Chapter 5. METHODOLOGICAL AND PROPAGANDA SECURITY

8.4. Technical support other types of security Technical support for the personal safety of educational institution employees, students and members of their families may also include radio-electronic protection equipment used for the following purposes: to protect confidential

Chapter 1 BASIC CONCEPTS AND HISTORY OF INFORMATION SECURITY Information processes permeate all acts of functioning of living matter. Information permeates all aspects of people's lives and society. Academician A.I.

Chapter 2 PROBLEMS AND THREATS TO INFORMATION SECURITY The national security of the Russian Federation significantly depends on ensuring information security, and with technological progress this dependence will increase. Doctrine of information

2.2. Pitchforks and sources of information security threats Information security threats are the use various types information against one or another social (economic, military, scientific and technical, etc.) object with the aim of changing it

2.3. The place of information security in the Russian national security system modern world information security becomes vital a necessary condition ensuring the interests of man, society and the state and the most important, core link of the entire

Chapter 3 MAIN DIRECTIONS OF ENSURING INFORMATION SECURITY The information sphere, being a system-forming factor in the life of society, actively influences the state of political, economic, defense and other components of the security of the Russian Federation

3.3. Ensuring information security in the law enforcement sphere and in the event of emergency situations Doctrine of information security of the Russian Federation in the law enforcement (and judicial) sphere to the most important objects of ensuring information security

4.1. The Constitution of the Russian Federation and the Information Security Doctrine of the Russian Federation on the legal support of the information sphere The problem of legal regulation of relations in the field of ensuring information security is one of the most important for Russia. Its decision largely depends

4.2. Federal legislation in the field of information security The consistent development of legislation in the field of information security is determined by the need integrated approach to the formation and development of a unified concept of its legal

Chapter 7 “GLOBAL SOCIETY” AND INFORMATION SECURITY PROBLEMS All progress is reactionary if man collapses. Andrey

Ensuring safety, protective measures Question. What are the requirements of the Rules for ensuring the safety of electric drives? Answer. Electric drives must satisfy general requirements to electrical and fire safety set out in chapters 4.3, 5.3 of the Rules (5.4.60).Cabinets

Question 1. The place of information security in the national security system of Russia: concept, structure and content Informatization of the socio-political, economic and military activities of the country and, as a consequence, the rapid development of information systems

Question 1. Features of information security of banks Since their inception, banks have invariably aroused criminal interest. And this interest was associated not only with storage in credit institutions Money, but also with the fact that banks concentrated important

Organizational and legal support information security, Polyakova T.A., Streltsov A.A., 2016.

Information security in the information society. Ensuring information security.
The concept of “information security” has become widespread in both international and national political documents and legal regulations.
For the first time, the concept of “information security” appeared in national legislation and political documents in Art. 2 of the Law of the Russian Federation dated 03/05/1992 No. 2446-1 “On Security”, where “information security” was highlighted as one of the components of the security of the Russian Federation. At the same time, the concept of “national security of the Russian Federation” was introduced, which meant “the security of its multinational people as the bearer of sovereignty and the only source of power in the Russian Federation.” For the first time in Russia it was defined in 1997 in the Concept of National Security of the Russian Federation. In the new edition Federal Law dated December 28, 2010 No. 390-FZ “On Security”, the terms “security” and “national security” are used as synonyms.

In the draft concept of information security of the Russian Federation (1997), Russia’s national interests in the information sphere covered three main aspects:
- observance of constitutional rights and freedoms of citizens;
- development of modern telecommunication technologies;
- protection of state information resources from unauthorized access.
Separately, national interests in the spiritual sphere were highlighted, which included the preservation and strengthening of the moral values ​​of society, the traditions of patriotism and humanism, the cultural and scientific potential of the country. These interpretations of the concept of “national security” and the content of national interests in the information sphere were developed in the Doctrine of Information Security. In this document, the concept of “information security of the Russian Federation” was disclosed as “the state of protection of national interests in the information sphere, determined by the totality of balanced interests of the individual, society and state.”

Table of contents
Authors' team
Preface
Accepted abbreviations
Chapter 1. Ensuring information security in the context of globalization of the information space
1.1. Information security in the information society
1.2. Modern information warfare and ensuring information security

Self-study assignments
Chapter 2. Theoretical and methodological issues of organizational and legal support of information security
2.1. Information security in the national security system of the Russian Federation
2.2. basic principles ensuring information security
2.3. Legal regulation of information security in the system of Russian information law
2.4. Legal means ensuring the security of the information infrastructure of the Russian Federation
2.5. Legal means of ensuring information security
2.6. Organizational support for information security of the Russian Federation
Questions and tasks for self-control
Self-study assignments
Chapter 3. Organizational and legal problems of international information security
3.1. International legal acts in the field of information security
3.2. Foreign experience in legal support of information security
3.3. Promotion Russian initiatives in the field of ensuring international information security
Questions and tasks for self-control
Self-study assignments
Chapter 4. Legal regimes for ensuring the security of restricted information
4.1. Restricting access to information in order to protect the interests of the individual, society and the state
4.2. Legal regimes of secrets in the system of organizational and legal security of restricted access information
4.3. Legal regime for the protection of state secrets
4.4. Legal regime of trade secrets
4.5. Legal regime for ensuring the security of personal data
4.6. Current issues official secret regime
Questions and tasks for self-control
Self-study assignments
Chapter 5. Actual problems legal and organizational support for information security
5.1. Countering extremist activities in the information sphere
5.2. Protecting children from information harmful to their health and development
5.3. Legal problems of ensuring information security on the Internet
Questions and tasks for self-control
Self-study assignments
Chapter 6. Features of organizational and legal support for the protection of information systems
6.1. Features of organizational and legal support for creation processes automated systems in a protected version
6.2. Features of organizational and legal support for the protection of information systems in the field of legal proceedings
6.3. Practice of development and implementation of information security policy for corporate information systems
Questions and tasks for self-control
Self-study assignments
Chapter 7. Legal liability for offenses in the information sphere
7.1. The concept and types of legal liability in the field of information security. Subjects and objects of legal relations in the field of information security
7.2. Crime in the information sphere as a threat to information security during the formation information society and conditions of globalization
7.3. Problems of criminal liability for information crimes
7.4. Problems of international cooperation and Foreign experience combating crimes in the information sphere
Questions and tasks for self-control
Self-study assignments
Recommended reading.

Free download e-book V convenient format, watch and read:
Download the book Organizational and legal support of information security, Polyakova T.A., Streltsov A.A., 2016 - fileskachat.com, fast and free download.

Download pdf
You can buy this book below best price at a discount with delivery throughout Russia. Buy this book


Download - pdf - Yandex.Disk.

The textbook outlines general theoretical and methodological approaches to the formation of legal and organizational support for information security of individuals, society and the state. The main institutions of legal support for information security are covered in detail: legal regimes for the protection of information, state, official and commercial secrets, personal data, legal liability for offenses in the field of information security, as well as the structure of organizational support for information security. The problems of forming a legal regime for international information security are considered. Considerable attention is paid to the organizational aspects of information systems security management. The task of the present training course acquisition by students as general knowledge in the field of legal and organizational support for information security, as well as the study of issues related to the formation and implementation of public policy in this area, as well as the acquisition by masters of more in-depth knowledge in the field of information security, problems of international information security.

Step 1. Select books from the catalog and click the “Buy” button;

Step 2. Go to the “Cart” section;

Step 3: Specify required amount, fill in the data in the Recipient and Delivery blocks;

Step 4. Click the “Proceed to Payment” button.

On this moment buy printed books, electronic access or books as a gift to the library on the EBS website is possible only with 100% advance payment. After payment you will be given access to full text textbook within Electronic library or we start preparing an order for you at the printing house.

Attention! Please do not change your payment method for orders. If you have already chosen a payment method and failed to complete the payment, you must re-place your order and pay for it using another convenient method.

You can pay for your order using one of the following methods:

1. Cashless method:
   • Bank card: You must fill out all fields of the form. Some banks ask you to confirm the payment - for this, an SMS code will be sent to your phone number.
   • Online banking: banks cooperating with the payment service will offer their own form to fill out.
     Please enter the data correctly in all fields. For example, for" class="text-primary">Sberbank Online number required mobile phone and email. For
   • " class="text-primary">Alfa Bank You will need a login to the Alfa-Click service and an email.

Online wallet

: if you have a Yandex wallet or Qiwi Wallet, you can pay for your order through them. To do this, select the appropriate payment method and fill out the fields provided, then the system will redirect you to a page to confirm the invoice. Federal Law of July 27, 2006 N 152-FZ (as amended on April 5, 2013) On personal data personal data - any information relating to directly or indirectly determined or determined

to an individual

(to the subject of personal data); Personal data operator (according to the law on personal data) is a state body, municipal body, legal entity or individual that organizes and (or) carries out the processing of personal data, as well as determining the purposes and content of the processing of personal data. Personal data information system - an information system that is a collection of personal data contained in a database, as well as

information technologies

When processing personal data, the operator is obliged to take the necessary legal, organizational and technical measures or ensure their adoption to protect personal data from unauthorized or accidental access to it, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions regarding personal data.

Ensuring the security of personal data is achieved, in particular:

1) identification of threats to the security of personal data during their processing in personal data information systems;

2) the application of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems necessary to fulfill the requirements for the protection of personal data, the implementation of which ensures the levels of personal data security established by the Government of the Russian Federation;

3) the use of information security means that have passed the compliance assessment procedure in accordance with the established procedure;

4) assessing the effectiveness of measures taken to ensure the security of personal data before putting into operation the personal data information system;

5) taking into account computer storage media of personal data;

6) detecting facts of unauthorized access to personal data and taking measures;

7) restoration of personal data modified or destroyed due to unauthorized access to it;

8) establishing rules for access to personal data processed in the personal data information system, as well as ensuring registration and accounting of all actions performed with personal data in the personal data information system;

9) control over the measures taken to ensure the security of personal data and the level of security of personal data information systems.

For the purposes of this article

threats to the security of personal data are understood as a set of conditions and factors that create the danger of unauthorized, including accidental, access to personal data, which may result in the destruction, modification, blocking, copying, provision, distribution of personal data, as well as other unlawful actions in their processing of personal data in the information system.

The level of security of personal data is understood as a complex indicator characterizing requirements, the implementation of which ensures the neutralization of certain threats to the security of personal data during their processing in information systems personal data.

Package of documents on the protection of personal data

Regulations on the protection of personal data;

Regulations on the information protection unit;

Order on the appointment of persons responsible for processing personal data;

Information security concept;

Information security policy;

List of personal data subject to protection;

Order to conduct an internal audit;

Report on the results of the internal audit;

Act of classification of personal data information system;

Regulations on the delimitation of access rights to processed personal data;

Personal data security threat model;

Action plan for the protection of personal data;

Reservation procedure technical means and software, databases and information security tools;

Internal audit plan;

Logbook of PD security control activities;

A log of requests from personal data subjects regarding the fulfillment of their legal rights;

Instructions for the administrator of the personal data information system;

Instructions for the user of the personal data information system;

Instructions for the security administrator of the personal data information system;

User instructions for ensuring the security of personal data processing in the event of emergency situations;

List of accounting for information security tools used, operational and technical documentation for them;

Typical Terms of Reference for the development of a system for ensuring the security of information of a computer facility;

A preliminary design for the creation of a system for ensuring the security of information of a computer facility;

Regulations on the Electronic Log of requests from users of personal data information systems (draft order);

Stages of work. Thus, the organization of personal data protection should be carried out in several stages:

Inventory of information resources.

Restricting employee access to personal data.

Documentary regulation of work with personal data.

Formation of a model of threats to the security of personal data.

Classification of personal data information systems (PDIS) of educational institutions.

Drawing up and sending to the authorized body a notification about the processing of personal data.

Bringing the personal data protection system into compliance with regulatory requirements.

Creation of an ISPD information security subsystem and its certification (certification) for ISPD classes K1, K2.

Organization of operation and security control of ISPD.

1. Inventory of information resources

Inventory of information resources is the identification of the presence and processing of personal data in all information systems and traditional data warehouses operated in the organization.

At this stage, you should: approve the regulation on the protection of personal data, formulate a concept and define an information security policy and draw up a list of personal data to be protected.

2. Restricting employee access to personal data

Only those employees who need it to perform their official (job) duties should have permission to process personal data.

At this stage you should: to the extent necessary limit both electronic and physical access to personal data

3. Documentary regulation of work with personal data

According to Article 86 of the Labor Code of the Russian Federation, employees and their representatives must be familiarized, against signature, with those employer documents that establish the procedure for processing personal data of employees, as well as their rights and obligations in this area.

The subject of personal data independently decides the issue of transferring it to someone else, documenting his intention.

At this stage, you should: collect consent for the processing of personal data, issue an order appointing persons responsible for processing personal data and regulations on delimiting access rights to processed personal data, draw up instructions for the ISPD administrator, ISPD user and ISPD security administrator.

4. Formation of a model of threats to the security of personal data

A private model of threats to the security of personal data stored in the information system is formed on the basis of the following documents approved by the Federal Service for Technical and Export Control (FSTEC):

Basic model of threats to the security of personal data when processed in ISPD;

Methodology for identifying current threats to the security of personal data during their processing in ISPD;

At this stage, it is necessary to form a model of threats to the security of personal data processed and stored in an educational institution.

5. Classification of ISPD, see question No. 18

6. Leaving and sending notification to the authorized body

A notification about the processing of personal data is drawn up on the operator’s letterhead and sent to the territorial body of Roskomnadzor of the Ministry of Communications and Mass Communications of the Russian Federation on paper or in the form of an electronic document signed by an authorized person. The form indicates data about the processor, the purpose of processing, categories of data, categories of subjects, whose data is being processed, the legal basis for processing, the date of its start, the term (condition) for its termination, etc.

7. Bringing the system into compliance with regulatory requirements

At this stage, you should: create a list of accounting for information security tools used, operational and technical documentation for them; regulations on the information protection unit; methodological recommendations for organizing information security when processing personal data; user instructions for ensuring the security of PD processing in the event of emergency situations, as well as approve an action plan for PD protection.

8 . Certification (certification) ISPDn

To ensure the security of ISPD, it is necessary to take measures to organize and provide technical support for the protection of processed personal data. Mandatory certification (attestation) is used to assess the compliance of class 1 and 2 ISPD with the requirements for PD security.

The following informatization objects are subject to mandatory certification:

Automated systems various levels and appointments.

Communication systems, reception, processing and transmission of data.

Display and reproduction systems.

Premises intended for confidential negotiations.

9. Organization of ISPD operation and security control

Measures to ensure the security of personal data during their processing in information systems include:

control over compliance with the conditions for the use of information security tools provided for in the operational and technical documentation;

investigation and drawing up conclusions on facts of non-compliance with the storage conditions of PD media, the use of information security tools that may lead to a violation of PD confidentiality.

Responsibility for violation of Federal Law No. 152 On personal data

Administrative liability: fine or fine with confiscation of uncertified security and encryption tools. Administrative Code, art. 13.11, 13.12, 13.14

Disciplinary liability: dismissal of the offending employee. Labor Code of the Russian Federation, Art. 81 and 90

Criminal liability: from correctional labor and deprivation of the right to hold certain positions to arrest. Criminal Code, Art. 137, 140, 272

Basic information on the content of the concepts “information security”, “ensuring information security”, “legal support of information security” and “organizational support of information security” is presented. The main approaches of the authors to structuring the problems of organizational and legal support of information security are outlined. A description of the legal mechanisms for regulating groups of social relations related to countering security threats to the interests of the main subjects of the information sphere is given.
For students studying the course "Organizational and Legal Support of Information Security", teachers, graduate students, as well as specialists interested in this issue.

Preface. Introduction
Part 1. Basic theory
Chapter 1. Fundamentals of information security
1.1. The concept of "information sphere"
1.2. Ensuring information security
Chapter 2. Legal support of information security
2.1. Law basics
2.2. Structure of legal support for information security
2.3. Content and structure of legislation in the field of information security
Chapter 3. Organizational support of information security
3.1. General provisions and principles
3.2. Organizational basis and main activities
3.3. Main functions of the Russian Federation information security system
3.4. Main directions organizational activities systems for ensuring information security of the Russian Federation
Part 2. Legal support of information security
Chapter 4. Information, information technologies and information protection
4.1. General provisions
4.2. Information
4.3. Information Technology
4.4. Data protection
4.5. Legal liability for offenses in the field of information, information technology and information protection
Chapter 5. Security of personal data
5.1. General provisions
5.2. Personal data and legal purposes
5.3. Processing of personal data
5.4. Subject of personal data and his rights
5.5. Personal data operator and his responsibilities
5.6. Control and supervision of compliance with legislation on personal data
5.7. Legal liability for violation of legislation in the field of personal data
Chapter 6. Results of intellectual activity and legal support for the safety of their use
6.1. General provisions
6.2. Intellectual rights
6.3. Disposal of intellectual rights
6.4. Legal protection of intellectual rights
6.5. Law enforcement and supervision in the field of protection of rights to objects intellectual property
Chapter 7. Copyright and related rights. Legal support for the security of using rights
7.1. General provisions
7.2. Copyright
7.3. Related rights
7.4. Collective copyright management
7.5. Legal liability for violation of copyright and related rights
Chapter 8. Industrial property rights
8.1. General provisions
8.2. Patent Law
8.3. The right to a production secret (know-how)
8.4. Right to means of individualization legal entities, goods, works, services and enterprises
8.5. The right to use the results of intellectual activity as part of a unified technology
Chapter 9. Electronic signature and legal support for the security of correspondence
9.1. General provisions
9.2. Types of electronic signatures and principles of their use
9.3. Conditions for recognizing electronic documents
9.4. Facilities electronic signature
9.5. Conditions for the legal use of a simple electronic signature
9.6. Conditions for the lawful use of an enhanced electronic signature
9.7. Verification Center
9.8. Accredited certification center and the procedure for its accreditation
9.9. Powers of federal executive authorities in the field of using electronic signatures
Chapter 10. Trade secret and legal regime for ensuring its security
10.1. General provisions
10.2. Trade secret regime
10.3. Legal protection of trade secrets
Chapter 11. State secrets and their legal protection
11.1. General provisions
11.2. Information constituting a state secret
11.3. Classification of information
11.4. Declassification of information constituting state secrets
11.5. Transfer of information constituting state secrets
11.6. Access to state secrets
11.7. State secret protection system
Chapter 12. Ensuring security when using communication networks and the Internet
12.1. General provisions
12.2. Communication security activities
12.3. Responsibilities of the telecom operator
12.4. Rights of users of communication services
12.5. State regulation and supervision in the field of communications
12.6. Responsibility for violation of the legislation of the Russian Federation
12.7. Ensuring the security of using Internet resources and services
Chapter 13. Technical regulation and information technology security requirements
13.1. General provisions
13.2. Agreement on technical barriers in trade
13.3. Technical regulations
13.4. Standards
13.5. Confirmation of compliance with technical regulations and standards
13.6. Information on violation of the requirements of technical regulations and standards
Chapter 14. Judicial protection of human and civil rights and freedoms in the information sphere
14.1. General provisions
14.2. Judicial system of the Russian Federation
14.3. Selecting a court for filing statement of claim(claim)
14.4. Procedure for preparing and filing a claim
14.5. Plaintiff and defendant, their rights and obligations
Chapter 15. Criminal-legal characteristics of crimes in the field computer information
15.1. General provisions
15.2. Article 272. Illegal access to computer information
15.3. Article 273. Creation, use and distribution malware for computer
15.4. Article 274. Violation of the rules for operating computers, computer systems or their networks
15.5. Changes and additions to Ch. 28 of the Criminal Code of the Russian Federation
15.6. New qualifying features
Part 3. Organizational provision of information security
Chapter 16. Organizational basis of the state information security system
16.1. General structure, composition of areas of activity and delimitation of powers of government bodies
16.2. Organizational basis of the state system of information protection from technical intelligence
16.3. Organizational basis of the state system technical protection information
16.4. Purpose, principles and priority areas state policy in the field of technical information security
Chapter 17. State system licensing. Organization and regulation of activities in the field of protection of confidential information
Chapter 18. Organization of work to protect confidential information in organizations. General approaches and principles of organizing collective security of the enterprise and risk management systems
18.1. Organization of work to protect confidential information
18.2. General approaches to organizing information security at business sites (enterprises, organizations) and concepts