copyrights and property rights
Copyrights and property rights on informational systems, technologies and means of their providing can be belong to different persons. The owner of informational systems has to protect copyrights in accordance with legislation.
Informational systems and databases, intended for citizens' and organizations' informational service, are subjected to certification according to the established custom.
The organizations, which work in the field of making design, producing the means of information protection and personal data treatment, must obtain licensees to conduct such activity. The steps for obtaining license are defined by the legislation.
Computer systems and protection of information
a. Problem of information protection
The problem of information security is relatively new. Not all problems, connected with it have been figured out and solved up to now. The fact of great number of computer systems users means the definite risk to security because not all clients will carry out the requirements of its providing.
The order of storage mediums should be clearly defined in legal acts and envisage the complete safety of mediums, control over the work with information, responsibility for unsanctioned access to mediums with a purpose of copying, changing or destroying them and so on.
b. Legal aspects
There are some legal aspects of information protection, which can appear due to not carefully thought or ill-intentioned use of computer technics:
legal questions of protection of informational massifs from distortions;
security of stored information from the unsanctioned access;
setting juridically fixed rules and methods of copyrights protection and priorities of software producers;
development of measures for providing the juridical power to the documents, which are given to the machines;
legal protection of the experts' interests, who pass their knowledge to the databases;
setting of legal norms and juridical responsibility for using electronic computer means in personal interests, which hurt other people and social interests and can harm them;
The lack of appropriate registration and control, low level of work and production personnel
discipline, the access of an unauthorized persons to the computing sources create conditions for abusing and cause difficulties to their detection. In every computing center it is usual to set and strictly follow the regulations of the access to different official rooms for employees of any categories.
The main purpose of information protection is preventing from the leak, theft, distortion, counterfeit of information; preventing the threat to person's life and social safety, protection of the constitution and so on. The information is subjected to protection, when it may cause the harm for its owner, user or other person.
The development of computer technology and its wide use have lead to appearance and spread of computer crimes. Such situation causes alarm among those organizations and legislative institutions that use computer technologies and, of course, people, who use new informational services at homes.
The term "computer crime" was first used in the early 70s. However, the discussions concerning it are still actual. The top question of these discussions is "What unlawful actions are implied by computer crime". A rank of definitions of the computer crime has been composed. It often refers to crimes directly or indirectly connected to electronic computing machines and which includes a number of illegal acts, committed by means of electronic data processing system or against it. Others consider that computer crime is any action, which goes together with interfering with property rights and fulfilled by means of computers. The thirds think that computer crime can be defined as all intentional and unlawful actions, which lead to causing harm to possessions, with help of computers too.
There are following forms of computer criminality: computer manipulations, economic espionage, sabotage, computer extortion, "hackers" activity. The main character of committing computer crimes in the business field becomes highly qualified "white collars" from the suffered organization's employees.
According to the MIS Traiding Institute (USA), they get 63% of all causes, examining crimes and abuses. More than 36% of law-committing employees are related to the personnel, which is not connected with computer servicing, 29% - qualified programmers, 25% - other workers of computing center. This tendency is reflected in official statistics too, according to which, about 40% of computer crimes are committed for solving of financial problems, 20% are motivated as an intellectual challenge to society, 17% - by the willing of solving personal problems, 8% - problems of corporation or organization, 4% - are directed for social admitting, 3% - for wounding somebody's rights and so on.
c. "Hackers" and "crackers"
The most dangerous individuals of computer swindle are so called "hackers", "crackers" and representatives of other groups, working in the sphere of industrial espionage. So, many security specialists advise employers to pay special attention to engaged workers-specialists in computer technologies, programming and information protection spheres.
There are many causes, when "hackers" get a job with a goal of personal enrichment. But the most danger can represent such specialists, who are in collusion with managers of commercial structures and organized criminal groups; in these situations causing damage and weight of consequences considerably increases.
There are two types of unsanctioned access:
internal "breaking open" – the criminal has access to the terminal, with information he interested in and can work with it for some time without somebody's control;
external "breaking open" – the criminal doesn't have indirect access to the computer system, but has an opportunity of penetration to the protected system by means of remote access;
Analysis of such actions shows that single crimes from own or neighbor work places gradually develop into network computer crimes, which are carried out by means of breaking of organizations' protecting systems.
Therefore, the importance of information protection can not be doubted. I think, every organization should have a high-quality protection system in order to insure its safety. However, not only companies and state institutions need information protection system but also general home users need information protection system and should maintain the security of their computers.