Information security threats in a nutshell. Types and sources of information security threats

A threat (in principle) usually means a potentially possible process (phenomenon, event or impact) that is likely to cause damage to someone's needs. Subsequently, under the threat of protecting the AS of information finishing, we will accept the possibility of influencing the AS, which, indirectly or directly, may cause a loss to its safety.

At the moment, the list of threats to the information security of the nuclear power plant is known, which has more than a hundred positions.
Analysis of probable threats to information security is done with the meaning of defining a complete list of requirements for the created protection system.
To prevent threats, there are a number.

The list of threats, risk analysis of the probabilities of their implementation, as well as the attacker's model are the basis for parsing and implementing threats and building requirements for the AS protection system. In addition to detecting probable threats, it is advisable to conduct a study of these threats based on a classification based on a number of parameters. Each of the classification parameters shows one of the generalized rules for the protection system. Threats that match any of the classification criteria are allowed to detail the requirement reflected by this parameter.

The need for the classification of threats to the information security of the AS is explained by the fact that the stored and processed information in the AS is prone to the influence of factors, which makes it impossible to formalize the problem of describing the full abundance of threats. Therefore, it is usually not a complete list of threats that is determined, but a list of threat classes.

The division of probable threats to the information security of the AU can be done according to the following main parameters.

By the rank of intentionality of expression:

threats provoked by mistakes or negligence of employees, for example, the illiterate use of protection methods, the input of non-venerable data, etc.;
intentional threats, such as fraudulent practices.

By the nature of the occurrence:

artificial threats to NPP safety caused by human hands.
natural threats created by impacts on the nuclear power plant of objective physical actions or natural disasters;

For the immediate cause of the threats:

a person, for example, hired by bribing employees, blurting out confidential information etc.;
natural biome, such as natural disasters, storms, etc .;
unauthorized software and hardware funds, for example, infecting a PC with viruses with destructive functions;
authorized hardware and software funds, failure of the operating system, for example, deleting data.

According to the degree of dependence on the activity of the AU:

only in the course of data processing, for example, threats of implementation and distribution of software viruses;
regardless of the activity of the AU, for example, the opening of ciphers (or or) information.

Sources of information security threats

According to the status of the source of threats:

directly in the AU, for example, inaccurate implementation of the AU resources;
within the AU zone, for example, the use of eavesdropping devices, recordings, theft of printouts, data carriers, etc.;
outside the AU area, for example, capturing information transmitted over communication paths, capturing side acoustic, electromagnetic and other radiation from devices.

By the degree of impact on the AU:

active threats that, when reacting, shift the structure and essence of the AS, for example, the introduction of viruses and Trojan horses;
passive threats that, when executed, do not change anything in the type and essence of the AU, for example, the threat of copying classified information.

By the way of the path to the resources of the AU:

threats implemented using a masked non-standard channel of the path to the AS resources, for example, an unauthorized path to the AS resources by using any OS capabilities;
threats implemented using a standard channel of access to AU resources, for example, illegal acquisition of passwords and other access control parameters with subsequent disguise as a registered employee.

By steps of access of employees or programs to resources:

threats that are realized after the consent of access to the nuclear power plant resources, for example, the threat of incorrect or unauthorized use of the nuclear power plant resources;
threats implemented at the step of access to the plant resources, for example, threats of unauthorized access to the plant.

At the current location of the information stored and processed in the AU:

threats to access to information in RAM, for example, access to the system area of RAM from the side of application programs, reading final information from RAM;
threats to access to information located on external storage media, for example, unauthorized copying of confidential information from hard media;
threats to access information visible on the terminal, for example, recording the displayed data on a video camera;
threats to access information passing through communication channels, for example, illegal connection to communication channels with the task of direct substitution of a legitimate employee with the next introduction of disinformation and imposing false data, illegal connection to communication channels with the next input of false data or modification of the transmitted data.

As already mentioned, dangerous influences on the AU are divided into accidental and intentional. The study of the experience of design, production and operation of the nuclear power plant demonstrates that the data undergoes various random reactions at all stages of the cycle and the functioning of the nuclear power plant.

Source random reactions during the implementation of the AU can be:

abandonment and malfunctions of hardware devices;
neglect of service staff and other employees;
critical situations due to natural disasters and power outages;
noise and background in communication channels due to the influence of external factors (during data transmission and internal factor -) of the channel;
flaws in the software.
or .

Intentional threats cohesive with the deliberate methods of the perpetrator. The criminal can be an employee, an ordinary visitor, mercenaries, competitive individuals, etc. The criminal's methods can be explained by the following factors: competition, curiosity, employee dissatisfaction with his career, material interest (bribe), desire to assert himself by any means, etc.

Drawing a conclusion from the probability of the most dangerous conditions becoming due to the attacker's methods, we can estimate a hypothetical model of a potential attacker:

the attacker knows data about the methods and parameters of the system; ()
the intruder's qualifications can allow unauthorized actions at the developer's level;
It is logical that an attacker can choose the weakest point in the protection system;
an attacker can be anyone, both a legitimate user of the system and an unauthorized person.

For example, the following intentional threats can be noted for banking AS:

familiarization of bank employees with information to which they do not have access;
NSD of individuals who do not belong to a number of bank employees;
unauthorized copying of programs and data;
theft of printed bank files;
theft of digital media containing confidential information;
deliberate elimination of information;
betrayal of messages traversed along communication paths;
unauthorized changes by bank employees of financial statements;
refusal of authorship of the message sent via communication paths;
destruction of archived bank data stored on media;
destruction of data caused by a viral reaction;
refusal to receive data;
refusal at.

Unauthorized access- the most widespread and multivariate type of computer crime. The concept of an unauthorized person (s) is to obtain an individual (violator) access to an object in violation of the set of rules for differentiating access, created in accordance with the adopted security policy. NDS uses an error in the protection system and is possible with the wrong choice of protection methods, their incorrect configuration and installation. NSD is carried out both by local AS methods and specially created software and hardware methods.

The main ways of NSD through which a criminal can form access to the elements of the AU and carry out pulling, changing and / or deleting data:

technological control panels;
indirect electromagnetic radiation from communication channels, equipment, grounding and power supply networks, etc.;
communication channels between the hardware components of the speaker;
local data access lines (terminals of employees, system administrator, operator);
methods of displaying and writing data, or.
through and;

Of the whole multitude of techniques and methods of the NSD, one can dwell on the following crimes:

illegal use of privileges;
"masquerade";
interception of passwords.

Interception of passwords is obtained due to specially created programs. When a legal employee enters the enterprise system, the interceptor program simulates the employee's name and password on the employee's screen, which, after entering, are sent to the owner of the interceptor program, after which information about the system error is displayed on the screen and control is returned to the OS.
the employee thinks he made a mistake when entering the password. He again enters the username and password and receives a login to the enterprise system. the manager of the interceptor program, received the input data of the legal employee. And he can use them in his assigned tasks. There are many other methods for capturing user input. To encrypt passwords in transit, it is prudent to use.

"Masquerade" is the execution of any actions by one employee on behalf of another employee with the appropriate access rights. the task of the "masquerade" is to give any action to another user or intercept the authority and status of another employee in the enterprise network. Possible options for the implementation of the "masquerade" are:

transferring data to the network on behalf of another employee.
logging into the system under the input data of another employee (this "masquerade" is facilitated by the interception of the password);

"Masquerade" is very dangerous in banking electronic payment schemes, where the incorrect identification of the client due to the "masquerade" of the thief can lead to losses of the legitimate client of the bank.

Illegal exploitation of privileges. Many security systems create specific lists of privileges to accomplish specified goals. Each employee receives his own list of privileges: administrators - the maximum list of actions, ordinary users- the minimum list of actions. Unauthorized interception of privileges, for example through a "masquerade", leads to the likely committing of certain actions by the offender bypassing the security system. It should be noted that illegal interception of the list of privileges is likely either in the presence of errors in the security system, or due to an administrator's defect in regulating the system and assigning a list of privileges.

Threats that violate the integrity of information stored in the information system or transmitted over communication lines that are created to modify or distort it, ultimately lead to a rupture of its quality or complete removal. The integrity of data can be violated deliberately, as a result of objective influences from environmental factors. This threat is partially relevant for data transport systems - telecommunications systems and information networks. Deliberate actions that violate the integrity of the data should not be confused with its authorized modifications, which are performed by authorized persons with a justified task.

Threats that violate confidentiality are designed to disclose confidential or classified information. Under the influence of these threats, the data becomes known to individuals who should not have access to it. In information security sources, the threat of a confidentiality crime is every time an NSD is received to classified information stored in an information system or transmitted from between systems.

Threats that disrupt the performance of employees or the system as a whole. They are aimed at creating such variants of situations when certain actions either reduce the performance of the AU, or block access to resource funds. For example, if one employee of the system wants to get access to a certain service, and another creates actions to block this access, then the first user receives a denial of service. Blocking access to a resource can be temporary or permanent. An example would be a crash when. As well as threats to media, for example.

These threats can be considered immediate or primary, while the creation of these threats leads to a direct impact on the protected information.

Today, for modern IT systems, protection is a necessary component of information processing AS. The attacker must first overcome the protection subsystem, and only then violate the integrity of the AU. But you need to understand that there is practically no absolute system of protection, the question is only in the means and time required to bypass it.

The security system also poses a threat, therefore, for normal protected information systems, it is necessary to take into account the fourth type of threat - the threat of examining the system parameters under protection. In practice, the event is checked by a reconnaissance step, during which the main parameters of the protection system, its characteristics, etc. are learned. As a result of this step, the task is adjusted, as well as the choice of the most optimal technical methods for bypassing the protection system. They even pose a threat. Can also be used against the system itself.

The threat of disclosing protection system settings can be called an indirect threat. the implementation of the threat will not give any damage to the processed information in the information system, but will make it possible to implement direct or primary threats, described above.

Figure 1. the main technologies for the implementation of information security threats are described. When the required level of information security is achieved in the NPP, it is necessary to create counteraction to various technical threats and reduce the possible influence of the "human factor". At the enterprise, all this should be dealt with by a special one, which, for further prevention of threats.

Topic 24. Methods of information protection.

Definition and classification of viruses.

Means and methods of information protection.

Antivirus protection.

Cryptographic protection.

General concepts of information security.

In recent years, much attention has been paid to the protection of information accumulated, stored and processed both in individual computers and in computing systems built on their basis. At the same time, information protection means the creation of a set of tools, methods and measures designed to prevent distortion, destruction and unauthorized use of protected information.

The main factors contributing to the increased vulnerability of information are:

Constantly increasing volumes of processed data;

Concentration of information for various purposes and belonging in common databases;

Dramatic expansion of the circle of users with direct access to the resources of the computing system;

Expanding use computer networks, in particular, the global Internet network, through which large volumes of information of a state, military, commercial and private nature are transmitted, etc.

Given these facts, the protection of information in the process of its collection, storage, processing and transmission becomes extremely important.

Let us introduce a number of definitions used in describing the means and methods of information protection in automated processing systems built on the basis of computer technology.

Computer system (CS)- organizational and technical system, representing a set of the following interrelated components:

Technical means of data processing and transmission;

Methods and processing algorithms in the form of a corresponding software;

Data - information on various media and in the process of processing;

End users - personnel and users using the COP to meet information needs;

Access object, or object, is any element of the CS, access to which can be arbitrarily limited (files, devices, channels);

Access subject, or subject, is any entity capable of initiating operations on an object (users, processes).

Information Security- the state of the CS, in which it is able to withstand the destabilizing effects of external and internal information threats and at the same time not create such threats for the elements of the CS itself and the external environment.

Under information security means the security of information from undesirable (for the relevant subjects of information relations) disclosure (confidentiality violation), distortion (integrity violation), loss or decrease in the degree of accessibility of information, as well as its illegal replication.

Under vulnerability of information means the exposure of information to the influence of various destabilizing factors that can lead to a violation of its confidentiality, integrity, availability, or its illegal replication.

Confidentiality of information- the property of information to be available only to a limited circle of end users and other subjects of access who have passed the appropriate verification and are allowed to use it.

Integrity of information- the property to preserve its structure and content during storage, use and transmission.

Reliability of information- a property expressed in the strict belonging of information to the subject, which is its source.

Availability of information- a property of the system in which information circulates, characterized by the ability to provide timely unimpeded access to information for subjects having the proper authority to do so.

Authorized access to information- access with the implementation of the rules for differentiating access to information.

Unauthorized access (unauthorized access)- access in violation of the rules for differentiating the subject's access to information, using staff resources(software or hardware) provided by the COP.

Access control rules- regulation of the subject's access rights to a specific component of the system.

Identification- This is the assignment of a unique designation to the user to verify its compliance.

Authentication- user authentication to check its compliance.

The threat to the information security of the CS- the possibility of influencing the information processed by the CW, with the aim of distorting, destroying, copying or blocking, as well as the possibility of influencing the components of the CW, leading to a malfunction of their functioning.

COP attack- the actions of an intruder undertaken in order to detect the vulnerability of the CS and obtain unauthorized access to information.

Safe, or protected, KS- CS equipped with protective equipment to counter security threats.

Complex of means of protection- a set of hardware and software that ensure information security.

Security policy- a set of rules and regulations governing the operation of means of protection against a given set of threats.

Discretionary access control model- a method of differentiating access of subjects to objects, in which the access rights are set by a certain list of the subject's access rights to the object. When implemented, it is a matrix, the rows of which are subjects, and the columns are objects; matrix elements characterize a set of access rights.

Authorized (mandatory) access control model- a method of differentiating access of subjects to objects, in which each object is assigned a level of secrecy, and each subject is assigned a level of trust in it. A subject can gain access to an object if its trust level is not less than the object's security level.

Types of information security threats.

All threats to information security in information systems are usually divided into active and passive.

Passive threats are mainly aimed at the unauthorized use of information resources of the IS without influencing its operation, unauthorized access to databases, listening to communication channels, etc.

Active threats are aimed at disrupting the normal functioning of the IS by purposefully influencing its components. Active threats include, for example, disabling a computer or its operating system, distorting information in a data bank, destroying computer software, disrupting communication lines, etc. The source of active threats can be the actions of hackers, malware, etc.

Intentional threats are also subdivided into internal (arising within the controlled organization) and external.

Internal threats are most often determined by social tensions and a difficult moral climate in the organization.

External threats can be caused by malicious actions of competitors, economic conditions and other reasons (for example, even natural disasters). According to foreign literature, industrial espionage- these are illegal collection, misappropriation and transfer of information constituting a trade secret by a person who is not authorized to do so by its owner, which is detrimental to the owner of a commercial secret.

The main threats to information security and the normal functioning of IS include:

Leak of confidential information;

Compromising information;

Unauthorized use of information resources;

Erroneous use of information resources;

Unauthorized exchange of information between subscribers;

Refusal of information;

Violation of information service;

Illegal use of privileges.

Leak of confidential information- this is an uncontrolled exit of confidential information outside the IP or the circle of persons to whom it was entrusted in the service or became known in the course of work. This leak may result from:

Disclosure of confidential information;

Leaving information through various, mainly technical, channels;

Unauthorized access to confidential information in various ways.

The disclosure of information by its owner or possessor is led by deliberate or careless actions of officials and users to whom the relevant information was entrusted in the established manner in the service.

Uncontrolled departure of confidential information via visual-optical, acoustic, electromagnetic and other channels is possible.

Unauthorized access Is an unlawful deliberate seizure of confidential information by a person who does not have the right to access protected information.

The most common ways of unauthorized access to information are:

Interception of electronic emissions;

The use of eavesdropping devices (bookmarks);

Remote photography;

Interception of acoustic emissions;

Reading residual information in the system memory after executing authorized requests;

Copying information carriers with overcoming protection;

Disguise as a registered user;

Disguise as system requests;

Using software traps;

Using the disadvantages of programming languages and operating systems;

Illegal connection to equipment and communication lines of specially designed hardware that provides access to information;

Malicious disabling of protection mechanisms;

Decryption of encrypted information by special programs;

Information infections.

The listed ways of unauthorized access require a sufficiently large technical knowledge and appropriate hardware or software developments on the part of the attacker.

However, there are also quite primitive ways of unauthorized access:

Theft of media and documentary waste;

Proactive cooperation;

Encouraging cooperation from the cracker;

Eliciting;

Eavesdropping;

Observation and other ways.

Any methods of leakage of confidential information can lead to significant material and moral damage both for the organization where the IP operates and for its users.

Managers should remember that a fairly large part of the reasons and conditions that create the prerequisites and the possibility of misappropriation of confidential information arise from elementary shortcomings of the heads of enterprises and their employees. For example, the reasons and conditions that create the preconditions for the leakage of trade secrets may include:

Insufficient knowledge by the employees of the enterprise of the rules for protecting confidential information and lack of understanding of the need for their careful observance;

Use of non-certified technical means of processing confidential information;

Weak control over the observance of information protection rules by legal, organizational and engineering-technical measures;

Staff turnover, including those who own information constituting a commercial secret;

Other options, organizational flaws, as a result of which the culprits of information leakage are people - employees of IS and IT.

Most of the listed technical ways of unauthorized access lend themselves to reliable blocking with a properly designed and implemented security system. But the fight against information infections presents significant difficulties, since a huge number of malware aimed at damaging information in the database and computer software. The large number of varieties of these programs does not allow the development of permanent and reliable means of protection against them.

Compromising information(one of the types of information infections). Implemented, as a rule, through unauthorized changes in the database, as a result of which its consumer is forced to either abandon it, or take additional efforts to identify changes and restore true information. In the case of using compromised information, the consumer is in danger of making wrong decisions with all the ensuing consequences.

Unauthorized use of information resources has an independent meaning, as it can cause great damage to the managed system (up to the complete failure of IT) or its subscribers. To prevent these phenomena, identification and authentication are carried out.

The erroneous use of information resources, being authorized, nevertheless can lead to the destruction, leakage or compromise of these resources. This threat is most often the result of errors in the IT software.

Unauthorized exchange of information between subscribers can lead to the receipt of information by one of them, access to which he is prohibited. The consequences are the same as for unauthorized access.

In addition, there are a number of random threats to information, such as the manifestation of errors in software and hardware, incompetent use, configuration or unauthorized disabling of protective equipment by security personnel, unauthorized switching on of equipment or changing operating modes of devices and programs, unintentional damage to media, sending data via wrong address, etc.

One of the main features of the information security problem is the requirement for the completeness of the definition of information threats that are potentially possible in modern information systems. Even one unaccounted for (undetected, not taken into account) destabilizing factor can significantly reduce (and even negate) the effectiveness of protection.

- this is a potentially existing possibility of accidental or deliberate action or inaction, as a result of which the security of information (data) may be compromised.

Information security threat- a set of conditions and factors that create a potential or real-life danger associated with information leakage and / or unauthorized and / or unintentional influences on it.

A threat- this is a person, thing, event or idea that poses some danger to values in need of protection.

A threat- this is the potential to violate information security in a certain way.

An attempt to implement a threat is called an attack, and whoever makes such an attempt is called an attacker. Potential attackers are referred to as threat sources.

The most common threat is the consequence of the presence of vulnerabilities in the information security system. The time interval from the moment when it becomes possible to exploit a vulnerability until the moment when changes are made to the protection system that eliminate this vulnerability is called the window of danger associated (associated) with this vulnerability.

Reasons for the vulnerability of the system:

- The features of the technical means used in the electronic data processing system.

For example, if information is written to a floppy disk, then its integrity can be easily violated due to mechanical damage, exposure to temperature and humidity, electromagnetic fields and other factors.

- Features of the software used.

For example, passwords for Internet access can be stored in a file on disk. Therefore, there is a threat that an attacker will find this file and use someone else's password to access the Internet.

- Features of the behavior of personnel working with the electronic data processing system.

For example, some users write down their passwords for access to various resources on separate pieces of paper and keep these records right at the workplace. Naturally, there is a threat that an attacker can find such a piece of paper and use someone else's password.

Many vulnerabilities cannot be eliminated and are a permanent cause of the threat. As for the features of the software, as a rule, vulnerabilities are identified during operation and eliminated by releasing new versions and "service packs" of programs. It is for such vulnerabilities that the concept of "danger window" is most often used. It "opens" with the emergence of means of exploiting this security gap and is eliminated when this vulnerability is eliminated.

For most vulnerabilities, the window of danger exists for a relatively long time, since during this time the following events should occur:

Means of exploiting this security gap should be made aware

Ways to close this gap must be found

Methods of eliminating this gap should be implemented, that is, appropriate changes should be made to the program.

These changes must be made to all users using this program.

Information security threats in modern information systems are caused by:

Accidental and deliberate destructive and distorting effects of the external environment;

The degree of reliability of the functioning of information processing facilities;

Deliberate mercenary influences of unauthorized users, the purpose of which is theft, disclosure, destruction, destruction, unauthorized modification and use of processed information;

Unintentional, accidental actions of service personnel, etc.

Classification of information threats

Information threats can be classified according to several criteria:

Classification according to the aspect of information security against which the threat is primarily directed.

Integrity threats are associated with the following capabilities:

Physical destruction or damage to media.

For example, an intruder can break the floppy disk on which you wrote your abstract.

Destruction of certain information.

For example, an attacker can delete your lab report file

Change in information, as a result of which the information ceases to reflect the real state of affairs or becomes contradictory.

For example, an attacker can increase data on the amount of money in his account.

Accessibility threats are associated with the following capabilities:

Termination of the functioning of the electronic data processing system due to the destruction of the supporting infrastructure.

For example, the system may stop functioning due to a power outage, a break in the water supply system, a breakdown of the air conditioning system, and as a result, the temperature rises to unacceptable values.

Termination of the functioning of the system due to equipment failure (computers, communication equipment, etc.)

For example, if a computer breaks down at a railway ticket office, connecting to the automated ticket sales system, then passengers will not be able to buy tickets (receive an information service for ticketing) at this ticket office.

Malfunctioning of the system as a result of software errors or inconsistencies between actual work and system documentation.

For example, if a user searches in some information system, then the help information can be written that to search for a word, it is enough just to enter its beginning, and all words starting with a given combination of characters will be found. The user enters the characters "inform" in the hope that all the words "informatics", "information", "information technology" and so on will be found. However, it turns out that in fact the program does not work exactly as written in the help information, and looks for exactly the word that is specified. And to find words starting with a given combination of characters, you need to put "*" at the end. Those. to search for the words "information" and the like, it was necessary to enter the symbols "inform *". But the user could not know about this, and as a result he does not receive the desired information service, and the information stored in the system turns out to be inaccessible to him.

Errors of the personnel of the system, which can be caused both by the lack of the necessary skills to work with a specific system, and by a general lack of education or qualifications.

For example, an applicant applies to the employment service with a request to find a job as a cleaner from 5 pm to 7 pm. The employee of the employment service does not know that the available information system allows you to search by the parameters of working hours (because for such a search you need to go to an additional tab and press a special button, and no one told the employee about this), and invites the client to view all available vacancies of cleaners ... As a result, the client does not receive an information service of the proper quality. In another case, the applicant turns to an employee of the employment service with a request to find a programmer vacancy, and receives an answer that there are no such vacancies. However, in fact, there are such vacancies, just because the employee, because of her ignorance, entered the vacancy "programmer" in the search window. As a result, the client received false information.

Targeted denial of service attacks ( DOS - attacks). In such attacks, multiple service requests are simultaneously sent to the electronic data processing system, as a result of which the system becomes overloaded and cannot function normally. Such attacks are typical for Internet services, when attackers try to disrupt the functioning of individual servers or the network as a whole.

The purpose of such attacks can be:

Causing damage to any company by temporarily disrupting its functioning. For example, if the functioning of the server of a travel company is disrupted, then people will not be able to find out about the services of this company and order vouchers, and the company will lose clients

Disruption of the normal functioning of the protection system in order to try to gain access to confidential information

An attempt to analyze the protection system and find vulnerabilities in it in the process of measures to restore the system's performance and repel an attack.

Privacy threats are associated with the following capabilities:

Loss of technical means of identification (keys, chips)

Reading information from the monitor screen or while typing on the keyboard by a stranger

The negligence of users who write down passwords and leave these records in accessible places

Negligent storage of copies and drafts of confidential documents, as well as copier and plain paper used in their printing

Leaving unattended workplaces from which access to confidential information is carried out

Using "incorrect", that is, easily guessable passwords

The use of special hardware and software for breaking system protection

Since all aspects of information security are closely related to each other, then a specific threat turns out to be directed against several aspects of security at once.

For example, when a power outage occurs, not only the availability of information is disrupted during the time the system is not working, but also destruction or violation of the integrity of information may occur due to the termination of the system at the time of performing any critical operation.

Classification by system components targeted by the threat (attack)

- threat to data may be associated with the possibility of theft or damage to data carriers, unauthorized deletion or alteration of data, as well as the possibility that data will become available to persons to whom it should not be available

- threat to programs may be associated with the introduction of malicious software, primarily computer viruses

- technical threat may be associated with the possibility of equipment failure due to accidental or deliberate influences of a natural or artificial nature

- threat to personnel may be associated with the possibility of creating conditions forcing individual employees to take actions related to violation of information protection (blackmail, bribery, etc.)

Information security threat (information threat) means an action or event that can lead to destruction, distortion or unauthorized use of information resources, including stored, transmitted and processed information, as well as software and hardware. If the value of information is lost during its storage and / or distribution, then the threat of violation of the confidentiality of information is realized. If information changes or is destroyed with the loss of its value, then a threat to the integrity of the information is realized. If the information is not delivered to the legal user on time, then its value decreases and over time it completely depreciates, thereby threatening the efficiency of use or the availability of information.

So, the implementation of information security threats lies in the violation of confidentiality, integrity and availability of information. An attacker can get acquainted with confidential information, modify it, or even destroy it, as well as restrict or block the access of a legal user to information. In this case, an attacker can be either an employee of the organization or an unauthorized person.

Information threats can be caused by:

- natural factors (natural disasters - fire, flood, hurricane, lightning and other reasons);
- human factors. The latter, in turn, are subdivided into:
- a) threats that are accidental, unintentional. These are threats associated with errors in the preparation, processing and transmission of information (scientific and technical, commercial, monetary and financial documentation);
- b) with an unfocused "brain drain", knowledge, information. These are threats associated with errors in the design, development and manufacture of systems and their components (buildings, structures, premises, computers, communication facilities, operating systems, application programs, etc.) with errors in the operation of equipment due to its poor-quality manufacturing;
- c) errors in the preparation and processing of information (errors of programmers and users due to insufficient qualifications and poor quality of service, errors of operators in the preparation, input and output of data, correction and processing of information);
- d) threats caused by intentional, deliberate actions of people. These are threats associated with the transfer, distortion and destruction of data for mercenary and other antisocial reasons (documentation, drawings, descriptions of discoveries and inventions and other materials);
- e) eavesdropping and transmission of official and other scientific, technical and commercial conversations; with a purposeful "brain drain". These are threats associated with unauthorized access to the resources of an automated information system.

Leakage of confidential information is an uncontrolled exit of confidential information outside the IP or the circle of persons to whom it was entrusted in the service or became known in the course of work. This leak may be due to:

- disclosure of confidential information;
- information leaving through various, mainly technical, channels;
- unauthorized access to confidential information in various ways.

Uncontrolled departure of confidential information via visual-optical, acoustic, electromagnetic and other channels is possible.

The types of threats to confidential documents in an organization's document flows can be divided into several groups:

1. Unauthorized access of an unauthorized person to documents, files, databases due to his curiosity or deceitful, provocative actions, as well as accidental or deliberate mistakes of the company staff;
2. Loss of a document or its individual parts (sheets, attachments, diagrams, copies, copies, photographs, etc.), a carrier of a draft document or working records due to theft, loss, destruction;
3. Loss of confidentiality information due to its disclosure by personnel or leakage through technical channels, reading data in other people's arrays, using residual information on copy tape, paper, disks and diskettes, erroneous actions of personnel;
4. Substitution of documents, carriers and their individual parts for the purpose of falsification, as well as concealment of the fact of loss, theft;
5. Accidental or deliberate destruction of valuable documents and databases, unauthorized modification and distortion of text, details, falsification of documents;
6. Death of documents in extreme situations.

For electronic documents, threats are especially real, since the fact of information theft is practically difficult to detect. With regard to confidential information processed and stored in computers, the conditions for the emergence of threats, according to a number of experts, are classified according to the degree of risk as follows:

* Unintentional errors of users, operators, assistants, business managers, system administrators and other persons serving information systems;
* Theft and forgery of information;
* Spontaneous situations of the external environment;
* Infection with viruses.

In accordance with the nature of the above threats, tasks are formed to ensure the protection of information in document flows, aimed at preventing or mitigating these threats.

The main direction of protecting documented information from possible dangers is the formation of a secure workflow and the use of a specialized technological system in the processing and storage of documents that ensures the security of information on any type of media.

Thus, security is not only protection against criminal encroachments, but also ensuring the safety of (especially electronic) documents and information, as well as measures to protect the most important documents, and to ensure the continuity and / or restoration of activities in the event of disasters.

Organizational measures play a significant role in creating a reliable mechanism for protecting information, since the possibility of unauthorized use of confidential information is largely determined not by technical aspects, but by malicious actions, negligence, negligence and negligence of users or security personnel. The influence of these aspects is almost impossible to avoid by technical means. This requires a set of organizational, legal and organizational and technical measures that would exclude (or at least reduce to a minimum) the possibility of a risk of confidential information. Organization of work to conduct systematic control over the work of personnel with confidential information, the procedure for accounting, storage and destruction of documents and technical media. An instruction should be developed that regulates the procedure for employees' access to confidential information, the procedure for creating, recording, storing and destroying confidential documents of the organization.

Information security threatened is understood as a set of conditions and factors that create a potential or real danger of a breach of information security.

The factor affecting the protected information - phenomenon, action or process, the result of which may be leakage, distortion, destruction of protected information, blocking access to it.

The source of the threat to information security is subject (natural person, material object or physical phenomenon), which is the direct cause of a threat to information security.

Information system vulnerability (breach)- a property of an information system that makes it possible to implement security threats to the information processed in it.

In relation to information and information resources, threats to the integrity, confidentiality, reliability and availability of information can be distinguished, manifested in various forms of violations (Fig. 1).

As a rule, the above threats to information resources are implemented in the following ways:

1. Through available intelligence sources in government bodies and commercial structures that have the ability to obtain confidential information (courts, tax authorities, commercial banks, etc.).

2. By bribery of persons directly working in the organization or structures directly related to its activities.

3. By intercepting information circulating in means and systems of communication and computing with the help of technical means of reconnaissance and information retrieval.

4. By eavesdropping on confidential conversations and by other means of unauthorized access to sources of confidential information.

Rice. 1. Influence of information threats on information security criteria

Information security affects the protection of interests in various spheres of the life of society and the state. Each of them has its own characteristics of ensuring information security, associated with the specifics of security objects, the degree of their vulnerability to information security threats.

For example, from the standpoint of ensuring the security of information in computer systems Oh(CS) the whole set of potential threats to information security in the CS can be divided into two classes.

Threats that are not associated with deliberate actions of intruders and are implemented at random times are called accidental or unintentional.

The implementation of threats of this class leads to the greatest loss of information (according to statistical data, up to 80% of the damage caused to the information resources of the CS by any threats). In this case, destruction, violation of the integrity and availability of information can occur. The confidentiality of information is less often violated, however, this creates prerequisites for malicious influence on information.

Natural disasters and accidents are fraught with the most destructive consequences for information, since media are subject to physical destruction, information is lost or access to it becomes impossible.

Crashes and failures complex systems are inevitable. As a result of failures and failures, the operability of technical means is disrupted, data and programs are destroyed and distorted, the algorithm of operation of devices is disrupted. Violations of the algorithms for the operation of individual nodes and devices can also lead to a violation of the confidentiality of information. For example, failures and failures of the means of issuing information can lead to unauthorized access to information by unauthorized transmission of it to a communication channel, to a printing device, etc.

Errors in the development of KS, algorithmic and software errors lead to consequences similar to the consequences (failures and failures of technical means. In addition, such errors can be used by intruders to influence the resources of the computer system. Errors in operating systems (OS) and in information protection software) are especially dangerous.

According to the US National Institute of Standards and Technology (NIST), 65% of information security breaches occur as a result of errors of users and service personnel. Incompetent, negligent or inattentive performance of functional duties by employees leads to destruction, violation of the integrity and confidentiality of information, as well as compromise of protection mechanisms.

Another class of threats to information security in computer systems is deliberately created threats. Threats of this class, in accordance with their physical essence and implementation mechanisms, can be divided into five groups:

Traditional or universal espionage and sabotage;

Unauthorized access to information;

Electromagnetic radiation and interference;

Modification of structures;

Malicious programs.

Methods and means of espionage and sabotage are still relevant as sources of undesirable impact on information resources. , which were and are being used to obtain or destroy information. These methods are also effective and efficient in the context of the use of computer systems. Most often they are used to obtain information about the security system in order to penetrate the system, as well as to steal and destroy information resources.

Business threats also have their own characteristics.

In relation to an individual organization, there are the following main types of external threats:

1. Unfair competitors.

2. Criminal groups and formation.

3. Illegal actions of individuals and organizations of the administrative apparatus, including tax services.

4. Violation of the established regulations for the collection, processing and transmission of information.

The main types of internal threats:

1. Intentional criminal actions of the organization's own personnel.

2. Unintentional actions and mistakes of employees.

3. Failure of equipment and technical means.

4. Failures of software of information processing facilities.

Internal and external threats interact closely. For example, the general trend of criminalization of economic activity leads to a decrease in the moral and ethical standards of employees of all ranks, often pushes them to actions that damage the enterprise.

The ratio of internal and external threats in accordance with is characterized by the following indicators: 81.7% of threats are committed either by the employees of organizations themselves, or with their direct or indirect participation (internal threats); 17.3% of threats are external threats or criminal actions; 1.0% of threats are threats from random persons.

Objects of various threats in commercial activities are:

1. Human resources (personnel, employees, partners, etc.), including labor and human resources.

2. Material resources.

3. Financial resources.

4. Time resources.

5. Information resources, including intellectual resources (patents, unfinished design and engineering developments, know-how, software products, arrays of accounting and statistical information, etc.).

The most dangerous source of threats to enterprises is their own employees. In this case, the motives for internal threats are irresponsibility, incompetence (low qualifications), personal motives (self-affirmation, selfish interests).

In the context of the continuing high degree of monopolization of the Russian economy, the threat to entrepreneurship is posed by unfair competition, which is:

1. All actions leading to the fact that the consumer can accept the enterprise, goods, industrial or commercial activities of this organization for the enterprise, goods, industrial or commercial activities of a competitor.

2. False statements in the course of business that defame a competitor's business, products, industrial or commercial activities.

3. The use in the course of commercial activities of indications or designations that mislead the consumer as to the nature, manufacturing method, characteristics, suitability for specific purposes or the quantity of goods.

The implementation of threats in this case reduces the efficiency and reliability of the functioning of organizations, and in some cases, leads to the termination of their activities due to the danger of an economic, social, legal, organizational, informational, environmental, technical and criminal nature. The objects of threats can be elements of material, personal ("human"), financial, informational and other capital, which constitutes the economic basis of entrepreneurship.

Each threat entails certain damage (loss) - moral or material, and measures to counter this threat are designed to reduce its magnitude to an acceptable level.

Assessment of possible damages (losses) presupposes knowledge of the types of losses associated with entrepreneurial activity, and the ability to calculate their probabilistic forecast value. There are the following types of possible damage (loss):

1.Material losses are manifested in additional costs not foreseen by the entrepreneurial project or direct losses of equipment, property, products, raw materials, energy, etc.

2.Labor losses- this is the loss of working time caused by random, unforeseen circumstances; measured in hours of working time. The translation of labor losses into monetary terms is carried out by multiplying the labor hours by the cost (price) of one hour.

3. Personnel losses- loss of professional, highly qualified workers necessary for the enterprise; measured in terms of the cost of recruiting and training new staff in monetary terms.

4. Financial losses- direct monetary damage associated with unforeseen payments, payment of fines, payment of additional taxes, loss of funds and securities.

5. Temporary loss... Occurs when the business process is slower than intended. A direct assessment of such losses is carried out in hours, days, weeks, months of delay in obtaining the intended result. To translate the estimate of the loss of time into a monetary measurement, it is necessary to establish to what loss of income, profits can lead to the loss of time. Ultimately, they are valued in monetary terms.

6.Information loss... One of the most serious business losses that can lead to the collapse of the entire organization. Calculated in value terms.

7.Special types of losses are manifested in the form of damage to the health and life of people, the environment, the prestige of an entrepreneur, as well as as a result of other adverse social and moral and psychological consequences.

Informational damage (loss) is associated with the presence of informational risk in the process of entrepreneurial activity, which is included in the general entrepreneurial risk.

Information risk- the likelihood (threat) of loss of assets of an economic entity (entrepreneur) as a result of losses, damage, distortion and disclosure of information.

Information risk is classified as follows:

Risk of information interruption (termination of normal information processing, for example, due to destruction, disablement of computing facilities). This category of action can have very serious consequences, even if the information is not affected in any way;

The risk of information theft (reading or copying information, theft of magnetic media and print results in order to obtain data that can be used against the interests of the owner (proprietor) of information);

Risk of information modification (unauthorized changes to the data aimed at causing damage to the owner (proprietor) of the information);

Risk of data destruction (irreversible change of information, leading to the impossibility of its use);

The risk of electromagnetic interference and interception of information in automated and information systems (AIS);

Risk of information retrieval through the acoustic channel;

Risk of power outage for AIS and supporting infrastructure);

Risk of error by operators and suppliers of AIS information resources;

Risk of AIS software failures;

Risk of malfunction of AIS hardware devices (as a result of negligent actions of employees, non-observance of safety measures, natural disasters, software failures, etc.).

Ultimately, all illegal actions lead to a violation of confidentiality, reliability, integrity and availability of information.

Thus, the list of threats and their sources is quite diverse and the proposed classification is not exhaustive. Countering the manifestations of threats is carried out in various directions, using a full arsenal of methods and means of protection.