Information security is the security of network infrastructure and information systems from accidental or deliberate intervention (internal or external), information theft and / or blocking of business processes that are detrimental to the owners and users of information.

Modern information systems consist of a large number of elements and nodes of varying degrees of autonomy. Since all elements are interconnected and exchange data, each of the elements may be subject to external influence or fail.

All elements of a modern information system can be divided into 4 main groups:

  • hardware - computers and their components (processors, monitors, terminals, peripherals - drives, printers, controllers, cables, communication lines, etc.);
  • software - purchased programs, source, object, load modules; operating systems and system programs (compilers, linkers, etc.), utilities, diagnostic programs, etc .;
  • data - data storage systems (temporarily and permanently), on magnetic media, printed, archives, system logs, etc .;
  • Personnel - service personnel and users who may have a significant impact information protection. All dangerous effects on modern information systems can be divided into accidental and deliberate, which can be subjected to information systems.

All dangerous effects on modern information systems can be divided into accidental and deliberate, which can be subjected to information systems.

Causes of accidental impacts during operation can be:

  • emergency situations (power failure, natural disaster);
  • equipment failures and failures;
  • software developers errors;
  • errors in the work of staff;
  • external electromagnetic interference in connecting lines.

Deliberate influences on information systems, as a rule, are made for a specific purpose, and can be carried out by employees or guests of a company, employees of a competitor, or specially hired specialists.

Intentional effects may be due to different motives and goals:

  • dissatisfaction of a company employee with his employer;
  • financial rewards and benefits;
  • due to curiosity and self-assertion;
  • gaining competitive advantage;
  • causing material damage.

The most common type of intentional exposure and breach of information security is unauthorized access to the company’s information resources. The intruder uses any error in the information protection system, for example, in the case of irrational selection of protective equipment, their incorrect installation and configuration.

Having received unauthorized access to information resources of the company, the offender can carry out theft, alteration or destruction of any information available to him.

Attackers can gain unauthorized access to confidential information in the following ways:

  • in the absence or weak hardware protection of the network infrastructure from external threats (wrong choice of equipment for comprehensive protection, incorrect configuration of elements of the integrated protection system);
  • using an employee of the company (reading information from the screen or keyboard, transferring information to a competitor on electronic media or in the form of printed documents);
  • using vulnerabilities and software errors (interception of passwords, copying information from media, decrypting encrypted information);
  • using specialized equipment (descramblers, electromagnetic radiation scanners from communication lines and power supply networks, etc.).

The basic principles of ensuring information security with modern systems:

  • Information integrity, namely protection from accidental or intentional impact (internal or external), transmission failures between network infrastructure elements, leading to information loss, is protected from unauthorized creation or destruction of data;
  • Confidentiality of information, namely the provision of access to resources of limited access only to certain users, comprehensive protection of confidential information from theft, alteration and destruction;
  • Accessibility of information, namely, unhindered access to all authorized users to all the resources permitted to them in accordance with the access rights granted.

If you are interested in the implementation of IT security and information protection systems, please contact us, we will select the best solution.

Order service IT security

Please, fill in the form below