Lecture
In order to counter the threats listed in the previous chapter, modern information systems include security subsystems that implement the adopted security policy. The security policy, depending on the goals and conditions of the system’s operation, may determine the subjects ’access rights to resources, regulate the procedure for auditing users’ actions in the system, protecting network communications, formulate ways to restore the system after accidental failures, etc. To implement the adopted security policy, there are legal, organizational, administrative and engineering measures to protect information.
Legal provision of information security is a combination of legislative acts, regulatory documents, regulations, instructions, manuals, the requirements of which are mandatory in the information protection system.
Organizational and administrative provision of information security is the regulation of production activities and relations of executors on a regulatory basis in such a way that disclosure, leakage and unauthorized access to information becomes impossible or significantly hampered by organizational measures. The measures of this class include: selection and training of personnel, determination of job descriptions of employees, organization of access control, protection of premises, organization of information protection with the monitoring of personnel work with information, determination of the order of storage, reservation, destruction of confidential information, etc.
Engineering measures are a set of special bodies, technical means and activities that work together to perform a specific task of protecting information. Engineering means include shielding the premises, organizing an alarm system, and guarding the premises from a PC.
Technical means of protection include hardware, software, cryptographic means of protection, which make it difficult to attack, help to detect the fact of its occurrence, to get rid of the consequences of the attack. This manual is devoted to the consideration of technical information protection tools, more detailed information about other types of protection can be obtained, for example, in [10].
Technical means of security subsystems of modern distributed information systems perform the following main functions:
To implement these functions, the following mechanisms are used:
Table 1.1 presents the relationship between the security functions of information systems and the mechanisms for their implementation [11].
Table 1.1
Interrelation of safety functions and mechanisms for their implementation
Security service | Encryption | EDS | Fur. access control | Fur. integrity control | Fur. authentication | Fur. traffic additions | Fur. notarization |
Authentication Of partners | + | + | + | ||||
Authentication Source | + | + | |||||
Access control | + | ||||||
Data confidentiality | + | + | |||||
Data integrity | + | + | + | ||||
Affiliation | + | + | + |
1.5. Conclusion
An important task of modern information systems is to ensure the security of the information stored and processed in them. Protecting information means ensuring the confidentiality, integrity, availability, authenticity and appealability of information.
Information systems are subject to a large number of threats. The main mechanisms for protecting against these threats are encryption, electronic digital signature, access control mechanisms, integrity control, notarization, traffic addition. Algorithmic, software and hardware implementation of these mechanisms will be discussed below.
Comments
To leave a comment
Cryptography and cryptanalysis, Steganography and Stegoanalysis
Terms: Cryptography and cryptanalysis, Steganography and Stegoanalysis