10.1. Information security as a pattern in the development of computer systems

Information security is the use of various means and methods, the use of measures and the implementation of measures in order to ensure a system of reliability of information transmitted, stored and processed.

Information security includes:

• ensuring the physical integrity of information, elimination of distortions or destruction of information elements;

• Preventing the substitution of information elements while maintaining its integrity;

• denial of unauthorized access to information to persons or processes that do not have the appropriate authority to do so;

• acquisition of confidence that the information resources transferred by the owner will be used only in accordance with the conditions agreed by the parties.

The processes of violation of the reliability of information are divided into random and malicious (intentional). Sources of random destructive processes are unintentional, erroneous actions of people, technical failures. Malicious violations result from the deliberate actions of people.

The problem of protecting information in electronic data processing systems arose almost simultaneously with their creation. Specific facts of malicious actions with information caused it.

The importance of the problem of providing reliability of information is confirmed by the costs of protective measures. To ensure a reliable protection system requires significant material and financial costs. Before building a protection system, an optimization model should be developed that allows one to achieve maximum results with a given or minimum use of resources. Calculating the costs that are necessary to provide the required level of information security should begin with finding out a few facts: a complete list of information threats, potential danger for information of each of the threats, the amount of costs necessary to neutralize each of the threats.

If in the first decades of active use of PC, the main danger was presented by hackers who connected to computers mainly through the telephone network, in the last decade the reliability of information has progressed through programs, computer viruses, the global Internet.

There are many ways of unauthorized access to information, including:

• viewing;

• copying and replacing data;

• entering false programs and messages as a result of connecting to communication channels;

• reading the remnants of information on its media;

• reception of electromagnetic radiation and wave signals;

• use of special programs.

To combat all these unauthorized access methods, it is necessary to develop, create and implement a multi-level, continuous and manageable information security architecture. It is not only confidential information that should be protected. The object of protection is usually affected by a certain set of destabilizing factors. In this case, the type and level of influence of some factors may not depend on the type and level of others.

It is possible that the type and level of interaction of existing factors substantially depend on the influence of others, which explicitly or implicitly increase such effects. In this case, it is necessary to apply both means independent of the effectiveness of protection and interdependent ones. In order to ensure a sufficiently high level of data security, it is necessary to find a compromise between the cost of protective measures, inconvenience in using protective measures and the importance of the protected information. On the basis of a detailed analysis of numerous interacting factors, a reasonable and effective solution can be found to balance the protection measures against specific hazards.