Clever Geek Handbook
📜 ⬆️ ⬇️

Threats to Information Security

Threat to information security - a set of conditions and factors creating the danger of violation of information security . [one]

A threat (in general) is understood as a potential event, action (impact), process or phenomenon that may lead to damage to one's interests.

Threats to information security can be classified according to various criteria:

  • On the information security aspect that threats are aimed at:
    • Threats to confidentiality (illegal access to information). The threat of confidentiality is that information becomes known to someone who does not have access to it. It takes place when access is obtained to some information of limited access stored in a computer system or transmitted from one system to another. Due to the threat of confidentiality, the term "leak" is used. Such threats can arise as a result of the “human factor” (for example, accidentally delegating to one user or another the privileges of another user), malfunctions in the operation of software and hardware. Limited information includes state secrets [2] and confidential information [3] (commercial secrets, personal data, professional secrets: medical, lawyer, banking, business, notary, secret insurance, investigation and legal proceedings, correspondence, telephone conversations, postal shipments, telegraphic or other messages (communication secrecy), information on the essence of the invention, utility model or industrial design prior to official publication (know-how), etc.).
    • Threats to integrity (illegal data modification). Threats to integrity violations are threats associated with the likelihood of modification of any information stored in the information system. Violation of integrity can be caused by various factors - from intentional actions of personnel to equipment failure.
    • Threats to accessibility (taking actions that make it impossible or difficult to access information system resources). Violation of accessibility is the creation of such conditions under which access to the service or information will be either blocked or possible for a time that will not ensure the fulfillment of certain business goals.
  • By location of the threat source:
    • Internal (sources of threats are located inside the system);
    • External (sources of threats are outside the system).
  • By the size of the damage:
    • General (causing damage to the security object as a whole, causing significant damage);
    • Local (harming certain parts of the security object);
    • Private (harming certain properties of the elements of the security object).
  • By the degree of impact on the information system:
    • Passive (the structure and content of the system do not change);
    • Active (the structure and content of the system is subject to change).
  • By nature of occurrence:
    • Natural (objective) - caused by the impact on the information environment of objective physical processes or elemental natural phenomena that are not dependent on the will of man;
    • Artificial (subjective) - caused by the impact on the human information sphere. Among the artificial threats, in turn, there are:
      • Unintentional (accidental) threats - software, personnel errors, system malfunctions, failures of computer and communication equipment;
      • Intentional (intentional) threats - unlawful access to information, development of special software used for unauthorized access, development and distribution of virus programs, etc. Intentional threats are caused by human actions. The main problems of information security are primarily associated with deliberate threats, since they are the main cause of crimes and offenses [4] .

Content

Classification of sources of information security threats

The carriers of information security threats are sources of threats. The sources of threats can be both subjects (personality) and objective manifestations, for example, competitors, criminals, corrupt officials, administrative and administrative bodies. In this case, the sources of threats pursue the following goals: familiarization with protected information, their modification for personal gain and destruction for causing direct material damage.

  • All sources of information security threats can be divided into three main groups:
    • Conditioned by the actions of the subject (anthropogenic sources) - subjects whose actions can lead to a violation of the security of information, these actions can be qualified as intentional or accidental crimes. Sources whose actions can lead to a violation of the security of information can be both external and internal. These sources can be predicted and adequate measures taken.
    • Due to technical means (man-made sources) - these sources of threats are less predictable, directly depend on the properties of the equipment and therefore require special attention. These sources of information security threats can also be either internal or external.
    • Natural sources - this group combines circumstances that constitute force majeure (natural disasters or other circumstances that cannot be foreseen or prevented or possible to be foreseen, but impossible to prevent), such circumstances that are objective and absolute in nature, which applies to everyone. Such sources of threats are completely unpredictable and, therefore, measures against them should always be applied. Natural sources, as a rule, are external to the protected object and, as a rule, they mean natural disasters. [5] [6]

Notes

  1. ↑ GOST R 50922-96 (neopr.) .
  2. ↑ Law of the Russian Federation of July 21, 1993 N 5485-I "On State Secrets" (as amended and supplemented) (unspecified) base.garant.ru. Date of treatment December 20, 2016.
  3. ↑ Decree of the President of the Russian Federation of 06.03.1997 N 188 "On approval of the list of information of a confidential nature" (as amended and supplemented) (unspecified) . base.garant.ru. Date of treatment December 20, 2016.
  4. ↑ Blinov A. M. Information security: Textbook. allowance. Part 1 / A.M. Blinov. – SPb .: SPbGUEF, 2010 .-- 96 p.
  5. ↑ Fundamentals of Information Security: Textbook. allowance / Yu.G. Krat, I.G. Shramkova. - Khabarovsk: Publishing House DVGUPS, 2008. –112 p.
  6. ↑ Information Security: A Textbook for University Students. - M .: Academic Project; Gaudeamus, 2nd ed. - 2004 .-- 544 p.

Literature

  • Gatchin Yu. A., Sukhostat VV Information Security Theory and Information Protection Methodology. - SPb. : St. Petersburg State University ITMO, 2010 .-- 98 p.
  • Makarenko S.I. Information Security: A Textbook for University Students. - Stavropol: Siberian State University of Moscow State University M.A. Sholokhov, 2009 .-- 372 p.

See also

  • Unauthorized access
  • Computer crime
Source - https://ru.wikipedia.org/w/index.php?title= Information Security Threats &oldid = 100419252


More articles:

  • Vatyarri
  • Friedel, Joshua
  • Pelosi, Alexandra
  • Margot, Jean
  • Chiridopsis scalaris
  • Waldstein, Jan Bedrich
  • OniAi
  • Barbra Streisand ... And Other Musical Instruments
  • Murphy Paul
  • Order of Military Merit (Yugoslavia)

All articles

Clever Geek | 2019