10.2. Objects and security features in computer data processing systems

The protection object is such a component of the system in which the protected information is located. A security element is a collection of data that may contain information necessary for protection.

With the activity of computer systems can occur:

• • equipment failures and malfunctions;
• • system and system errors;
• • software errors;
• • human error when working with a computer.

Unauthorized access to information is possible during the maintenance of computers in the process of reading information on computer and other media. Illegal familiarization with information is divided into passive and active. When passively reading information, there is no violation of information resources and the offender can only disclose the content of messages. In the case of active unauthorized access to information, it is possible to selectively change, destroy the order of messages, redirect messages, delay and create fake messages.

To ensure security, various measures are taken, which are united by the concept of “information protection system”.

Information protection system is a set of organizational (administrative) and technological measures, software and hardware, legal and moral and ethical standards that are used to prevent the threat of violators in order to minimize possible damage to users and owners of the system.

Organizational and administrative means of protection is the regulation of access to information and computing resources, as well as functional processes of data processing systems. These protections are used to obstruct or exclude the possibility of implementing security threats. The most typical organizational and administrative means are:

• • access to processing and transfer of protected information only by verified officials;
• • storage of information carriers that represent a certain secret, as well as registration logs in safes inaccessible to unauthorized persons;
• • accounting of the use and destruction of documents (carriers) with protected information;
• • separation of access to information and computing resources of officials in accordance with their functional responsibilities.

Technical means of protection are used to create some physically closed environment around the object and elements of protection. It uses such events as:

• • limiting electromagnetic radiation through shielding of the premises in which information processing is carried out;
• • implementation of power supply equipment, working out valuable information from an autonomous power source or a common electrical network through special surge protectors.

Software tools and protection methods are more active than others used to protect information in PCs and computer networks. They implement security features such as the delineation and control of access to resources; registration and study of ongoing processes; prevention of possible destructive effects on resources; cryptographic protection of information.

Technological information protection means a series of measures organically incorporated into the technological processes of data conversion. They also include:

• • backup copies of media;
• • manual or automatic saving of processed files in the external memory of the computer;
• • automatic registration of user access to various resources;
• • development of special instructions for the implementation of all technological procedures, etc.

Legal and moral and ethical measures and means of protection include laws in force in the country, regulations, rules, standards of conduct, compliance with which contributes to the protection of information.