ResearchBib Share Your Research, Maximize Your Social Impacts
Sign for Notice Everyday Sign up >> Login


Journal: Честь і Закон ("Honor and Law") (Vol.2, No. 73)

Publication Date:

Authors : ;

Page : 27-32

Keywords : integrated information protection system; observability; controllability; technical information protection; information security threats;

Source : Downloadexternal Find it from : Google Scholarexternal


The article provides a classification of violations of the properties of information that can be implemented with the help of an intruder in relation to the object of information activity of NSU. The most appropriate way to classify threats of all existing ones, specified in the article is the classification of threats based on the result of their influence on information, that is, a violation of its confidentiality, integrity, and availability of information. Information is kept confidential if the established rules for acquaintance with it are observed. Information maintains integrity if the established rules for its modification are observed. Information remains accessible if it remains possible to familiarize yourself with it or modify it in accordance with the established rules for a certain (small) period of time. A special place for determining the classification of each of the threats must be investigated, firstly, on the violation of what properties of information or ITS it is aimed at, secondly, the sources of the threat, and thirdly, possible ways to implement threats. It is known that information vulnerabilities can affect it not directly, but indirectly. Random threats of a subjective nature (actions carried out by staff or users through carelessness, negligence, ignorance, etc., but unintentionally) can be: – actions leading to the failure of ITS (individual components), the destruction of hardware, software, information resources (equipment, communication channels, deletion of data, programs, etc.) – unintentional damage to storage media; – unlawful change of the ITS operating modes (of individual components, equipment, software etc.), initiation of testing or technological processes that can lead to irreversible changes in the system (for example, formatting of storage media); – unintentional viral infection of software; – failure to comply with the requirements for organizational measures of protection of administrative documents in force in ITS; – errors when entering data into the system, outputting data to incorrect addresses of devices, internal and external subscribers, and the like; – any actions that may lead to the disclosure of confidential information, attributes of access control, loss of attributes, and the like; – unlawful implementation and use of software prohibited by the security policy (for example, training and game programs, system and application software, etc.) – the consequences of the incompetent use of protective equipment. The analysis and classification of threats to information security at an object of information activities and its circulation in ITS will simplify the process of compiling an information protection plan and increase the efficiency of its compilation at the information activity object in the information and telecommunication system. The article provides a general description of threats to information property violations.

Last modified: 2021-06-23 21:39:59