INFORMATION SECURITY AND ITS COMPONENTS

ABSTRACT

The modern development of the world economy is characterized by an increasing dependence of the market on a significant amount of information flows. The importance of issues related to safeguarding data flows and ensuring the confidentiality of information during its processing and transmission is growing. The issue of information security is multifaceted and intricate. The rapid advancement of electronic technologies, including the development of tools for processing, storing, and securing information, is ongoing. However, the methods for unauthorized access and exploitation of information are also evolving, both in software and hardware.

Keywords: information; security.

The concept of information security.

Information security is defined as the safeguarding of information and supporting infrastructure from unintended or deliberate harm caused by natural or man-made events that could result in unacceptable damage to the parties involved in information exchange, including owners and users of information and supporting infrastructure.

In essence, when we talk about information protection, we are referring to technical and organizational measures designed to prevent unauthorized access, alteration, damage, or deletion of information. However, it is crucial to ensure that legitimate users can still access the information without hindrance.

Information security applies to both individuals and organizations, as well as to nations. With the widespread use of computer technology in various aspects of human activity, it has become imperative to protect information. The Internet has become the primary means of communication, and it is essential to safeguard this communication. The global network of information is expanding rapidly, and the number of participants is constantly increasing. According to some estimates, there are approximately 1.5 billion web pages. Some of them are active for up to six months, while others are fully operational and generate substantial profits for their owners. The web contains information about all aspects of human life and society. Users trust this medium to represent themselves and their activities. However, the history of computer technology is rife with examples of unethical use of online resources [3, p. 83].

The basic principles of ensuring information security.

Ease of use of the information system. This principle of information security is that in order to minimize errors, it is necessary to ensure the ease of use of the information system. During the operation, users and administrators make unintended mistakes, some of which may lead to non-compliance with the requirements of security policies and a decrease in the level of information security. The more complex, confusing and incomprehensible the operations they perform for users and administrators, the more mistakes they make. The ease of use of is a prerequisite for reducing the number of erroneous actions. At the same time, it should be remembered that this principle of information security does not mean simplicity of architecture and reduction of functionality [1, p. 76].

Control over all operations. This principle implies continuous monitoring of the state of information security and all events affecting information security. It is necessary to control access to any object with the ability to block unwanted actions and quickly restore the normal parameters of the information system.

Everything that is not allowed is prohibited. This principle of information security is that access to any object should be provided only if there is an appropriate rule reflected, for example, in the business process regulations or security software settings. At the same time, the main function of the information security system is to allow, not prohibit, any actions. This principle allows you to allow only known safe actions, and not to recognize any threat, which is very resource-intensive, impossible to fully implement and does not provide a sufficient level of information security [2, p. 542].

Open architecture. This principle of information security is that security should not be ensured through ambiguity. Attempts to protect an information system from computer threats by complicating, obfuscating and hiding weaknesses ultimately prove to be untenable and only delay a successful hacker, virus or insider attack.

Access control. This principle of information security is that each user is given access to information and its media in accordance with his authority. At the same time, the possibility of exceeding authority is excluded. Each role/position/user group can be assigned its own rights to perform actions (read/modify/delete).

Wrecking programs and their types. Depending on the mechanism of action, pest programs are divided into four classes:

• Logic bombs are programs or parts of them that are permanently stored in computers or computer systems and are executed only under certain conditions.

• Worms are programs that run every time the system boots, have the ability to move in computing systems or on the network and reproduce copies themselves.

• Trojan horses are programs obtained by explicitly modifying or adding commands to user programs. During the subsequent execution of user programs, unauthorized, modified or some new functions are performed along with the specified functions.

• Computer viruses are small programs that, after being embedded in a computer, independently spread by creating their own copies, and under certain conditions have a negative impact on the computer system.

Conclusion.

With the spread and development of network technologies, the problem of information security compliance has become especially acute and affects almost all users. Currently, a computer that does not have security measures in place cannot provide the user with normal operation. The development of computer technology and its widespread introduction into various spheres of human activity has caused an increase in the number of illegal actions, the object or instrument of which are electronic computers. By various kinds of manipulations, i.e. making changes to information at various stages of its processing, in software, mastering information, it is often possible to receive significant amounts of money, evade taxation, engage in industrial espionage, destroy competitors' programs, etc. Information protection requires a systematic approach; i.e., it cannot be limited to individual measures. A systematic approach to information protection requires that the means and actions used to ensure information security - organizational, physical, and software-technical - be considered as a single set of interrelated, complementary and interacting measures.

Список литературы:

1. Поляков, В. П. Практическое занятие по изучению вопросов информационной безопасности / В. П. Поляков // Информатика и образование. – 2006. – № 11. – С. 75–80.
2. Шаньгин, В. Ф. Защита компьютерной информации. Эффективные методы и средства / В. Ф. Шаньгин. – М. : ДМК Пресс, 2008. – С. 532–555.
3. Галатенко, В. А. Стандарты информационной безопасности / В. А. Галатенко. – Интернет-университет информационных технологий, 2005. – С. 79–86.