With legal organizational information and. Questions for the exam. · Remote attacks on DNS protocol
LEGAL AND ORGANIZATIONAL SUPPORT OF INFORMATION SECURITY
The implementation of guarantees of constitutional rights and freedoms of man and citizen relating to activities in the information sphere is the most important task of the state in the field information security.
(Information Security Doctrine Russian Federation)
4.1. The Constitution of the Russian Federation and the Doctrine of Information Security of the Russian Federation on the legal support of the information sphere
The problem of legal regulation of relations in the field of information security is one of the most important for Russia. The preservation, enhancement and protection of information resources, the establishment of international authority and the reduction of criminal tension in the country, the protection of human rights, freedoms and security in the system largely depend on its solution information relations.
Constitutional norms on the protection of the information sphere
One of the most important tasks of state policy to ensure information security of citizens is the implementation constitutional norms in the field of information. The Constitution of the Russian Federation provides for the right of every citizen to freely seek, receive, transmit, produce and disseminate information in any legal way (Article 29, paragraph 4). The Constitution guarantees freedom mass media and prohibits its censorship (Article 29, paragraph 5).
It also gives every citizen the right to privacy and the preservation of personal and family secrets (Article 23, paragraph 1). The collection, storage, use and dissemination of information about the private life of a person without his consent is not allowed (Article 24, paragraph 1). According to the Constitution, everyone is guaranteed freedom of thought and speech (Article 29, paragraph 1), as well as freedom of literary, artistic, scientific, technical and other types of creativity (Article 44, paragraph 1).
The provisions of the Constitution of the Russian Federation directly or indirectly oblige state and local government bodies and relevant officials to provide every citizen of the Russian Federation with the opportunity to become familiar with documents and materials that directly affect his rights and freedoms, unless otherwise provided by law.
However, the declaration of information rights and freedoms does not mean that the state renounces the protection of information resources. Legal support for information security is formed on the basis of maintaining balance of interests of citizens, society, state, which is especially important in the context of the existence of various forms of ownership. Therefore, the Constitution also defines the grounds for restricting the information rights and freedoms of citizens. These include: protecting the foundations of the constitutional system, morality, health, rights and legitimate interests of other persons, ensuring the defense of the country and the security of the state (Article 17, paragraph 3, Article 55, paragraph 3). The Basic Law also provides for the possibility of restricting rights and freedoms in a state of emergency, indicating the limits and duration of their validity (Article 56).
The relevant articles of the Constitution of the Russian Federation are aimed at suppressing the spread the following types information:
information designed to incite hatred, enmity and violence in relations between people and nations;
obscene and false information, including deliberately false advertising;
information that infringes on the honor and dignity of citizens, which has a negative impact on people’s health and their spiritual and moral state;
information that changes the memory of the past, falsifies the history of the country, disrupts the connection between generations and undermines the unity of the Russian people;
information that can initiate destructive processes - from man-made and natural disasters to all kinds of social, demographic, economic shocks, crises, and conflicts.
At the same time, as indicated in the Information Security Doctrine of the Russian Federation, the rights of citizens to privacy, personal and family secrets, and the secrecy of correspondence enshrined in the Constitution of the Russian Federation in practical terms do not have sufficient legal, organizational and technical support. The protection of data on individuals (personal data) collected by federal government bodies, government bodies of constituent entities of the Russian Federation, and local government bodies is poorly organized.
As a result, the insecurity of citizens' rights to access information and the manipulation of information cause a negative reaction from the population, which in some cases leads to destabilization of the socio-political situation in society.
Doctrine of information security of the Russian Federation on the status and improvement legal relations in the information sphere
Let us recall (see Chapter 2) that the Doctrine is a document containing an officially adopted system of views in Russia on the problems of ensuring information security, methods and means of protecting the vital interests of the individual, society, and state in the information sphere.
The doctrine indicates the presence of a number of shortcomings associated with inconsistency and underdevelopment legal regulation relations in the information sphere and leading to serious negative consequences in ensuring information security. They are discussed above, in Chap. 2.
According to the Doctrine, improvement of legal mechanisms regulation of social relations arising in the information sphere is priority direction state policy in the field of ensuring information security of the Russian Federation.
Work in this direction involves:
assessing the effectiveness of the application of existing legislative and other regulatory legal acts in the information sphere and developing a program for their improvement;
creation of organizational and legal mechanisms to ensure information security;
determining the legal status of all subjects of relations in the information sphere, including users of information and telecommunication systems, and establishing their responsibility for compliance with the legislation of the Russian Federation in this area;
creation of a system for collecting and analyzing data on the sources of threats to the information security of the Russian Federation, as well as the consequences of their implementation;
development of normative legal acts that determine the organization of the investigation and the trial procedure for facts of illegal actions in the information sphere, as well as the procedure for eliminating the consequences of these illegal actions;
development of offenses taking into account the specifics of criminal, civil, administrative, disciplinary liability and inclusion of relevant legal norms in the criminal, civil, administrative and labor codes, in the legislation of the Russian Federation on public service;
improvement of the personnel training system used in the field of ensuring information security of the Russian Federation.
State policy in ensuring information security of the Russian Federation, according to the Doctrine, is based on the following basic principles:
compliance with the Constitution of the Russian Federation, legislation of the Russian Federation, generally recognized principles and norms of international law when carrying out activities to ensure information security (principle of legality);
ensuring legal equality of all participants in the process information interaction regardless of their political, social and economic status, based on the constitutional right of citizens to freely search, receive, transmit, produce and disseminate information in any legal way (the principle of balancing the interests of citizens, society and the state).
Principle of legality requires federal government bodies and government bodies of constituent entities of the Russian Federation, when resolving conflicts arising in the information sphere, to strictly be guided by legislative and other regulatory legal acts regulating relations in this area.
The principle of balancing the interests of citizens, society and the state in the information sphere involves legislative consolidation of the priority of these interests in various areas of society, as well as the use of forms of public control over the activities of federal government bodies and government bodies of constituent entities of the Russian Federation. The implementation of guarantees of constitutional rights and freedoms of man and citizen relating to activities in the information sphere is the most important task of the state in the field of information security.
TO legal methods ensuring information security The Doctrine includes the development and steady implementation of the requirements of regulatory legal acts regulating relations in the information sphere, and regulatory methodological documents on issues of ensuring information security of the Russian Federation.
The most important areas of activity to improve the system of legal support for information security, the Doctrine names:
introducing amendments and additions to the legislation of the Russian Federation regulating relations in the field of information security, specifying legal norms establishing liability for offenses in the field of information security of the Russian Federation;
legislative delimitation of powers in the field of ensuring information security, determination of goals, objectives and mechanisms for the participation of public associations, organizations and citizens in this activity;
improvement of legal acts establishing the liability of legal entities and individuals for unauthorized access to information, its illegal copying, distortion and illegal use, deliberate dissemination of false information, illegal disclosure confidential information, use of official information or information containing trade secrets for criminal and personal gain;
clarification of the status of foreign news agencies, media and journalists, as well as investors when attracting foreign investment for the development of the information infrastructure of Russia;
Rice. 4.1. Legal support of information security
legislative consolidation of development priority national networks communications and domestic production of space communications satellites;
determination of the status of organizations providing services of global information and telecommunication networks on the territory of the Russian Federation, and legal regulation of the activities of these organizations;
creation of a legal framework for the formation of regional information security structures in the Russian Federation;
development legal support mechanisms information security of Russia.
4.2. Federal legislation in the field of information security
The consistent development of legislation in the field of information security is determined by the need integrated approach to the formation and development of a unified concept of its legal support, correlated with the entire system of legislation of the Russian Federation. According to experts, when creating a legal basis for information security, it is necessary to take into account:
the state and composition of international standards in the field of informatization;
the state of domestic legislation in this and related areas;
formation of a legislative system covering all its levels, ensuring continuity and compatibility of norms in laws at different levels - constitutional, general, special;
consistent efforts to develop departmental and local regulations based on the legislative framework;
creation of mechanisms to ensure the organization, application, and effectiveness of the legislative framework in the field of information security.
General legal framework structure should affect all levels of legislation of the Russian Federation:
constitutional legislation;
basic general laws;
laws on organization state system management; special laws.
In addition to federal legislation, issues of informatization and information security must be taken into account in the legislation of all constituent entities of the Russian Federation.
An important place in the legal support of information security should be occupied by by-laws(see clause 4.3).
Complete this hierarchical system legislation should include law enforcement legislation, including standards of liability for offenses when working with information (Fig. 4.1).
Basic laws in the field of information security
Basic actsinformation legislation The Russian Federation are the Laws “On Information, Information Technologies and Information Protection”, “On Security”, “On the Mass Media”. They legislate the right of citizens, organizations and the state to information, establish their basic rights and obligations, the legal regime for the processing and use of information, the procedure for ensuring information security and guarantees for the implementation of the rights and responsibilities of subjects of information relations.
the federal law “On information, information technologies and information protection” adopted on July 27, 2006. The main goal of the law is to improve the legal basis of relations in the field of formation and use of information resources, in the field of informatization, taking into account the growing role of information in updating the production, scientific, organizational and managerial potential of the country, in resolving the issue of Russia’s inclusion in global community. The scope of the Law covers relations arising in the exercise of the right to search, receive, transmit, produce and disseminate information, apply information technologies, ensuring the protection of information (Article 1).
According to the Law “On Information, Information Technologies and Information Protection” (Article 3), the legal regulation of relations in this area is based on the following principles:
freedom to search, receive, transmit, produce and disseminate information by any legal means;
establishing restrictions on access to information only by federal laws;
openness of information about the activities of state bodies and local governments;
equality of rights for the languages of the peoples of the Russian Federation in the creation of information systems;
reliability of information and timeliness of its provision;
privacy;
the inadmissibility of establishing by regulatory legal acts any advantages of using some information technologies over others.
The Law “On Information, Information Technologies and Information Protection” (Article 5) divides all information, depending on the procedure for its provision and distribution, into the following groups:
information freely disseminated;
information provided by agreement of persons participating in the relevant relationship;
information that, in accordance with federal laws, is subject to provision or distribution;
information the distribution of which is restricted or prohibited in the Russian Federation.
According to the Law, the owner of information can be a citizen (individual), legal entity, the Russian Federation, a subject of the Russian Federation, a municipal entity (Article 6). The owner of information is obliged to respect the rights and legitimate interests of other persons, take measures to protect information, and limit access to information if such an obligation is established by federal laws.
The law defines the procedure for state regulation in the field of application of information technology (Article 12), the use of information and telecommunication networks (Article 15) and information protection (Article 16), as well as liability for offenses in the field of information, information technology and information protection ( Art. 17).
From the date of entry into force of this Federal Law The Federal Law of February 20, 1995 “On Information, Informatization and Protection of Information” and a number of other legislative acts were declared invalid (Article 18).
Law of the Russian Federation "About security" adopted March 5, 1992 (as amended December 25, 1992). The law is basic in the field of protecting the vital interests of the state. It legally establishes the concepts of information security, its objects and subjects, defines the security system and its functions.
In Art. 13 of the Law “On Security” states that Security Council of the Russian Federation, being constitutional body carrying out the preparation of decisions of the President of the Russian Federation in the relevant field, carries out its activities in the field of state, economic, public, defense, information, environmental and other types of security. The Law contains a provision that the functions of the Council, in particular, include consideration of issues of information security, ensuring stability and law and order. Thus, the Security Council is responsible for the state of protection of the vital interests of the individual, society and state from external and internal threats.
National legislation designed to regulate relations in the field of informatization and information security includes a number of other existing legislative acts. Let us list and briefly describe the most important of them.
Law of the Russian Federation " About the media" accepted December 27, 1991 (as amended March 2, 1998). In Art. 1 of the law states that freedom of the media in the Russian Federation is not subject to restrictions, except for cases provided for by the legislation on the media. The search, receipt, production and dissemination of mass information, the establishment of mass media, their ownership, use and disposal, production, acquisition, storage and operation are also not subject to restrictions. technical devices and equipment, raw materials and supplies intended for the production and distribution of media products.
The law directly states that censorship of mass information, as well as the creation and financing of organizations, institutions, bodies or positions whose tasks or functions include censorship of mass information, is not permitted. In Art. 4 of the Law states the inadmissibility of misuse of the media for the purpose of committing criminal offenses:
disclosure of information constituting a state or other secret specially protected by law;
calls for the seizure of power, forcible change of the constitutional system and the integrity of the state;
inciting national, class, social, religious intolerance or hatred, propaganda of war;
distribution of programs promoting pornography, the cult of violence and cruelty.
In the same article prohibited use in television, video and film programs, documentaries and feature films, as well as in information computer files and programs for processing information texts related to special means mass media, hidden inserts, influencing people's subconscious and (or) have a harmful effect on their health.
Federal Law has a certain relationship to the field of information security “On state support of the media and book publishing in the Russian Federation”, adopted on December 1, 1995. This law regulates the procedure for state support of the media and book publishing, the privatization of enterprises that ensure their functioning, and is aimed at ensuring the constitutional right of citizens to receive complete and objective information.
Law of the Russian Federation "On state secrets" adopted on July 21, 1993, regulates relations arising in connection with the classification of information as state secrets, their declassification and protection in the interests of ensuring the security of Russia. The provisions of the law reflect practical activities to protect information constituting state secrets. The law maintains continuity in the protection of most information of a regulatory nature, which allows, to a certain extent, to preserve existing approaches to the protection of information at all stages of its existence. The concept of the Law “On State Secrets” is based on the idea of reorienting the existing information protection system to achieve a balance of interests of the individual, society and the state, adapting it to ongoing changes in the management system in the economic, political, military and other spheres of society, creating mechanisms for the implementation of legal relations capable of developing in new conditions.
Law of the Russian Federation "About communication" adopted on January 20, 1995. The scope of this law extends to relations related to the provision of services and performance of work in the field of communications, in the implementation of which government bodies, telecom operators, individual officials, as well as communications users participate. The law establishes the legal basis for activities in the field of communications carried out under the jurisdiction of the Russian Federation (federal communications), defines the powers of government authorities to regulate these activities, as well as the rights and obligations of individuals and legal entities participating in these activities or using communications services. A separate chapter of the Law is devoted to the regulation of relations in the field of communications management, regulation of the use of the radio frequency spectrum and orbital positions of communications satellites, management of communications networks in emergency situations and in states of emergency. The law determines that federal communications include all networks and structures of electrical and postal communications on the territory of the Russian Federation (with the exception of intra-industrial and technological communication networks).
Law " On the federal bodies of government communications and information" adopted on February 19, 1993. The law, in particular, defines the responsibilities of the state in the field of formation of information resources, their use and protection. In Art. 3 of the Law states that state policy in this area is aimed at creating conditions for effective and high-quality information support strategic and operational tasks development of Russia.
The Law formulates the main directions of public policy in the field of informatization and information security, which include:
providing conditions for the development and protection of all forms of ownership of information resources;
formation and protection of state information resources;
creation and development of federal and regional information systems and networks, ensuring their compatibility and interaction in the unified information space of Russia;
creating conditions for high-quality and effective information support for citizens, government bodies, local governments, organizations and public associations based on state information resources;
ensuring national security in the field of informatization, as well as ensuring the implementation of the rights of citizens and organizations in the conditions of informatization;
creation and improvement of a system for attracting investments and a mechanism for stimulating the development and implementation of informatization projects;
development of legislation in the field information processes, informatization and information protection.
Law "On bodies of the Federal Security Service of the Russian Federation", adopted on April 10, 1995, and the Law " About foreign intelligence" dated January 10, 1996, in terms of obtaining, processing intelligence information and protecting state secrets, have much in common.
To achieve the goals of intelligence activities and obtain special information, the Federal Security Service (FSB) and foreign intelligence agencies use methods and means in accordance with federal laws. In Art. 20 of the Law “On Bodies of the Federal Security Service of the Russian Federation” states that storage in information systems information about individuals and legal entities is not a basis for taking measures that restrict the rights of these persons. The Law “On Foreign Intelligence” regulates the activities of radio intelligence units and units of the Federal Agency for Government Communications and Information (FAGSI), which provide and conduct intelligence activities in the field of encrypted, classified and other types of special communications.
In federal laws "On state protection" And “On Federal Courier Communications” the rights and responsibilities of the relevant services in the field of collecting, receiving, guarding, protecting and delivering information are determined.
The legal consolidation of information relations arising in the sphere of activity of internal affairs bodies is regulated by the Law “On the Police” and the Federal Law “On Operational Investigative Activities”.
Russian police in accordance with the Law of the RSFSR "About the police" adopted on April 18, 1991, granted a wide range of powers in the information sphere. Thus, it is obliged to “receive and register applications, messages and other incoming information about crimes, administrative offenses and events that threaten personal or public safety” (Article 10, paragraph 3).
In accordance with Art. 11 of the Law on the Police provides the right to “receive from citizens and officials the necessary explanations, information, certificates, documents and copies thereof” (clause 4), as well as “to carry out registration, photography, sound recording, filming and video recording, fingerprinting of persons, prisoners detained on suspicion of committing crimes or vagrancy, accused of committing intentional crimes, subjected to administrative arrest, as well as persons suspected of committing an administrative offense when it is impossible to establish their identity...” (paragraph 15).
The internal affairs bodies of Russia perform the functions of forming and maintaining national reference and information funds (section 1.1). These functions are assigned to information centers and forensic units in interaction with other units of internal affairs bodies, as well as with organizations and services of other law enforcement, including foreign ones.
the federal law “On operational investigative activities” adopted on August 12, 1995. In accordance with the Law, operational units of internal affairs bodies received ample opportunities to collect information “about events or actions that pose a threat to the state, military, economic or environmental security of the Russian Federation” (Article 2). In Art. 6 of the Law provides a list of operational investigative activities, during which, to obtain the necessary information, “information systems, video and audio recordings, filming and photography, as well as other technical and other means are used that do not harm the life and health of people and do not cause harm to the environment."
The Federal Law “On Operational Investigative Activities” allows restrictions on the constitutional rights of citizens during operational investigative activities only with the permission of the court on the basis of a reasoned decision of one of the heads of the body - the subject of operational investigative activities.
Law of the Russian Federation " About copyright and related rights" entered into force on August 3, 1993 (the Law is currently in force in the 2004 version). The subject of regulation of the Law, in particular, is relations arising in connection with the creation and use of works of science, literature (including computer programs), which are the result of creative activity, regardless of the purpose and merit of the work, as well as the method of its expression. The sources of regulation are not only the laws of the Russian Federation and the legislative acts of the constituent entities of the Russian Federation adopted on their basis, but also international treaties in which Russia participates. If an international treaty to which the Russian Federation participates establishes rules other than those contained in the Law, then the rules of the international treaty apply. The main concepts of the Law include, among others, the concepts of a computer program and database, recording a program in the computer memory, as well as the concept of counterfeit copies of works. The law determines that computer programs are objects of copyright, violation of which entails civil, criminal and administrative liability in accordance with the legislation of the Russian Federation.
the federal law “On the fundamentals of public service” adopted on July 31, 1995. The Law defines the rights, obligations and restrictions imposed on civil servants, including in the field of information exchange. Yes, Art. 11 of the Law prohibits civil servants from using information support tools and official information for non-official purposes.
IN Civil Code of the Russian Federation(Part 1 and Part 2) information is considered as an object of civil law along with intellectual property and property (Article 128). The Code also defines information that constitutes official and commercial secrets. In Art. 139 defines the composition of special formalities that allow the application of any sanctions in case of violation of confidentiality of information.
The Constitution of the Russian Federation and the Civil Code of the Russian Federation directly or indirectly relate to such important topics of informatization as the right to information, guarantees, restrictions and creation of conditions for information security, delimitation of areas of jurisdiction into the most important components of informatization: information and communication.
Criminal Code of the Russian Federation adopted on May 24, 1996 and put into effect on January 1, 1997. The New Criminal Code (with subsequent amendments and additions) establishes approaches to some problems of criminal law that are fundamentally new for domestic legislation. Certain norms are being used for the first time in Russian law enforcement practice. In particular, Ch. 28 "Crimes in the field of computer information" defines socially dangerous and criminal acts in the field of computer information.
The following crimes are classified in the Criminal Code as crimes against the constitutional rights and freedoms of man and citizen that are of an informational nature:
violation of the confidentiality of correspondence, telephone conversations, postal, telegraph or other communications of citizens (Article 138, Part 1);
illegal production, sale or acquisition for the purpose of sale of special technical means intended for secretly obtaining information (p. 138, part 3);
provision of incomplete or deliberately false information to a citizen by an official if this causes harm to the rights and legitimate interests of citizens (Article 140, Part 3);
illegal use of an invention, utility model, industrial design, disclosure of their essence without the consent of the author or applicant before the official publication of information about them, appropriation of authorship or coercion of co-authorship (Article 147, Part 2);
collecting information constituting commercial or bank secrets by stealing documents, bribery or threats, as well as in other illegal ways (Article 183, Part 1);
illegal disclosure or use of information constituting a commercial or banking secret without the consent of its owner (Article 183, Part 2);
illegal export of technologies, scientific and technical information and services in the field of weapons and military equipment (Article 189, Part 2).
Legislative regulation of citizens' rights to a favorable environment and reliable information about its condition is reflected in the Federal Law “On radiation safety of the population”, adopted on January 9, 1996. In accordance with Art. 23 of the Law, citizens and public organizations have the right to objective information about the radiation situation and safety measures taken from those organizations that carry out activities using sources of ionizing radiation. In addition, according to Art. 6 of the Law, constituent entities of the Russian Federation are authorized to inform citizens about the radiation situation in the relevant territory.
4.3. Decrees of the President of the Russian Federation and other regulatory legal acts on information security issues
Subordinate legal acts are law-making acts of competent authorities that are based on the law and do not contradict it. By-laws have less legal force than laws; they are based on legal force laws and cannot resist them. Effective regulation of social relations occurs when general interests are consistent with private ones. By-laws are precisely intended to specify the basic, fundamental provisions of laws in relation to the uniqueness of specific situations.
In terms of their content, by-laws, as a rule, are acts of various executive authorities. They are divided according to subjects of publication and area of distribution to general, local, departmental and intra-organizational acts. In the system of by-laws, normative acts have the highest legal force. decrees of the President of the Russian Federation, published on the basis and in development of federal laws. Decrees of the Government of the Russian Federation- these are regulations adopted in the context of decrees of the President of the Russian Federation and designed, if necessary, to regulate smaller issues, in this case related to ensuring information security. Local by-laws are published by local representative authorities and local self-government bodies. The effect of these acts is limited to the territory subject to them. Departmental and intra-organizational regulations– orders, instructions, etc. – are issued by structural divisions of government bodies and, accordingly, by various organizations to regulate their internal issues, in particular, to ensure information security. Their action is mandatory for members of these organizations.
Decrees of the President of the Russian Federation on issues of informatization and information security
Decree of the President of the Russian Federation of December 17, 1997 No. 1300 “On approval of the National Security Concept of the Russian Federation." The concept is a political document that reflects a set of officially accepted views on the goals and state strategy in the field of ensuring the security of individuals, society and the state from external and internal threats of a political, economic, military, informational and other nature, taking into account available resources and capabilities.
The Concept states that Russia’s national interests in information sphere determine the need to concentrate the efforts of society and the state on solving the problems of observing the constitutional rights and freedoms of citizens in the field of obtaining information and exchanging it, protecting national spiritual values, promoting national cultural heritage, and ensuring the right of citizens to receive reliable information.
The concept defines the most important tasks to ensure national security in the information sphere. These include:
establishing the necessary balance between the need for free exchange of information and permissible restrictions its distribution;
improvement information structure, accelerating the development of new information technologies and their widespread distribution, unifying means of searching, collecting, storing, processing and analyzing information, taking into account Russia’s entry into the global information infrastructure;
development and coordination of the relevant regulatory legal framework with the participation of all authorities, problem solvers ensuring information security;
development of the domestic telecommunications and information media;
protection of state information resources.
Decree of the President of the Russian Federation of January 20, 1994 No. 170 “On the basics of state policy in the field of informatization"(as amended on July 9, 1997). The decree established that the main directions of state policy in the field of informatization are:
creation and development of federal and regional information systems and networks, ensuring their compatibility and interaction in the unified information space of Russia;
formation and protection of state information resources as a national treasure;
ensuring national security interests in the field of informatization;
ensuring the unity of state standards in the field of informatization, their compliance with international recommendations and requirements;
formation and implementation of a unified state scientific, technical and industrial policy in the field of informatization that meets the modern world level;
support for informatization projects that ensure development information networks and systems;
creation and improvement of a system for attracting foreign investment and a mechanism for stimulating non-state structures in the development and implementation of informatization projects.
The decree establishes the concept “Russian single information space”.
In accordance with the Decree, on the basis of the liquidated Committee of the Russian Federation on Informatization, the Committee under the President of the Russian Federation on Informatization Policy was formed, the main tasks of which, in particular, are participation in the development and implementation of state policy in the field of informatization, as well as the development of draft legislative and other regulations on the specified questions.
Decree of the President of the Russian Federation of June 28, 1993 No. 966 “On the Concept of Legal Informatization of Russia.” The main provisions of the Concept state that the legal informatization of Russia is understood as “the process of creating optimal conditions the most complete satisfaction of the information and legal needs of government and public structures, enterprises, organizations, institutions and citizens on the basis of effective organization and use of information resources using advanced technologies.”
In accordance with the Concept, legal informatization should be carried out in the following areas:
informatization of law-making activities;
informatization of law enforcement activities;
legal support of informatization processes.
The Concept defines main goals of legal informatization:
information and legal support for the internal activities of state bodies;
information and legal support for entities external to government agencies, including legal entities;
preservation and structuring of the information legal field.
Decree of the President of the Russian Federation of December 31, 1993 No. 2334 “On additional guarantees of citizens' rights to information"(as amended and supplemented on January 17, 1997). The Decree declares that the right to information is one of the fundamental human rights. The activities of government bodies, organizations and enterprises, public associations, officials are carried out on principles of information openness, which is expressed:
accessibility to citizens of information of public interest or affecting the personal interests of citizens;
in systematically informing citizens about proposed or adopted decisions;
in the exercise by citizens of control over the activities of government bodies, organizations and enterprises, public associations, officials and the decisions they make related to the observance, protection and defense of the rights and legitimate interests of citizens;
in creating conditions for providing Russian citizens with foreign information products and providing them with information services of foreign origin.
In 1993 put into effect “Fundamentals of the legislation of the Russian Federation on the Archive Fund of the Russian Federation and archives.” In development of this document, Decree of the President of the Russian Federation of March 17, 1994 No. 552 was signed “On approval of the Regulations on the Archival Fund of the Russian Federation and the Regulations on the State Archival Service of Russia”, as well as Decree of the President of the Russian Federation dated March 25, 1994 No. 151-rp “On Archive of the President of the Russian Federation." Decree of the President of the Russian Federation No. 151-rp determines that the Archive is a specialized unit of the Presidential Administration, which carries out the permanent storage and use of documents generated as a result of the activities of the President and the structural divisions of his Administration.
Decree of the President of the Russian Federation of August 4, 1995 No. 808 “On presidential programs for legal informatization.” This decree approved the Presidential program “Legal informatization of government bodies of the Russian Federation.” The program provides for the development and implementation of projects and activities in the following areas:
legal informatization of law-making activities of government bodies of the Russian Federation;
legal support for legal informatization processes;
creation of a unified information and legal space for government bodies of the Russian Federation;
formation of state policy of legal informatization.
Example legal acts local authorities authorities Resolution of the Moscow Government dated August 22, 2000 No. 654 “ On approval of the Moscow Security Concept"(as amended on December 2, 2003), discussed above in Ch. 3, The Concept considers the main threats to the security of Moscow, including psychological threats, as well as the main directions of ensuring security and organizing the city’s security system.
In general, an analysis of the domestic regulatory framework aimed at regulating relations in the field of information security allows us to conclude that it is still in in the process of becoming. Currently, a number of regulations on information security are at the stage of development or approval.
4.4. Organizational information security
According to the Doctrine, main functions of the organizational support system information security are:
development of a regulatory legal framework in the field of ensuring information security of the Russian Federation;
creating conditions for the implementation of the rights of citizens and public associations to activities permitted by law in the information sphere;
Organizational information security system
Rice. 4.2. Organizational information security system
determining and maintaining a balance between the need of citizens, society and the state for the free exchange of information and the necessary restrictions on the dissemination of information;
assessment of the state of information security of the Russian Federation, identification of sources of internal and external threats information security, identifying priority areas for preventing, repelling and neutralizing these threats;
coordination of the activities of federal government bodies and other government bodies that solve the problems of ensuring information security of the Russian Federation;
control over the activities of federal government bodies and government bodies of constituent entities of the Russian Federation, state and interdepartmental commissions involved in solving problems of ensuring information security;
prevention, detection and suppression of offenses related to attacks on the legitimate interests of citizens, society and the state in the information sphere, on the implementation of legal proceedings in cases of crimes in this area;
development of domestic information infrastructure, as well as the telecommunications and information media industry, increasing their competitiveness in the domestic and foreign markets;
organization of development of federal and regional programs ensuring information security and coordinating activities for their implementation;
implementation of a unified technical policy in the field of information security;
organization of fundamental and applied scientific research in the field of information security;
protection of state information resources, primarily in federal government bodies and government bodies of constituent entities of the Russian Federation, at defense enterprises;
ensuring control over the creation and use of information security tools through mandatory licensing of activities in this area and certification of information security tools;
improvement and development of a unified system for training personnel used in the field of information security;
implementation of international cooperation in the field of information security, representation of the interests of the Russian Federation in relevant international organizations.
The competence of federal government bodies, government bodies of constituent entities of the Russian Federation, and other government bodies that are part of the system of organizational support for information security and its subsystems is determined by federal laws, regulatory legal acts of the President and the Government of the Russian Federation.
The functions of bodies coordinating the activities of federal government bodies, government bodies of constituent entities of the Russian Federation, and other government bodies that are part of the information security system and its subsystems are determined by separate regulatory legal acts of the Russian Federation.
The system of organizational support for information security is built on the basis of the delimitation of powers of legislative, executive and judicial authorities in this area, as well as the jurisdiction of federal government bodies and government bodies of constituent entities of the Russian Federation.
The main elements of the organizational support system for information security are:
President of the Russian Federation;
Federation Council of the Federal Assembly of the Russian Federation; State Duma of the Federal Assembly of the Russian Federation; Government of the Russian Federation; Security Council of the Russian Federation; federal executive authorities; interdepartmental and state commissions created by the President and the Government of the Russian Federation;
executive authorities of the constituent entities of the Russian Federation; local government bodies; judicial authorities; public associations;
citizens who, in accordance with the legislation of the Russian Federation, take part in solving problems of ensuring information security (Fig. 4.2).
President of the Russian Federation:
manages, within the limits of its constitutional powers, the Security Council of the Russian Federation, other bodies and forces to ensure information security of the Russian Federation;
authorizes actions to ensure information security of the Russian Federation;
in accordance with the legislation of the Russian Federation, forms, reorganizes and abolishes subordinate bodies and forces to ensure the information security of the Russian Federation;
determines in its annual messages to the Federal Assembly the priority directions of state policy in the field of ensuring information security of the Russian Federation, as well as measures for the implementation of the Doctrine of Information Security of the Russian Federation.
Chambers of the Federal Assembly of the Russian Federation on the basis of the Constitution of the Russian Federation, on the proposal of the President and the Government of the Russian Federation, they form a legislative framework in the field of ensuring information security of Russia.
Government of the Russian Federation within the limits of their powers and taking into account the priority areas in the field of ensuring information security formulated in the annual messages of the President to the Federal Assembly of the Russian Federation:
coordinates the activities of federal executive authorities and executive authorities of constituent entities of the Russian Federation;
provides for the allocation of funds necessary for the implementation of federal programs in this area when forming federal budget projects in the prescribed manner for the corresponding years.
Security Council of the Russian Federation:
carries out work to identify and assess threats to information security of the Russian Federation;
promptly prepares draft decisions of the President of the Russian Federation to prevent such threats;
develops proposals in the field of ensuring information security, as well as proposals to clarify certain provisions of the Information Security Doctrine of the Russian Federation;
coordinates the activities of bodies and forces to ensure information security of the Russian Federation;
controls the implementation by federal executive authorities and executive authorities of constituent entities of the Russian Federation of the decisions of the President of the Russian Federation in this area.
Federal executive authorities ensure the implementation of the legislation of the Russian Federation, decisions of the President and the Government of the Russian Federation in the field of ensuring information security of the Russian Federation; within the limits of their competence, develop normative legal acts in this area and submit them in the prescribed manner to the President of the Russian Federation and the Government of the Russian Federation.
Interdepartmental and state commissions, created by the President of the Russian Federation and the Government of the Russian Federation, solve the tasks of ensuring information security in accordance with the powers granted to them.
Such bodies include the State Technical Commission under the President of the Russian Federation (Gostekhkomissiya Rossii) and the Federal Agency for Government Communications and Information under the President of the Russian Federation (FAPSI).
State Technical Commission of Russia, created by Decree of the President of the Russian Federation of February 19, 1999 No. 212, carries out intersectoral coordination and functional regulation of activities to ensure the protection of information containing information constituting state or official secrets. It organizes the activities of the state system for protecting information from technical intelligence on the territory of Russia and from its leakage through technical channels, from unauthorized access to it, from special influences on information for the purpose of its destruction, distortion and blocking. The State Technical Commission of Russia pursues a unified state scientific and technical policy in the field of information protection in the development, production, operation and disposal of non-information emitting complexes, systems and devices.
The State Technical Commission of Russia carries out a wide range of functions:
approves regulatory and methodological documents on technical information protection;
develops and coordinates a standardization program and draft state standards in the field technical protection information;
carries out work to forecast the development of technical intelligence forces, means and capabilities, to assess their awareness of information constituting a state secret;
carries out licensing of activities related to the provision of services in the field of technical information protection, the creation of means of technical information protection, as well as means technical control effectiveness of information protection;
participates together with the FSB in conducting, on a contractual basis, special examinations for the admission of enterprises, institutions and organizations to carry out work related to the use of information constituting a state secret;
carries out work on certification of technical information security means;
organizes radio monitoring of compliance established order transfers service messages officials of enterprises, institutions and organizations performing work related to information constituting state or official secrets, etc.
The State Technical Commission of Russia is empowered to submit proposals to the country's leadership on legal regulation in the field of technical information protection, as well as to monitor compliance with federal legislation in this area and the requirements of governing and regulatory documents.
Government Communications and Information Units(formerly FAPSI), as part of the FSB of Russia, provides state authorities with special types of communication and information. They provide cryptographic and engineering security of encrypted communications in the Russian Federation. Regulation of this activity is carried out by the Law of the Russian Federation “On Federal Bodies of Government Communications and Information”.
Executive authorities of the constituent entities of the Russian Federation:
interact with federal executive authorities on issues of implementation of the legislation of the Russian Federation, decisions of the President and Government of the Russian Federation in the field of ensuring information security, as well as on issues of implementation of federal programs in this area;
together with local governments, carry out activities to attract citizens, organizations and public associations to assist in solving problems of ensuring information security;
submit proposals to the federal executive authorities to improve the information security system of the Russian Federation.
Local authorities ensure compliance with the legislation of the Russian Federation in the field of information security.
Judicial authorities administer justice in cases of crimes related to attacks on the legitimate interests of the individual, society and the state in the information sphere, and provide judicial protection for citizens and public associations whose rights have been violated in connection with activities to ensure information security of the Russian Federation.
The information security system of the Russian Federation may also include other subsystems focused on solving various tasks in this area.
4.5. International cooperation of Russia in the field of information security
International cooperation of the Russian Federation in the field of information security is an integral component of political, military, economic, cultural and other types of interaction between countries that are part of the world community. Such cooperation should help improve the information security of all members of the world community, including Russia.
Features of international cooperation of the Russian Federation in the field of information security is that it is carried out in the conditions of:
intensification of international competition for the possession of information resources, for dominance in sales markets, in the context of continued attempts to create a structure of international relations based on unilateral solutions to key problems of world politics;
countering the strengthening of Russia’s role as one of the influential centers of the emerging multipolar world;
strengthening the technological lead of the world's leading powers and increasing their capabilities to create “information weapons.”
All this could lead to a new stage in the development of the arms race in the information sphere, an increase in the threat of intelligence and operational-technical penetration of foreign intelligence services into Russia, including using the global information infrastructure.
Main directions international cooperation of the Russian Federation in the field of information security are:
prohibition of the development, proliferation and use of “information weapons”;
ensuring the security of international information exchange, including the safety of information during its transmission through national telecommunications channels and communication channels;
coordination of the activities of law enforcement agencies of countries belonging to the world community to prevent computer crimes;
preventing unauthorized access to confidential information in international banking telecommunication networks and information support systems for global trade, to information from international law enforcement organizations fighting transnational organized crime, international terrorism, the spread of drugs and psychotropic substances, illicit trade in weapons and fissile materials, as well as human trafficking.
To implement international cooperation in these main areas, it is necessary to ensure Russia's active participation in all international organizations operating in the field of information security, including in the field of standardization and certification of informatization and information security tools.
In accordance with international agreements of Russia main legal sources in the field of information relations and protection of objects and subjects of information technology are:
Universal Declaration of Human Rights, approved and proclaimed by the UN General Assembly (1948);
European Convention for the Protection of Human Rights and Fundamental Freedoms (1950);
International Covenant on Civil and Political Rights (1976);
European Convention of 28 January 1981 for the Protection of the Person with regard to automated processing personal data;
Directives of the European Parliament and the Council of the European Union 95.46.EC and 97.66.EC concerning the processing of personal data, other international treaties concluded by the Russian Federation.
The Russian Federation, being a member European Council, participates in international conventions in the field of informatization of society. In particular, Russia and the European Union have a special article in the Partnership and Cooperation Agreement on compliance in the field of intellectual property. In 1973, the USSR (successor - the Russian Federation) joined the Universal Copyright Convention (Geneva, 1953, as amended in 1971). In 1990, the USSR was accepted as a member of the International Criminal Police Organization - Interpol. Subsequently, the Russian Federation became the legal successor to this organization, which, among other things, fights international computer crimes.
On June 5, 1996, the State Duma of the Russian Federation adopted the Federal Law “ About participation in the international information exchange». This Law establishes (in interaction with other federal laws and regulations) the procedure for the international exchange of both confidential and mass information (but does not affect relations regulated by the Law “On Copyright and Related Rights”).
Purpose This Law is to create conditions for Russia’s effective participation in international information exchange within the framework of a single world information space, ensuring the protection of the interests of the Russian Federation, constituent entities and municipalities, as well as the interests, rights and freedoms of individuals and legal entities in international information exchange.
The Law specifies objects international information exchange:
documented information;
informational resources;
information Services;
means of international information exchange.
Formulated by law responsibilities government bodies of the Russian Federation and the authorities of the constituent entities of the Russian Federation at various levels. In particular, they must:
create conditions for ensuring timely and sufficient replenishment of state information resources of the Russian Federation with foreign information products and services;
promote the introduction of modern information technologies to participate in international information exchange;
ensure the protection of state information resources and compliance with the legal regime of information;
stimulate the expansion of mutually beneficial international information exchange of documented information;
create conditions for protection from low-quality and unreliable foreign information, unfair competition from individuals and legal entities of foreign states in the information sphere;
promote the development of commodity relations in international information exchange.
In Art. 8 of the Law introduced restrictions for the movement from the Russian Federation of documentary information classified as a state secret, or other confidential information, all-Russian national property, archival fund, other categories of documented information, the export of which may be limited by the legislation of the Russian Federation.
When implementing international cooperation of the Russian Federation in the field of information security, special attention is paid to the problems of interaction with participating states Commonwealth of Independent States.
Two decrees of the President of the Russian Federation are directly devoted to this interaction:
Decree of October 19, 1993 No. 1665 “On information and legal cooperation of the Russian Federation with member states of the Commonwealth of Independent States." The decree planned to prepare, with the participation of interested ministries and departments, a draft interstate agreement on the issue of information and legal cooperation. The agreement was prepared and adopted on October 21, 1994;
Decree of December 27, 1993 No. 2293 “Issues of forming a single information and legal space of the Commonwealth of Independent States.” The decree, in particular, establishes the concept of “single information and legal space of the CIS” as an element of the category “single information space”.
Issues for discussion
1. How do you assess the significance of legal acts at different levels for ensuring information security?
2. To what extent is the balance of interests of individuals, society and the state in the information sphere ensured today?
3. How do you feel about the collection and storage in information systems of information about individuals, including about you personally?
4. What needs to be expanded today in the sphere of informing the population by the media: freedom or a system of restrictions?
5. What prevails today in international information exchange: openness or caution and mistrust? What is the principle of “double standards”?
6. Does the protection against the transfer abroad of documentary and artistic information classified as national Russian heritage need improvement?
7. What are the main elements of the system of legal and organizational support for information security?
Organizational and legalproviding information
security
Associate Professor, Department of BIT
Ph.D.
Strukov Vladimir Ilyich INTRODUCTION
Purpose, objectives and content of the course
1. Object of protection
Information security measures can only be applied to physical
objects, therefore the material media of information are protected:
-staff,
-documentation,
-technical means.
2. Protective equipment
The comprehensive protection system is based on the following protection methods:
legal, organizational and technical.
2Information security methods
Legal
-International
right
-State,
-local,
-departmental,
-in-house
legal acts
3
Organizational
-Creation of Security Council
-Introduction of ZI mode
-Preparation and
retraining of personnel
-Licensing systems
and certification in
ZI areas
Technical
-Software,
-Hardware
-Cryptographic
facilities
-Physical
obstacles Purpose of the course:
Obtaining the necessary knowledge on organizational and legal
issues of protecting information of legal entities and individuals.
Course objectives:
-acquaintance with the existing ones in the Russian Federation legislative framework in area
ZI;
-gaining knowledge about the use of organizational and technical
protection methods economic information at the enterprise;
-developing the ability to independently analyze content
legislative acts and effectively apply protection methods
information.
4Course content (1 semester)
1. Structure and composition of information legislation
2. Legal basis for the use of information resources
3. Protecting restricted information
4. Basics of using organizational methods of protection
information
5. Basics of use technical methods protection
information
6. Licensing and certification in the field of information technology
7. System of legal liability for violation of GI norms
In total, according to the plan for 1 semester of classroom lessons, 72 hours, including
lectures, practical and laboratory work (computer tests).
Upon completion - test.
5Educational and educational literature
1. Kopylov V.A. Information law: Textbook. - M.: Yurist, 2003. –
512.
2. Gorodov O.A. Information law: Textbook. - M.: TK Welby, Publishing House
Prospect, 2007. – 248 p.
3. Yarochkin V.I. Company security system. - M.: Os-89, 1997.
4. Vekhov V.E. Computer crimes: Methods of commission and detection. M.: Law and Law, 1996.
5. Shavaev A.G. Criminological security of non-state objects
economy. - M.: INFRA-M, 1995.
6. Strukov V.I. Legal support for information protection. Methodical
manual, part 1 and 2. (No. 4196) and (No. 4196-2) (on the digital campus
7. Electronic textbook at the POIB rate (on the website http://bit.tsure.ru/).
8. Strukov V.I. Presentations of lectures on courses of foreign language development and Guidelines To
performing laboratory work (No. 3563) (on the digital campus
http://incampus.ru/campus.aspx?module=dashboard).
Periodicals
Magazines: “Information Protection” - Inside; BIT, BDI, etc.
6Legal documents
1. Law of the Russian Federation “On information, information technologies and
information protection” dated July 27, 2006. No. 149-F3.
2. Law of the Russian Federation “On State Secrets” dated July 21, 1993. No. 5485-1 (ed.
11.11.2003 No. 153).
3. Law of the Russian Federation “On Trade Secrets”, dated July 29, 2004. No. 98-FZ.
4. Law of the Russian Federation “On Personal Data” dated July 27, 2006 N 152-FZ.
5. Law of the Russian Federation "On electronic signature" dated April 6, 2011 N 63-FZ
6. Law of the Russian Federation “On archiving in the Russian Federation” dated October 22, 2004 No. 125-FZ.
7. Law of the Russian Federation “On Federal Courier Communications” dated
12/17/1994 No. 67-FZ (as amended on April 20, 2006).
8. Civil Code of the Russian Federation, Criminal Code of the Russian Federation and other codes.
9. Law of the Russian Federation “On licensing of certain types of activities”,
from 8.08.2001 No. 128 (as amended on May 4, 2011 N 99-FZ).
7Topic 1
Structure and composition of information legislation
1.1. Legal regulation of public relations
Legal regulation of relations in the field of protection
information is carried out by information law,
which is one of the components of the existing
systems of law.
There are many components in jurisprudence, which
unites one common scientific discipline- theory
state and law. She studies patterns
emergence, development, purpose and functioning
state and law.
The basics of this knowledge are covered in the “Jurisprudence” course.
(Repeat the sections yourself: Structure of the legal relationship;
Legal liability; Composition of the offense.)
8Classification of normative legal acts.
By legal force.
According to the entities publishing them.
According to the subjects issuing them, legal acts are divided into
acts of legislative power (laws);
acts of executive power (by-laws);
acts of the judiciary (jurisdictional acts of a general nature).
According to their legal force, all regulatory legal acts are divided into
laws,
regulations.
9
10.
Signs of the law:-laws are adopted by the highest legislative bodies of the state
(Federal Assembly - State Duma and Federation Council);
-the adoption of a law includes four mandatory stages:
introducing a bill to the legislature;
discussion of the bill;
adoption of the law;
its publication within 7 days after signing by the President.
(Unpublished laws do not apply. Constitution art. 15).
Laws come into force 10 days after their publication,
-laws are not subject to control or approval by any
another state body. They may be canceled or changed
only by the legislative branch. Constitutional or other similar
the court may declare a law passed by parliament unconstitutional,
however, only the legislature can overturn it.
10
11.
Subordinate legal acts are divided intoPresidential Decrees. In the system of by-laws they have the highest
legal force and are published on the basis and development of laws (enter
into force 7 days after their publication).
Government regulations. These are by-laws
adopted in the context of presidential decrees (come into force according to
7 days after their publication).
Local acts. These are normative legal acts of legislative and
local executive authorities. The effect of these acts is limited
territory under their control.
Departmental (orders, instructions). These are regulations
general action, but they apply only to a limited
sphere of public relations (customs, banking,
transport, government credit and others).
Intra-organizational. These are normative legal acts that
are published by various organizations to regulate their
internal issues and apply to members of these organizations.
11
12.
Hierarchy of legal acts of the Russian FederationConstitution of the Russian Federation
Federal constitutional laws of the Russian Federation
Federal laws of the Russian Federation
Decrees and orders of the President of the Russian Federation
Legislative acts of the constituent entities of the Russian Federation
Decrees and orders
Government of the Russian Federation
Regulatory legal acts of higher
executive authorities
subjects of the Russian Federation
Normative legal acts
federal bodies
executive power
Regulatory legal acts of bodies
executive power
subjects of the Russian Federation
Legal acts of local government bodies
12
13.
Legal liability is divided according to industry:Criminal liability arises for committing crimes and
established only by criminal law.
Administrative and legal liability arises for committing
administrative violations. Administrative coercive measures: warning, fine, deprivation of special rights, administrative
arrest.
Civil liability arises for violations of contractual
obligations of a property nature or for causing property
non-contractual damage. (Compensation for damages, payment of penalties).
Disciplinary liability arises as a result of committing
disciplinary offenses. Disciplinary measures: reprimand, severe reprimand, removal from position, etc.
Material liability of workers and employees for damage caused
enterprise, institution. The amount of damages to be compensated is determined in
percentage of wages (1/3, 2/3 of monthly earnings).
13
14.
1.2. System and structure of lawThe legal system is the totality of all normative legal acts.
The internal structure of law can be represented vertically and horizontally.
The vertical structure of law is a combination of the following elements:
Branch of law - covers the sphere of public relations. For example,
property relations - civil law, management relations, administrative law, etc.
Sub-branch of law - covers the area of public relations. Many
branches of law have sub-branches. For example, in civil law
sub-sectors are distinguished - copyright and inheritance law.
Institute of Law - covers the type of social relations. In labor
in law - the institution of an employment contract.
Subinstitution of law - covers a variety of social relations.
Institute of crimes against life, health, personal dignity
is divided into subinstitutions of crimes against life, against health and
crimes against personal dignity.
The rule of law is mandatory rule behavior protected by force
state coercion.
A legal prescription is a part of a rule of law that is logically complete and
isolated. Amount of alimony collected per child (25%
earnings), two (33%), three or more (50%).
14
15.
The horizontal structure of law shows all the branches that make up it.There are two groups of industries: regulatory and protective.
Regulatory industries establish the rights and responsibilities of participants
legal relations. These are the following industries:
- constitutional law establishes the foundations of state and
social structure of the country.
The main regulatory act of the industry is the Constitution;
- administrative law regulates public relations,
arising in the process of executive and administrative activities
state bodies;
- civil law regulates various property relations.
The main normative act is the Civil Code (CC);
- financial right regulates government revenues and expenses.
Main acts: Federal Law on the State Budget, laws on
taxes;
- banking law. Creation of banks, principles of their activities, etc.
regulates the Law on Banks and Banking Activities;
15
16.
Regulatory Industries (continued)- business law regulates economic market
relationship. The main regulatory acts are the Civil Code, Laws on JSCs and LLCs;
- labor law regulates social relations related to
use of labor. The main regulatory act is the Labor Code (LC);
- natural resource law determines the order of ownership, use and
disposal of natural resources: land (Land Code), subsoil
(Law on Subsoil), water (Water Code), airspace
(Air Code), forest resources (Forest Code);
- environmental law regulates the protection of natural objects and all
environment. Environmental law norms are scattered across many
regulations (Criminal Code, Administrative Code, Civil Code, etc.);
- information law regulates a complex of social relations,
related to information, information protection, protection of rights
owners of information resources, formation of various
institutions of secrets (state, official, banking, commercial,
personal, etc.).
16
17.
Security branches of law (protection of legal relations):- criminal law – establishes socially dangerous acts
(crimes) and punishment for their commission.
The main regulatory document is the Criminal Code (CC);
- criminal procedural law combines the rules defining
procedure for conducting preliminary investigation, inquiry, procedure
conducting legal proceedings, imposing punishment.
The main normative act is the Code of Criminal Procedure (CPC);
- criminal executive law regulates the process of execution of measures
criminal punishment.
The main normative act is the Criminal Executive Code (PEC);
- civil procedural law regulates the procedure for consideration
disputes (labor, housing, inheritance, etc.), in which at least
One of the parties is a citizen.
The main normative act is the Civil Procedure Code;
- arbitration procedural law regulates the procedure for consideration
civil disputes between legal entities.
The main normative act is the Arbitration Procedure Code.
17
18.
International law -system of norms regulating relations between states
- public international law
and states with foreign persons
- international private law.
18
19.
1.3. Structure of information legislationFirst legal documents in the field of information law in
Russia, from which the formation of information information began
legislation:
“The concept of legal informatization of Russia”
approved by Decree of the President of the Russian Federation dated June 28, 1993 No. 966.
The Civil Code of the Russian Federation was adopted in 1994.
Law of the Russian Federation “On information, informatization and protection
information” adopted in 1995.
19
20.
Comparison of properties of a material object and informationProperties of a regular product
Information properties
Price
Consumer properties
Product life cycle (PLC)
information
Price
Consumer properties
Life cycle
Immateriality
Inexhaustibility
Storability
20
21.
Information legislation is a set of normslaws governing public relations in
information sphere.
Subject of legal regulation in the information sphere:
-creation and dissemination of information;
-formation of information resources;
-exercise the right to search, receive, transfer and
information consumption;
-creation and application of information systems and
technology;
-creation and use of information tools
security.
21
22.
Structure of information legislation of the Russian Federation.International acts of information legislation, starting
With
Universal Declaration of Human Rights of December 10, 1948.
Constitution of the Russian Federation
Civil Code of the Russian Federation, Criminal Code of the Russian Federation and other codes.
Laws of the Russian Federation:
“On information, information technologies and protection
information”, “On state secrets”, “On commercial
confidentiality”, “About personal data”, “About electronic signature”
and etc.
(about 80 laws in total)
Decrees and Orders of the President of the Russian Federation. Regulations
Government of the Russian Federation.
Local, departmental and intra-organizational by-laws
acts.
The totality of the above documents constitutes the legal
base in the information sphere.
23.
3Control questions
1. The purpose of studying the course “Organizational and legal support
information security".
2. What methods are used to create a complex system
information security of the object?
3. Classification of normative legal acts.
4. Legal liability for violations of legal norms.
5. The place of information law in the legal system.
6. Name the properties of an information product.
7. What is the subject of legal regulation in
information sphere?
8. What is the structure of information legislation in the Russian Federation?
The textbook outlines general theoretical and methodological approaches to the formation of legal and organizational support for information security of individuals, society and the state. The main institutions of legal support for information security are covered in detail: legal regimes for the protection of information, state, official and commercial secrets, personal data, legal liability for offenses in the field of information security, as well as the structure of organizational support for information security. The problems of forming a legal regime for international information security are considered. Considerable attention is paid to the organizational aspects of information systems security management. The task of the present training course students acquire both general knowledge in the field of legal and organizational support for information security, and study issues related to the formation and implementation of public policy in this area, as well as masters obtaining more in-depth knowledge in the field of information security, problems of international information security.
Step 1. Select books from the catalog and click the “Buy” button;
Step 2. Go to the “Cart” section;
Step 3: Specify required amount, fill in the data in the Recipient and Delivery blocks;
Step 4. Click the “Proceed to Payment” button.
At the moment, purchase printed books, electronic access or books as a gift to the library on the EBS website is possible only with 100% advance payment. After payment you will be given access to full text textbook within the Electronic Library or we begin to prepare an order for you at the printing house.
Attention! Please do not change your payment method for orders. If you have already chosen a payment method and failed to complete the payment, you must re-place your order and pay for it using another convenient method.
You can pay for your order using one of the following methods:
- Cashless method:
- Bank card: You must fill out all fields of the form. Some banks ask you to confirm the payment - for this, an SMS code will be sent to your phone number.
- Online banking: banks cooperating with the payment service will offer their own form to fill out.
Please enter the data correctly in all fields. For example, for" class="text-primary">Sberbank Online Mobile phone number and email are required. For - Electronic wallet: if you have a Yandex wallet or Qiwi Wallet, you can pay for your order through them. To do this, select the appropriate payment method and fill out the fields provided, then the system will redirect you to a page to confirm the invoice.
Send your good work in the knowledge base is simple. Use the form below
Students, graduate students, young scientists who use the knowledge base in their studies and work will be very grateful to you.
Posted on http://www.allbest.ru/
1. Features of information legal relations arising during the production, distribution and consumption of mass information
As M.A. notes in his monograph. Fedotov, “before June 12, 1990, in our country there was neither a media industry nor a legal act that would regulate public relations related to the organization and activities of the media. The lack of legal regulation was compensated by party norms. During this period, media legislation developed in Russia as “censorship law.”
On June 12, 1990, the USSR Law “On the Press and Other Mass Media” was adopted, and on December 27, 1991, the Russian Federation Law “On the Mass Media” was adopted. The law of the USSR declared freedom of the press, Russian law proclaims freedom of the media as the natural state of the press.
The Law of the Russian Federation “On the Mass Media” introduces the following concepts and their definitions.
Mass information means printed, audio, audiovisual and other messages and materials intended for an unlimited number of people.
Mass media means a periodical printed publication, radio, television, video production, newsreel program, or other form of periodic dissemination of mass information.
A periodical printed publication means a newspaper, almanac magazine, bulletin, or other publication that has a permanent title, current issue, and is published at least once a year. Under the radio, TV video-, a newsreel program is understood as a set of periodic audio, audiovisual messages and materials (programs), which has a permanent name and is published (broadcast) at least once a year. Mass media products mean a circulation or part of a circulation of a separate issue of a periodical printed publication, separate issue of a radio, television, newsreel program, circulation or part of the circulation of an audio or video recording of the program. Distribution of media products means the sale (subscription, delivery, distribution) of periodic printed publications, audio or video recordings of programs, broadcast of radio, television programs (broadcasting), demonstration of newsreel programs.
The following main subjects act in the production and dissemination of mass information:
editorial office of a mass media - an organization, institution, enterprise or citizen, association of citizens engaged in the production and release of mass media;
editor-in-chief - the person who heads the editorial office (regardless of the title of the position) and makes the final decisions regarding the production and release of the media;
journalist - a person engaged in editing, creating, collecting or preparing messages and materials for the editorial office of a registered mass media, bound by contractual relations or engaged in such activities under its authority;
publisher - a publishing house, other institution, enterprise (entrepreneur) that provides logistical support for the production of mass media products, as well as a legal entity or citizen equated to the publisher, for whom this activity is not the main one or does not serve as the main source of income; distributor - a person distributing mass media products under an agreement with the editors, publisher or on other legal grounds. founder of a mass media citizen, association of citizens, enterprise, institution, organization, government body.
Cannot act as a founder:
a citizen who has not reached the age of eighteen, or who is serving a sentence in prison following a court verdict, because he is mentally ill, recognized by the court as incompetent;
an association of citizens, an enterprise, an institution, an organization whose activities are prohibited by law;
a citizen of another state or a stateless person who does not regularly sell in the Russian Federation. The co-founders act as founders jointly. Consumers of mass information are a wide, practically unlimited circle of people, including citizens and stateless persons, legal entities, state authorities and local governments, and their officials.
The main directions of legal regulation of relations in the field of mass media:
ensuring guarantees of freedom of media; organization of media activities; dissemination of mass information;
relations of the media with citizens and organizations;
Rights and responsibilities of a journalist;
Interstate cooperation in the field of mass information;
Responsibility for violation of legislation on the media.
Information legal relations developing in the sphere of mass media can be divided into “internal” and “external”. The first ones address issues of the internal organization of the media and include relations between the main subjects: founders (co-founders), editorial board, publisher, distributor and, finally, the owner. The second group includes legal relations arising in connection with the activities of the media between the above-listed entities and third parties, be they citizens, associations of citizens, legal entities, state authorities and local self-government
2. State policy in the field of information security. Information Security Doctrine
The state policy of ensuring information security of the Russian Federation is based on the following basic principles: -
compliance with the Constitution of the Russian Federation, legislation of the Russian Federation, generally recognized principles and norms of international law when carrying out activities to ensure information security of the Russian Federation; -
openness in the implementation of the functions of federal government bodies, government bodies of constituent entities of the Russian Federation and public associations, providing for informing the public about their activities, taking into account the restrictions established by the legislation of the Russian Federation; -
legal equality of all participants in the process of information interaction, regardless of their political, social and economic status, based on the constitutional right of citizens to freely search, receive, transmit, produce and disseminate information in any legal way;
Priority development of domestic modern information and telecommunication technologies, production of technical and software, capable of ensuring the improvement of national telecommunication networks, their connection to global information networks in order to comply with the vital interests of the Russian Federation.
The state, in the process of implementing its functions to ensure information security of the Russian Federation:
Conducts an objective and comprehensive analysis and forecasting of threats to the information security of the Russian Federation, develops measures to ensure it; -
organizes the work of legislative (representative) and executive bodies of state power of the Russian Federation to implement a set of measures aimed at preventing, repelling and neutralizing threats to the information security of the Russian Federation; -
supports the activities of public associations aimed at objectively informing the population about socially significant phenomena of public life, protecting society from distorted and unreliable information; -
exercises control over the design, creation, development, use, export and import of information security tools through their certification and licensing of activities in the field of information security; -
pursues the necessary protectionist policy towards manufacturers of informatization and information protection tools on the territory of the Russian Federation and takes measures to protect domestic market from the penetration of low-quality information tools and information products; -
contributes to the provision of physical and legal entities access to world information resources, global information networks; -formulates and implements the state information policy of Russia;
Organizes development federal program ensuring information security of the Russian Federation, combining the efforts of state and non-state organizations in this area;
Promotes the internationalization of global information networks and systems, as well as Russia’s entry into the global information community on the terms of an equal partnership.
Improving legal mechanisms for regulating public relations arising in the information sphere is a priority direction of state policy in the field of ensuring information security of the Russian Federation.
This implies:
Assessing the effectiveness of the application of current legislative and other regulatory legal acts in the information sphere and developing a program for their improvement;
Creation of organizational and legal mechanisms to ensure information security;
determining the legal status of all subjects of relations in the information sphere, including users of information and telecommunication systems, and establishing their responsibility for compliance with the legislation of the Russian Federation in this area;
creation of a system for collecting and analyzing data on the sources of threats to the information security of the Russian Federation, as well as the consequences of their implementation;
development of normative legal acts that determine the organization of the investigation and the trial procedure for facts of illegal actions in the information sphere, as well as the procedure for eliminating the consequences of these illegal actions; -
development of offenses taking into account the specifics of criminal, civil, administrative, disciplinary liability and inclusion of relevant legal norms in the Criminal, Civil, Administrative and Labor Codes, in the legislation of the Russian Federation on public service;
improvement of the personnel training system used in the field of ensuring information security of the Russian Federation. Legal support for information security in the Russian Federation should be based primarily on compliance with the principles of legality and the balance of interests of citizens, society and the state in the information sphere. Compliance with the principle of legality requires federal government bodies and government bodies of constituent entities of the Russian Federation, when resolving conflicts arising in the information sphere, to be strictly guided by legislative and other regulatory legal acts governing relations in this area.
Compliance with the principle of balancing the interests of citizens, society and the state in the information sphere presupposes legislative consolidation of the priority of these interests in various areas of society, as well as the use of forms of public control over the activities of federal government bodies and government bodies of constituent entities of the Russian Federation.
The implementation of guarantees of constitutional rights and freedoms of man and citizen relating to activities in the information sphere is the most important task of the state in the field of information security.
The development of mechanisms for legal support of information security in the Russian Federation includes measures for informatization of the legal sphere as a whole.
In order to identify and coordinate the interests of federal government bodies, government bodies of constituent entities of the Russian Federation and other subjects of relations in the information sphere, and develop the necessary decisions, the state supports the formation of public councils, committees and commissions with a wide representation of public associations and facilitates the organization of their effective work.
The information security doctrine is a system of official views on ensuring the national security of the Russian Federation in the information sphere.
The document defines the following national interests in the information sphere (essentially they have not changed since 2000):
1. Ensuring and protecting the rights and freedoms of citizens regarding the receipt and use of information, privacy, as well as the preservation of spiritual and moral values.
2. Uninterrupted functioning of critical information infrastructure (CII).
3. Development of the IT and electronics industry in Russia.
4. Bringing to the Russian and international public reliable information about the state policy of the Russian Federation.
5. Promoting international information security.
The doctrine is necessary for the formation of public policy and the development of measures to improve the information security system.
Information security (IS) is the state of protection of the individual, society and state from internal and external information threats. Moreover, the new edition of the document also states that constitutional rights and freedoms, a decent quality and standard of living for citizens, the sovereignty and territorial integrity of the Russian Federation, and its sustainable socio-economic development must be ensured. as well as state security. It’s not “security for security’s sake,” but even some kind of balance is achieved: citizens’ rights, economics, security.
The document was created on the basis of threat analysis and assessment of the state of information security of the Russian Federation and develops the provisions of the National Security Strategy of the Russian Federation (dated December 31, 2015 No. 683).
A threat to the information security of the Russian Federation (information threat) is a set of actions and factors that create the danger of causing damage to national interests in the information sphere.
The Doctrine defines the following main threats and characteristics of the information security state (I present them briefly):
Foreign countries are increasing their ability to influence IT infrastructure for military purposes.
The activities of organizations carrying out technical intelligence in relation to Russian organizations are intensifying.
Implementing IT without linking it with information security increases the likelihood of threats.
Special services use methods of information and psychological influence on citizens.
More and more foreign media are reporting biased information.
Russian media are subject to discrimination abroad.
External information impact erodes traditional Russian spiritual and moral values (especially among young people).
Terrorist and extremist organizations widely use mechanisms of information influence.
The scale of computer crime is increasing, primarily in the credit and financial sphere
Methods, methods and means of committing computer crimes are becoming more and more sophisticated.
The complexity and number of coordinated computer attacks to KII facilities.
The level of dependence of domestic industry on foreign IT remains high.
Russian scientific research in the field of IT is not effective enough, and there is a shortage of personnel.
Russian citizens have low awareness of personal information security issues.
Individual states are seeking to use technological superiority to dominate the information space. Including on the Internet.
The document sets out the following areas of information security support and the main directions for them:
1. National defense:
a) strategic deterrence and prevention of military conflicts;
b) improving the information security system of the RF Armed Forces;
c) forecasting and assessment of information threats;
d) assistance in ensuring the protection of the interests of the allies of the Russian Federation;
e) neutralization of information and psychological impact.
2. State and public security:
a) countering the use of IT for propaganda;
b) countering intelligence services using IT;
c, d) increasing the security of CII;
e) increasing the operational safety of weapons, military and special equipment and automated control systems;
f) combating crimes in the IT sector;
g) protection of state secrets and other types of secrets;
h) development of domestic IT;
And) Information support state policy of the Federal Republic;
j) neutralization of information and psychological impact.
3. Economic sphere:
a-d) development and support of domestic IT.
4. Science, technology and education:
a-c) development of science;
d) development of human resources;
e) creating a personal information security culture.
5. Stability and equal strategic partnership
a) protection of the sovereignty of the Russian Federation in the information space;
b-d) participation in the formation of an international information security system;
e) development national system management of the Russian segment of the Internet.
information security doctrine state
At a closed chemical plant located within the city and close to the state border, as a result of an accident, harmful substances were released into the atmosphere. The city administration took the necessary measures to evacuate citizens from contaminated areas and prevent the leakage of unwanted information about the accident. At the same time, she prohibited the management of the enterprise from transferring foreign media and specialists information about the scale, accidents and life-related information settlements that are within the reach of harmful substances. At the same time, the administration, making a decision on nonproliferation specified information, referred to the closed production of the chemical enterprise.
Are the actions of the city administration legal from the point of view of information law?
In this situation, the actions of the city administration are not legal, since in accordance with clause 2, part 4, article 8 of the Federal Law of the Russian Federation of July 27, 2006 N 149-FZ “On information, information technologies and information protection” there cannot be Access to information about the state of the environment is limited. In addition, concealment or distortion of information about an event, fact or phenomenon that creates a danger to the life and health of people or the environment in accordance with Art. 237 of the Criminal Code of the Russian Federation is subject to criminal liability.
List of sources used
1. Organizational and legal support of information security: textbook / Streltsov Anatoly Aleksandrovich [etc.]; ed. A.A. Streltsova. - Moscow: Academy, 2008. - 256 p. - (Higher professional education). - ISBN 978-5-7695-4240-4: 240-00.
2. Tereshchenko L.K. Legal regime of information / L. K. Tereshchenko. - Moscow: Jurisprudence, 2007. - 192 p. - ISBN 978-5-9516-0329-6: 137-00.
3. Mandel Boris Ruvimovich. PR: methods of working with the media: textbook. allowance / Mandel Boris Ruvimovich. - Moscow: University textbook: INFRA-M, 2010. - 205 p. - ISBN 978-5-9558-0094-3: 189-86.
4. Mandel Boris Ruvimovich. PR: methods of working with the media: textbook. allowance / Mandel Boris Ruvimovich. - Moscow: University textbook, 2010. - 205 p. - ISBN 978-5-9558-0094-3: 308-71.
5. Rastorguev Sergey Pavlovich. Fundamentals of information security: textbook. allowance / Rastorguev Sergey Pavlovich. - 2nd ed., erased. - Moscow: Academy, 2009. - 192 p. - (Higher professional education). - ISBN 978-5-7695-6486-4: 218-90.
6. Organizational and legal support of information security: textbook. manual / ed. A.A. Streltsova. - Moscow: Academy, 2008. - 256 p. - (Higher professional education). - ISBN 978-5-7695-4240-4: 341-00.
7. Rastorguev Sergey Pavlovich. Fundamentals of information security: textbook. allowance / Rastorguev Sergey Pavlovich. - Moscow: Academy, 2007. - 192 p. - (Higher professional education). - ISBN 978-5-7695-3098-2: 225-00.
Posted on Allbest.ru
Similar documents
The concept of information security. National interests of the Russian Federation in the information sphere. Main types and sources of threats. Priority measures for the implementation of state policy to ensure information security.
thesis, added 06/14/2016
State policy in the field of information security. Legal regime of information, its distribution and provision. Basic measures to prevent the exploitation of government information systems without implementing measures to protect information.
abstract, added 12/08/2013
Regulatory legal acts regulating the protection of information systems from unauthorized access. The Information Security Doctrine of the Russian Federation, as the main document in the field of information security.
course work, added 04/25/2010
History and public policy in the field of information security. Problems of information security and the fight against terrorism. Safety standards of the State Technical Commission. European and US standards. Information security of the Russian Federation.
course work, added 01/18/2011
Information space and its effectiveness. National interests of the Russian Federation in the information sphere. Principles of state policy for ensuring information security. Regulatory acts on information security in the Russian Federation.
test, added 09.20.2009
Legislative framework for ensuring information security. Responsibility for crimes in the field of information technology. Directions of legal support for information security. The procedure for licensing information security tools.
presentation, added 07/11/2016
Concept and basic principles of information security. The most important components of the national interests of the Russian Federation in the information sphere. General methods of ensuring the country's information security. The concept of information warfare.
abstract, added 05/03/2011
Regulatory and legal support of information security in the Russian Federation. Legal regime of information. Bodies ensuring information security of the Russian Federation. Services that organize information security at the enterprise level. Information security standards.
presentation, added 01/19/2014
Theoretical foundations of information security in the Russian Federation, the importance of the problem of information security in state and municipal administration. Regulatory and legal foundations of information security, methods for improving work.
course work, added 03/10/2012
Threats of using “information weapons” against Russia’s information infrastructure. Objectives of the information security doctrine of the Russian Federation. Examples of implementation of state policy functions in the field of organization information activities abroad.
Federal Law of July 27, 2006 N 152-FZ (as amended on April 5, 2013) On personal data
personal data - any information relating to directly or indirectly determined or determined to an individual(to the subject of personal data);
Personal data operator (according to the law on personal data) is a state body, municipal body, legal entity or individual that organizes and (or) carries out the processing of personal data, as well as determining the purposes and content of the processing of personal data.
Personal data information system - an information system that is a set of personal data contained in a database, as well as information technologies and technical means that allow the processing of such personal data using automation tools or without the use of such tools;
Article 19. Measures to ensure the security of personal data during their processing
When processing personal data, the operator is obliged to take the necessary legal, organizational and technical measures or ensure their adoption to protect personal data from unauthorized or accidental access to it, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions regarding personal data.
Ensuring the security of personal data is achieved, in particular:
1) identification of threats to the security of personal data during their processing in personal data information systems;
2) the application of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems necessary to fulfill the requirements for the protection of personal data, the implementation of which ensures the levels of personal data security established by the Government of the Russian Federation;
3) the use of information security means that have passed the compliance assessment procedure in accordance with the established procedure;
4) assessing the effectiveness of measures taken to ensure the security of personal data before putting into operation the personal data information system;
5) taking into account computer storage media of personal data;
6) detecting facts of unauthorized access to personal data and taking measures;
7) restoration of personal data modified or destroyed due to unauthorized access to it;
8) establishing rules for access to personal data processed in the personal data information system, as well as ensuring registration and accounting of all actions performed with personal data in the personal data information system;
9) control over the measures taken to ensure the security of personal data and the level of security of personal data information systems.
For the purposes of this article
threats to the security of personal data are understood as a set of conditions and factors that create the danger of unauthorized, including accidental, access to personal data, which may result in the destruction, modification, blocking, copying, provision, distribution of personal data, as well as other unlawful actions in their processing of personal data in the information system.
The level of security of personal data is understood as a complex indicator characterizing the requirements, the implementation of which ensures the neutralization of certain threats to the security of personal data during their processing in personal data information systems.
Package of documents on the protection of personal data
Regulations on the protection of personal data;
Regulations on the information protection unit;
Order on the appointment of persons responsible for processing personal data;
Information security concept;
Information security policy;
List of personal data subject to protection;
Order to conduct an internal audit;
Report on the results of the internal audit;
Act of classification of personal data information system;
Regulations on the delimitation of access rights to processed personal data;
Personal data security threat model;
Action plan for the protection of personal data;
The procedure for reserving hardware and software, databases and information security tools;
Internal audit plan;
Logbook of PD security control activities;
A log of requests from personal data subjects regarding the fulfillment of their legal rights;
Instructions for the administrator of the personal data information system;
Instructions for the user of the personal data information system;
Instructions for the security administrator of the personal data information system;
User instructions for ensuring the security of personal data processing in the event of emergency situations;
List of accounting for information security tools used, operational and technical documentation for them;
Typical Terms of Reference for the development of a system for ensuring the security of information of a computer facility;
A preliminary design for the creation of a system for ensuring the security of information of a computer facility;
Regulations on the Electronic Log of requests from users of personal data information systems (draft order);
Stages of work. Thus, the organization of personal data protection should be carried out in several stages:
Inventory of information resources.
Restricting employee access to personal data.
Documentary regulation of work with personal data.
Formation of a model of threats to the security of personal data.
Classification of personal data information systems (PDIS) of educational institutions.
Drawing up and sending to the authorized body a notification about the processing of personal data.
Bringing the personal data protection system into compliance with regulatory requirements.
Creation of an ISPD information security subsystem and its certification (certification) for ISPD classes K1, K2.
Organization of operation and security control of ISPD.
1. Inventory of information resources
Inventory of information resources is the identification of the presence and processing of personal data in all information systems and traditional data warehouses operated in the organization.
At this stage, you should: approve the regulation on the protection of personal data, formulate a concept and define an information security policy and draw up a list of personal data to be protected.
2. Restricting employee access to personal data
Only those employees who need it to perform their official (job) duties should have permission to process personal data.
At this stage you should: limit, to the extent necessary, both electronic and physical access to personal data
3. Documentary regulation of work with personal data
According to Article 86 of the Labor Code of the Russian Federation, employees and their representatives must be familiarized, against signature, with those employer documents that establish the procedure for processing personal data of employees, as well as their rights and obligations in this area.
The subject of personal data independently decides the issue of transferring it to someone else, documenting his intention.
At this stage, you should: collect consent for the processing of personal data, issue an order appointing persons responsible for processing personal data and regulations on delimiting access rights to processed personal data, draw up instructions for the ISPD administrator, ISPD user and ISPD security administrator.
4. Formation of a model of threats to the security of personal data
A private model of threats to the security of personal data stored in the information system is formed on the basis of the following documents approved by the Federal Service for Technical and Export Control (FSTEC):
Basic model of threats to the security of personal data when processed in ISPD;
Methodology for identifying current threats to the security of personal data during their processing in ISPD;
At this stage, it is necessary to form a model of threats to the security of personal data processed and stored in an educational institution.
5. Classification of ISPD, see question No. 18
6. Leaving and sending notification to the authorized body
A notification about the processing of personal data is drawn up on the operator’s letterhead and sent to the territorial body of Roskomnadzor of the Ministry of Communications and Mass Communications of the Russian Federation on paper or in the form of an electronic document signed by an authorized person. The form indicates data about the processor, the purpose of processing, categories of data, categories of subjects, whose data is being processed, the legal basis for processing, the date of its start, the term (condition) for its termination, etc.
7. Bringing the system into compliance with regulatory requirements
At this stage, you should: create a list of accounting for information security tools used, operational and technical documentation for them; regulations on the information protection unit; methodological recommendations for organizing information security when processing personal data; user instructions for ensuring the security of PD processing in the event of emergency situations, as well as approve an action plan for PD protection.
8 . Certification (certification) ISPDn
To ensure the security of ISPD, it is necessary to take measures to organize and provide technical support for the protection of processed personal data. Mandatory certification (attestation) is used to assess the compliance of class 1 and 2 ISPD with the requirements for PD security.
The following informatization objects are subject to mandatory certification:
Automated systems various levels and appointments.
Communication systems, reception, processing and transmission of data.
Display and reproduction systems.
Premises intended for confidential negotiations.
9. Organization of ISPD operation and security control
Measures to ensure the security of personal data during their processing in information systems include:
control over compliance with the conditions for the use of information security tools provided for in the operational and technical documentation;
investigation and drawing up conclusions on facts of non-compliance with the storage conditions of PD media, the use of information security tools that may lead to a violation of PD confidentiality.
Responsibility for violation of Federal Law No. 152 On personal data
Administrative liability: fine or fine with confiscation of uncertified security and encryption tools. Administrative Code, art. 13.11, 13.12, 13.14
Disciplinary liability: dismissal of the offending employee. Labor Code of the Russian Federation, Art. 81 and 90
Criminal liability: from correctional labor and deprivation of the right to hold certain positions to arrest. Criminal Code, Art. 137, 140, 272
