Protecting Information Resources
People tend to protect their secrets. The development of information technologies and their penetration into all spheres of a human activity leads to the fact that information security is getting more and more relevant, becoming at the same time more complex. Information processing technology is constantly improving; and practical methods of information security are changing together with them. Indeed, the universal methods of protection do not exist. Much success in the construction of the security mechanisms for a real system will depend on its individual characteristics, the allowance for which is poorly amenable to formalization. Therefore, information security is often seen as an informal set of recommendations on building security systems of the particular type. The information sphere today is not only one of the most important areas of international cooperation, but is also the object competition. Some countries with the more developed information infrastructure, by setting technology standards and providing consumers with their resources, determine the conditions of formation and implementation of activities of information infrastructures in other countries. They have the impact on the development of the information sector (Stamp, 2013).
Providing information security is not only very expensive (the cost of purchase and installation of hardware and software protection can be greater than half the cost of computer equipment). However, it is very complex, i.e. the creation of a system of information security is difficult in order to identify potential threats and necessary level of the protection required for maintenance of the information system in the working order (Stamp, 2013).
Threats to the security of information in modern systems of its processing are determined by deliberate threats (intentional) and natural threats (unintentional), by destroying and distorting effects of the external environment, the reliability of operation of information processing facilities, as well as intentional self-serving influence of unauthorized users. Their objectives are theft, destruction, liquidation, unauthorized modification and the use of the information being processed. In this case, intentional or deliberate threats are such threats that are caused by some malicious actions of people. Accidental or natural ones are the threats that do not depend on the will of people. Currently, the following classification of threats of information safety (integrity) is adopted (Brotby, 2008).
Sources of Threats. The source of threats is understood as a direct threat performer in terms of the negative impact on the information. Sources can be divided into the following groups:
- Technical devices;
- Models, algorithms, and programs;
- Technological processing circuit;
Prerequisites for the Threats. There are the following prerequisites or the causes of threats:
- Objective causes (the quantitative or qualitative failure of components) are not directly related to the activities of people and causing random threats in the nature of origin;
- Subjective causes are directly related to human activities; they causing both intentional (intelligence activities of foreign states, industrial espionage, activities of criminal elements and unscrupulous employees) and unintentional (poor psychophysiological state, the lack of training, low level of knowledge) information threats (IRMA, 2012).
The threats to information resources are manifested in the mastery of confidential information and its modifications in the interests of an attacker or its destruction with a view to material damage.
- The implementation of information security threats can be made:
- Through secret service sources in the bodies of commercial structures and public administration that have the ability to obtain the confidential information;
- By bribing the persons working in the factory or in the structures directly related to its activities;
- By intercepting information circulating in the media, communications systems and computer engineering, through the technical means of intelligence and software-mathematical influences on it during processing and storage;
- By eavesdropping of conversations conducted in the offices, vehicles, apartments and country houses;
- Through negotiation processes with foreign or domestic firms using the careless handling of information;
- Through an initiative of employees who want to improve their welfare through earning the money or through an initiative to other physical or moral reasons (IRMA, 2012).
Along with the development of techniques and methods of conversion and transfer of information, methods to ensure its safety are also constantly evolving. The current stage of development of this problem is characterized by the transition from the traditional view as the information protection problem to a broader understanding. The problem of information security implies an integrated decision on two main areas (Brotby, 2008).
The first area may include the protection of state secrets and confidential information, which provides mainly the impossibility of the unauthorized access. Thus, the confidential information is understood as limited access information of public nature (trade secrets, party secrets, and etc.). The second area refers to the protection of information that recently gains an international scale and strategic nature. In this case, there are three main areas of protection from the so-called information weapon (impact):
- Technical systems and tools;
- The human psyche (Whittman, 2012).
The variety of threats of information, functions and classes of problems for the protection of information are refined and expanded in accordance with this approach. Ranking the importance of the protection of the preserved information (an object of protection) is called categorization of protected information. Information security requires the preservation of its following properties:
Integrity of information is in its existence in an undistorted form, i.e. an unchanged form in relation to its original state. Integrity of information is the property of information to maintain its structure or content during the transmission and storage. Availability is the property that characterizes the ability of information to provide timely and easy users’ access to the data that are of interest. Confidentiality is the property that indicates whether to impose restrictions on the access to it the certain number of users, as well as the status afforded to the data and determining the required level of their protection.
Methods of information security are very diverse. Network security services represent the defense mechanisms of the information processed in distributed computing systems and networks. Engineering and technical methods are aimed to ensure the protection of information leakage through technical channels; for example, by intercepting of electromagnetic radiation or voice information. Legal and organizational methods of information protection create a regulatory framework for the organization of various types of activities related to information security. Theoretical methods of information security, in turn, solve two major problems. The first one of them is to formalize various kinds of processes related to information security. For example, a formal model of access control allows strictly to describe every possible information flows in the system and, thus, to ensure the implementation of required safety properties. This immediately implies the second problem: a rigorous justification of correctness and adequacy of functioning of information security systems when analyzing the security. This problem arises, for example, in the certification of automated systems for information security requirements (Whittman, 2012).
As for approaches to implementing protective measures to ensure information security, there is a formed three steps’ development of such measures.
The Stage I - Development of requirements - includes:
Determination of the composition of means of information systems;
- Analysis of vulnerable elements of the information system;
- Threat assessment (identification of problems that may arise due to the presence of vulnerable elements);
- Risk analysis (forecasting the possible effects that can cause these problems).
The Stage II - Identification of ways of protection - includes some answers to the following questions:
- What threats must be eliminated and to what extent?
- What resources need to be defended by the system and to what extent?
- By what means the protection should be implemented?
- What should be the full cost of implementing security and operating costs considering potential threats?
The Stage III - Definition of functions, procedures and security features implemented in some form of protection mechanisms.
- Priority actions for the implementation of information security policy of the state are:
- Development and implementation of mechanisms for the implementation of legal norms regulating relations in the sphere of information and the preparation of the legal concepts of information security;
- Development and implementation of mechanisms to improve the state governance of the public media and public information policy implementation;
- Adoption and implementation of federal programs providing the formation of public archives of information resources, improving the legal culture and computer literacy of the society, a comprehensive response to threats of information warfare, the creation of secure information technology systems used in the implementation of the vital functions for the society and the state, suppression of computer crime, the creation of information and telecommunication system for special purposes;
- Development of a training system used in the field of information security (IRMA, 2012).
The implementation of the above measures to ensure the security of information resources significantly increases the efficiency of the process of informatization in the organization, ensuring the integrity, authenticity and confidentiality of costly business information circulating in the local and global information environments.
Providing information security is a complex task because the information environment is a complex and multifaceted mechanism which may attend components such as personnel, electronic equipment, software, and etc. The solution of many problems of information security requires the use of the following measures: legislative, organizational, program and technical. Ignoring, at least, one aspect of the problem can lead to the loss (leakage) of information that in the modern society is becoming more important and plays a significant role.
In the future, experts predict a revolutionary breakthrough in the field of information security. A group of Israeli scientists has created the molecular locks, i.e. the blocking system designed for generating a signal to open the electronic lock. The sensor responds not on the set of electrical signals from a keyboard or a reading device, but on the set of chemicals. The molecular lock is an electronic lock of steganographic type, i.e. the electronic lock, the existence of which is known only by a person who has the access to information about it and the molecular key. Another advantage of this technique is that instead of electronic signals it uses chemical and optical signals, which further complicates the process of declassification and system decryption (Zyga, 2013).
To create a device, researchers used different saccharides (including glucose, xylose, fructose, galactose and maltitol). These chemicals acted as numbers that are normally used in creating the electronic passwords. Since the system is able to generate a unique optical imprint of each password. It can also be programmed to authorize multiple users. Each user will have the own fluorescent imprint. Additionally, one can also create completely new templates’ passwords by replacing any chemical (for example, by introducing new saccharides). Even to a professional hacker, it would be extremely difficult to declassify the security code, about which the existence he or she does not even know. Therein the one lies in the main advantages of molecular locks because thanks to their small size it is difficult to even find them (Rout et al., 2013)
- Brotby, W. (2008). Information security governance. Rolling Meadows, Il: IT Governance Institute.
- Rout, B., Milko, P., Iron, M., Motiei, L., & Margulies, D. (2013). Authorizing multiple chemical passwords by a combinatorial molecular keypad lock. Journal of the American Chemical Society, 135(41), 15330-15333.
- Stamp, M. (2013). Information security: Principles and practice. Hoboken, NJ: Wiley.
- Whittman, N. (2012). Principles of information security. Boston, MA: Course Technology.
- Zyga, L. (2013, Oct 22). Chemical passwords could lead to unbreakable molecular lock. Retrieved from http://phys.org/news/2013-10-chemical-passwords-unbreakable-molecular.html
- Information Resources Management Association. (2012). Information resources management: Concepts, methodologies, tools, and applications. Hershey, PA: Information Science Reference.