Specialist in information protection
Initially, the information security system was developed for the needs of the military. Strategic defense data were so important that their leakage could lead to huge human losses. Accordingly, computer security turned to the experience of cryptography, that is, encryption. Crypto fonts and special programs appeared that allowed to automate the process of encryption and decryption.
Later, when the need to protect information spread to other areas, it became clear that sometimes encryption greatly complicates and slow down the transmission and use of data. And with the development of computer networks and systems began to appear other tasks.
Over time, a classification of secrets that needs to be protected has emerged. They comprised six categories: state secrets, commercial, banking, professional, service and personal data. It is clear that for different sectors and types of enterprises, one or two categories are the priority. For science-related industries, for example, it is crucial to prevent the leakage of plans, new developments and trials.
Experts believe that today, unlike in the past decades, more attention is paid to two things: availability and integrity of information. Accessibility means the fact that each user can at any time request the necessary service and work in it without complications. On the other hand, during storage and transmission information should remain integral. This is especially true, for example, for banks, where it is important not to allow changes in details, attribution of extra nicks. At the same time, it is absolutely necessary for providers or telecom operators to maintain the availability and reliability of the operation of information systems (server, communication), because this is the basis of success.
From whom to defend?
So, today’s protection of information is the search for an optimal balance between affordability and security. Or, in other words, it’s a constant struggle with the stupidity of users and the intelligence of hackers.
There are several myths about whoever else is trying on someone else’s information. For example, some exaggerate chances of attacking hackers. These are, it seems, such agile guys who only do that steal money from bank accounts and destroy national security systems. From them it is worth every possible defense. In fact, hackers take not a number, but a skill. And statistics say that 70-80% of computer crimes are committed by employees or fired employees, that is, within companies. Sometimes people who have great powers, passwords and access to information can not overcome the temptation to take advantage of these benefits. And those who were fired then retaliate in the firm, department or person who fired the boss.
As for hackers, today many of them are completely legally engaged in testing new security programs. Actually, testing is that the program is trying to hack and observe its “reaction”. It is this that gives rise to the most serious difficulties in the West in relations with the state.
The fact is that in 1998 the United States adopted one of the most controversial laws – the Digital Millennium Copyright Act (DCMA) – the Digital Copyright Act. He has forbidden to circumvent copy protection and distribute devices that can be used to infringe copyrights. Moreover, the punishment under this law should be followed even in the case when the cracker did nothing but hack it, did not cause material damage. After a specialist checks the reliability of software protection and publishes information about its weaknesses, it can be held responsible for the violation of the law.
How to protect?
It is clear that in order to penetrate today into the information field of any enterprise or person, it is completely unnecessary to break the door or install “bugs”. Experts say, “A fully secure computer is one that is under lock in a safe in an armored room and is not even included in the outlet.” The thieves use programs such as the “Trojan horse” (installed on the computer, the simplest ones simply steal all the passwords, advanced ones – allow you to view the contents of the screen, intercept all keyboard inputs, change files, etc.). The attacks also called “denial of service”, which disrupted network nodes. At the same time, the operation of the site becomes impossible for several minutes or even hours. It is clear that such stops bring huge losses.
Criminal practice dictates the work of a specialist in the protection of information. It deals less with physical security (bandwidth, video surveillance, etc.) and more and more – network and computer. There is a conceptual scheme on which the work of such a specialist is under construction.
First, he conducts an information survey and analysis. This is the most important stage, which results in the so-called “model of the perpetrator”: who, why and how can disturb the security