Помощничек
Главная | Обратная связь


Археология
Архитектура
Астрономия
Аудит
Биология
Ботаника
Бухгалтерский учёт
Войное дело
Генетика
География
Геология
Дизайн
Искусство
История
Кино
Кулинария
Культура
Литература
Математика
Медицина
Металлургия
Мифология
Музыка
Психология
Религия
Спорт
Строительство
Техника
Транспорт
Туризм
Усадьба
Физика
Фотография
Химия
Экология
Электричество
Электроника
Энергетика

Threat of confidential information

 

Under the threats of confidential information it is accepted to understand the potential or actual possible actions in relation to information resources, leading to a false овладе of protected information. Such actions are:

 

getting acquainted with the confidential information of the various ways and means, without compromising its integrity;

 

modification of the information for criminal purposes as a partial or a significant change of the composition and content of the information;

 

damage (destruction) of information as an act of vandalism with the purpose of direct material damage.

 

In the end the unlawful actions with the information set-out to a violation of her privacy, integrity, reliability and availability, which in turn leads to a violation of the as of the management regime, and its quality in the conditions of false or incomplete information. Each threat entails certain damage, moral or material, and the protection and countering the threat of to reduce its value, ideally, completely, really - great-but-or at least partially. But this is far from always.

 

In view of this threat can be classified in the following clusters :

largest the damage:

  • limit, after which the company may become insolvent;
  • significant, but not leading to bankruptcy;
  • insignificant, which the company for some time may k-compensated, etc.;

on probability of occurrence:

  • very probable threat;
  • probable threat;
  • unlikely to be a threat;

for reasons of appearance:

  • natural disasters;
  • deliberate actions;

by the nature of the damage:

  • material;
  • moral;

on character of action:

  • active;
  • passive;

in relation to the object:

  • internal;
  • the external.

The sources of external threats are:

  • unscrupulous competitors;
  • criminal groups and formation;
  • individuals and organizations administrative-administrative-th unit.
  • Sources of internal threats can be:

the administration of the enterprise;

  • staff;
  • technical support for production and employment.

 

The ratio of external and internal threats to the average level can be characterized as follows:

  • 82% of the threats is committed by its own employees of the company or with their direct or indirect participation;
  • 17% of the threats is performed from the outside - external threats;
  • 1% of the threats is committed by a random person.

A threat is the potential or actual actions that lead to the moral or material damage.

1.4. The actions leading to a false master of confidential information.

 

The attitude object (firm, organization) and the subject (a competitor of, the attacker) in the information process with opposite interests can be considered from a position of activity in the actions that lead to the mastering of the confidential information. In this case there are such situations:

 

the owner (source) does not take any measures to protect confidential information that could allow an attacker to easily get any information;

 

the source of information shall strictly observe the measures of information security, then an attacker have to make considerable efforts to the implementation of the access to protected information using for the whole of the totality of methods of unauthorized access: legal or illegal.

 

intermediate situation, this information leakage via technical channels, in which the source does not know it yet (otherwise he would have accepted measures of protection), and the attacker can easily, without any effort they can use in their own interests.

 

In general, the fact of receipt of protected information by hackers or competitors, called leakage. But at the same time in a large part of the legislative acts, laws, codes, official materials are used and concepts such as disclosure of the information, and unauthorized access to confidential information .

 

Disclosure - this is intentional or careless actions with sensitive information that led to the knowledge of the persons not admitted to him. Disclosure is expressed in the message, transfer, granting, transmission, publication, the loss and in other forms of exchange and action from the business and scientific information. Implemented disclosure on formal and informal channels of information dissemination. To formal communications are business meetings, meetings, negotiations and other similar forms of communication: exchange of official business and scientific documents of the means to transmit official information (mail, telephone, telegraph, etc.). Informal communication include personal communication (meetings, correspondence, etc.); exhibitions, seminars, conferences and other mass events, as well as mass media (print, newspapers, interviews, radio, tv, etc.). As a rule, the reason for the disclosure of confidential information is the lack of knowledge of the staff rules of protection of commercial secrets and lack of understanding (or misunderstanding) the need for their thorough compliance. It is important to note that the subject of this process is the source of the (owner) of the protected secrets. It should be noted information peculiarities of this action. Information content, sensible, disciplined, well-argued, the volume and communicated often in real-time. Often there is a possibility of a dialogue. Information is targeted in a particular subject area and well-documented. To receive the necessary attacker information last spends almost minimal effort and uses simple legal technical equipment (tape recorders, video monitoring).

 

Leakage is uncontrolled output of confidential information outside the organization or group of persons, to whom they have been entrusted with. The leak of information is carried out by the various technical channels. It is known, that the information is transferred or re-given either the energy or matter. It is either the acoustic wave (sound), or electromagnetic radiation or a sheet of paper (written text) , etc. In this context we can say that the physical nature of the possible ways of information transfer: rays of light, sound waves, electromagnetic waves, materials and substances. , Respectively, that are classified and channels of information leakage on the visual-optical, acoustic, electromagnetic and material-real. Under the channel of leak of information it is accepted to understand the physical path from the source of the confidential information to an attacker, by means of which the latter may obtain access to protected information. For the formation of channels of information leakage, there are certain space, energy and time conditions, as well as the existence on the side of the attacker the equipment for receiving, processing and recording of information.

 

Unauthorized access is the wrongful intentional mastering the confidential information of the person, do not have the right to access guarded secrets. Unauthorized access to confidential sources of information is realized in different ways: from a proactive cooperation, expressed in an active effort to "sell" the secrets to using different means of penetration to commercial secrets. For realization of these actions an attacker often have to penetrate to the object or to create near him special positions of control and surveillance - stationary or mobile version, equipped with the most modern technical equipment. If we proceed from an integrated approach to information security, that such a division is focused on the protection of information as from disclosure, as well as from leakage through technical channels and unauthorized access to it on the part of competitors and intruders. Such an approach to the classification of an action to facilitate any wrong-dimensional mastering of confidential information, shows the diversity of threats and the many aspects of the protective measures necessary to ensure a comprehensive information security.

In view of the foregoing it remains to consider the question of what conditions encourage illegal mastering of confidential information. The following terms and conditions:

  • disclosure of (excessive talkativeness employees) - 32%;
  • unauthorized access through bribery and the inducement to cooperate on the part of competitors and criminal groups - 24%;
  • the absence of the firm proper control and hard conditions of ensuring the information security of the - 14%;
  • the traditional exchange of work experience - 12%;
  • the uncontrolled use of information systems - 10%;
  • the existence of the prerequisites of among employees of conflict situations of 8%;

as well as the absence of a high labour discipline, psychological incompatibility, a random selection of personnel, poor work of personnel of team building.

Among the forms and methods of unfair competition to find the most widespread:

  • economic suppression, resulting in the disruption of the transactions and other agreements (48%),
  • of activity of the company (31%),
  • compromise of the company (11%),
  • blackmail managers of the company (10%);

the physical suppression:

  • robbery and robbery attacks on offices, warehouses, and cargoes (73%),
  • threats of physical violence over the heads of the company and leading specialists (22%),
  • the killings and hostage-taking (5%);
  • media impact:
  • bribery of employees (43%),
  • copying of the information (24%),
  • penetration in the database (18%),
  • sale of confidential documents (10%),
  • eavesdropping of telephone talks and negotiations in the premises of (5%),

as well as the restriction of access to information, misinformation;

 

financial repression includes concepts such as inflation, budget deficit, corruption, embezzlement, finance, fraud, and psychological pressure can be expressed in the form of physical attacks, threats and blackmail, energetic and informational impact.

 

The main threats information is its disclosure, leakage and unauthorized access to its sources. Each of the conditions of the ill-mastering of confidential information can be put in conformity certain channels, certain ways of protective actions and certain classes of means of protection or resistance. Set of definitions, channels, methods and means is presented in the following chart.

 

 

 




Поиск по сайту:

©2015-2020 studopedya.ru Все права принадлежат авторам размещенных материалов.