^macro[html_start;Information Resources Security;Information Resources Security;Information, Resources, Security] ^macro[pagehead;img/library.gif] ^macro[leftcol] ^macro[centercol;

Andrey Belousov

Information Resources Security

Andrey Belousov Fast development of automation processes, introduction of computers into all spheres of present-day life resulted in some specific problems. Effective protection of the information and reliable means of its processing are some of such problems.

Variety of ways for accessing information, significant amount of qualified experts, wide use of special facilities in social production allow offender to carry out certain actions. These actions threaten to information security both in local and global scales. Infringer may perform these actions practically at any moment and any place.

Growth of decentralization and distributed data processing, that occurred recently, made problems of information security more urgent for national economy [1]. Solving of this problem assumes a complex of actions. First of all they are actions of the government, like developing of information documentation and classification system and ways of protection. Also they include regulation of data access and providing responsibility for violations of information safety.

State policy in sphere of informatization and forming information resources should be aimed at creating conditions for effective and high-quality information supplies allowing to solve strategic and operational tasks of social and economic development.

Basic directions of the state policy in sphere of information are:
• maintaining conditions for development and protection of all forms of information property^;
• forming and protecting of state information resources^;
• creating and developing governmental and local information systems and networks, maintaining their compatibility and interaction in unified information space^;
• creating of conditions for high-quality and efficient information supply of people, public authorities, organizations and funds on the basis of the state information resources^;
• maintaining national security in sphere of information, and also realization of rights of citizens, organizations under informatization conditions^;
• assistance to forming of the market of information resources, services, information systems, technologies, means of their maintenance^;
• forming and realizing the united scientific technical and industrial policy in sphere of informatization in view of a modern global level of information technologies development^;
• support of projects and programs of informatization^;
• creating and improving of investment strategy and mechanism of development stimulation and information projects realization^;
• developing of the legislation in sphere of information processes, informatization and information security.

Information documenting - an obligatory condition for inclusion of information in information resources. Documenting is carried out in the order established by public authorities, responsible for the organization of office work, standardization of documents and files.

The document received from information system, gets validity as it was signed by official in the order established by the law. The validity of the document stored, processed and transmitted with the help of telecommunication and computer based systems, can be proved true by electronic digital signature [2].

The validity of electronic digital signature is admitted at presence of software in information system. This software identifies the signature, and observes the established mode of its use. The right to certify the identity of the electronic digital signature is exercised on the basis of license.

Information resources can be governmental and non-governmental. As element of property structure they can be owned by people, public authorities, local governments, organizations and funds. Any truck concerning the property right on information resources is regulated by the corresponding civil law.

Information resources are the separate documents and document files in information systems (libraries, archives, funds, databanks, and other information systems).

Information processes are the processes of collecting, processing, accumulating, storing, searching and distributing of information.

Information system is an ordered set of documents (document files) and information technologies, also with use of computer and communication facilities that realize information processes.

Individuals and legal entities are the proprietors of those documents, document files, created at their expense, purchased by them on legal basis, received as donation or inheritance.

The state has the right to buy out documentary information from individuals or legal entities in case of referring of this information to the state secret.

The owner of the information resources that contain data, related to the state secret, has the right to dispose it only by authority of corresponding public authorities. Subjects that present documentary information without fail to public authorities and organizations do not forfeit the rights to use it. The documentary information presented without fail to public authorities and organizations by legal entities irrespectively of their legal-organizational form or patterns of ownership and citizens form the information resources in joint possession of the state and subjects, presenting this information.

Information resources can be an article of trade, except the cases provided for by the corresponding law. The property right on means of information processing does not create the property right on the information resources that belong to other owners. The documents processed in the order of services rendering or in joint use of processing means, belong to their owner. Belonging and mode of the derivative product created in this case are adjusted by the contract.

State information resources. Forming of the state information resources is carried out by individuals, public authorities, local governments, organizations and funds.

Documents that belong to individuals and legal entities can be included, at owner’s will, in structure of the state information resources by the rules established for corresponding information systems.

State information resources are open and public. The only exception is documented information attributed by the law to a category of restricted access.

Documented information with restricted access on conditions of its legal mode is divided into information related to the state secret, and confidential.

Personal data is related to a category of confidential information. Collecting, storage, use and distribution of information on private life, also information that breaks personal or family secret, privacy of letters, telephone conversations, post, cable and other messages of individual without his consent, except it is performed on the basis of court order, are not permitted.

The personal data cannot be used for purpose of causing property and moral harm to people, difficulties of their rights and liberties realization. Restriction of civil rights on a basis of information using concerning their social origin, racial, national, language, religious and party belonging is forbidden and punished according to the law.

Information is data on persons, subjects, facts, events, phenomena and processes irrespective of their representation form.

Informatization is organizational, social and economic, scientific and technical process. It concerns optimal conditions creation for satisfaction of information needs and realization of rights of citizens, public authorities, local governments, organizations, funds on the basis of maintenance and usage of information resources.

Information on people (personal data) - data on facts, events and circumstances concerning life of a citizen, allowing to identify his personality.

Natural persons and legal entities that have information on people, receiving and using it, bear responsibility for infringement of protection, processing and order of use of this information according to the legislation.

It is important to consider possible infringements of legitimate rights and interests of citizens while solving legal problems during introduction of modern information technologies. Such issues occur due to unfair behavior of users, e.g. unauthorized use of information (unauthorized official or stranger) or its intentional distortion [3].

Process of improving democracy assumes further development of rights guarantees for all citizens from possible abuses on the part of officials. As in field of information protection, still there is a lot of uncertainty about the person.

Certainly the trend of growing number of information types on the person accrued by data banks is objective, it is determined by increase of a role of information in solving global manufacture and welfare problems. However it is obvious that collected data should be limited: first, by the most necessary data only^; second, by real possibility of making harm to legitimate interests of citizens on whom information is collected. Appearance of large electronic information systems accumulating huge files of such data, allows to create rather concrete image of the person and to develop the corresponding control system. It is possible to create such system not only for the separate person, but also for group of people. As a result the standard principle of “a presumption of innocence” as person exposed to illegal supervision, without his knowledge, finds himself in position of a suspect or even accused.

Concerning maintenance and legality of civil rights and liberties realization, and also use of computer facilities, it is necessary to pay attention to experience of developed countries in this sphere. So, the Congress of the USA has adopted corresponding laws allowing citizens, mass media and organizations to learn information of federal government agencies.

The right to request information concerning documentation of federal enforcement authorities: Ministries, administrative and military departments, governmental corporations and other authorities. These laws do not extend on documentation of such elective official positions as the President, Vice President, Senators and members of the House of Representatives of the Congress.

Besides the Information Law has established a number of restrictions on general rules, having defined concrete categories of information, which is not to be disclosed to citizens by their inquiries.

These categories are:
• secret documents^;
• office regulations, rules, instructions, directions^;
• information which is not to be disclosed according to other laws^;
• confidential business information (commercial and financial information on entrepreneur activity of individuals and corporations)^;
• official mail^;
• information on private life^;
• information on criminal investigative work of law enforcement^;
• information of financial institutions.

When use of information can entail forfeit of civil rights, privileges or capacities guaranteed by federal programs of public assistance, institution should receive information directly from the citizen whenever it is possible.

Documented information (document) - information fixed in any tangible carrier with properties, allowing to identify it.

The owner of information resources, information systems, technologies and means of their maintenance owns and uses the specified objects, and realizes authority of order in the limits of this law.

Information user (consumer) accesses information system or intermediary in order to get the necessary information.

Users are citizens, public authorities, institutions of local government, organizations and public associations have equal rights to access the state information resources. They are not obliged to prove necessity for reception of information required by the owner of these resources. Exception is the information with restricted access.

Access of natural persons and legal entities to the state information resources is the basis of realization of public control on activity of public authorities, institutions of local government, public, political and other organizations. It also covers economy, ecology and other spheres of public life.

Information from the state information resources received on legal bases can be used for creating the derivative information with a view of its commercial distribution with obligatory reference to a source. A source of profit in this case is the result of work and invested funds while creating derivative information, but not initial information.

The order of accumulating and processing of documented information with restricted access, rules of its protection, and order of access are determined by public authorities responsible for certain files and information types, according to their competence, or its direct owner, according to law.

Citizens and organizations have the right to access the documented information, the right on specification of this information with a view of its completeness and reliability. Also they have the right to know, who, and for what purposes, uses or used this information. Restriction of access to such information for citizens and organizations is allowable only on the bases provided for by law [4]. The owner of information resources is obliged to provide observance of information processing and granting rules. They are established by the corresponding laws or the owner of these information resources, according to these laws. The owner also accounts for violations of these rules in the order provided for by the corresponding laws.

All kinds of information systems and networks, technologies and means of their maintenance production make up a special branch of economic activities which development is defined by the state policy of informatization.

State and other organizations, and also citizens have equal rights on development and manufacture of information systems, technologies and means of their maintenance. Information systems, technologies and means of their maintenance can be property objects of individuals and legal entities, states. Individuals or legal entities, at whose expense these objects were created, purchased or received as inheritance, donations, or in other legal way are considered to be owners of information system, technology and means of their maintenance.

Information systems, technologies and means of their maintenance are the goods (products) with observance of exclusive rights of their developers. The proprietor of information system, technology and means of their maintenance defines the terms of their use.

Maintenance means of information systems and their technologies are software, technical, linguistic, legal, organizational means (software for computers^; computer and communication facilities^; dictionaries, vocabularies and glossaries^; instructions and methods^; regulations, statutes, duty instructions^; schemes and their descriptions, other operational and accompanying documentation), used or created during designing of information systems and providing their operation.

The proprietor of information resources, information systems, technologies and means of their maintenance realizes authorities of ownership, usage, order of the specified objects in full extent.

The copyright and the property right on information systems, technologies and means of their maintenance may belong to different persons. The proprietor of information system, technology and means of their maintenance is obliged to protect rights of their author according to law.

Information systems, data bases and databanks designed for information services for citizens and organizations, are subject to certification in accordance with established procedure.

Organizations carrying out works in field of designing, development of information protection means and processing of personal data, receive licenses for this kind of activity. The order of licensing is defined by the corresponding legislation.

Computing system assignation for a wide range of users creates a certain risk concerning safety, for not all clients will fulfill requirements on its maintenance.

The order of data carriers storage should be precisely determined in the corresponding legal document. This act should provide for full safety of data carriers, convenience of necessary carriers search, control of information work, responsibility for unauthorized access to data carriers on purpose of copying, modifying or erasing, etc.

It is possible to get latent access to information archives which are concentrated in one place in great volumes. Besides the opportunity of remote information reception through the terminals located far away from places of data storage has appeared. Therefore, information security requires essentially new methods and means developed in view of information value, operating conditions, technical and software opportunities of computers and other means of collecting, transferring and processing. Certain actions of protection are necessary, when computer resources are used by several users through terminals in "multiprogram" and "division of time" modes.

Here appears a number of legal problems related to files of information, concentrated in databanks, knowledge of public and national value, national secret. Misuse of such information causes significant damage to society and separate person.

Scientists pay fair attention to legal aspects of information security [5]. These problems may arise while computer facilities are used in insufficiently considered way or with malicious intent. They are:

1. Legal questions of information files protection from distortions and establishment of legal responsibility for information safety.
2. Legal and technical questions of stored information protection from unauthorized access.
3. Establishment of legally secured norms and methods of copyright protection and priorities of software developers.
4. Development of actions on legalizing documents created by computers, and forming legal norms determining persons responsible for high quality of other documents.
5. Legal protection of interests of experts transmitting their knowledge in databanks.
6. Establishment of legal norms and legal responsibility for computers use when personal interests conflict with interests of other persons and society and capable to do harm to them.

Absence of appropriate registration and control of works, low labor and industrial discipline of the personnel, access of unauthorized persons to computing resources creates conditions for abusing and causes difficulties for their detection.

Purpose of information security lies in:
• prevention of leakage, theft, loss, distortion, fake of information^;
• prevention of threats for safety of the person, a society, the state^;
• prevention of unauthorized actions on erasing, modifying, distorting, copying, blocking of information^;
• prevention of other forms of illegal interference in information resources and information systems^;
• maintenance of legal regime of the documented information as object of property^;
• protection of constitutional rights of citizens on preservation of personal secret and confidentiality of personal data stored in information systems^;
• preservation of the state secret, confidentiality of the documented information according to the legislation^;
• assurance of rights in information processes, development, manufacture and application of information systems, technologies and means of their maintenance.

Any documented information is to be protected. Illegal manipulation of which can do harm to its proprietor, owner, user and other person.

Control of requirements observance of information security and operation of special software means of protection, and also maintenance of organizational measures of information security systems processing the information with restricted access in non-state institutions, is carried out by public authorities.

Organizations that process restricted access information which is the property of the state, create special services providing information security.

The owner of information resources or the persons authorized by him have the right to fulfill control of requirements on information security and to forbid or to stop information processing in case of violations of these requirements. The proprietor or the owner of the documented information has the right to apply to public authorities for accuracy estimation of performance of norms and requirements on information security in information systems.

The proprietor of the document, document file, information systems or the persons authorized by him establish the order of information granting with instructions on place, time, responsible officials, and also necessary procedures. Also they provide conditions of access to information according to the law.

The owner of the document, document file, information systems provides information security level according to the law.

The risk related to use of uncertificated information systems and means of their maintenance, lies on the proprietor (owner) of these systems and means. The risk related to use of the information received from uncertificated system, lies on the consumer of the information.

Protection of the rights in sphere of forming information resources, their usage, development, production and application of information systems technologies and means of their maintenance is carried out for purpose of preventing offences, suppression of illegal actions, restoration of the broken rights and compensation of the caused damage.

The responsibility for infringements of the international norms and rules in field of information resources forming and using, creating and using of information systems, technologies and means of their maintenance is assigned to public authorities, organizations and citizens according to contracts awarded with foreign companies and other partners including international contracts.

Refusal in access to the open information or granting of unreliable information can be appealed in the court.

The attorney generals and other officials of public authorities, organizations, that are guilty in illegal restriction of access to information and infringement of information security mode, bear the responsibility according to the criminal, civil legislation and legislation on administrative offences.

[1] V. Golubev, Computer Information Is an Object of Legal Relationship, - http://www.crime-research.org/library/Golubev_oct.html
[2] I. Konovalov, Digital ID, - http://www.crime-research.ru/library/2101.html
[3] V. Polivanyuk, Legal Problems of Information Security, - http://www.crime-research.org/eng/library/Polivan0803eng.html
[4] V. Golubev, Legal personality of information relationship participants as an object of legal protection, Information technologies and information security, Scientific works digest, Ministry of Internal Affairs of Ukraine High School of Law, Zaporizhzhya: 1999, Issue 3, #1, p.3.
[5] V. Golubev, Some problems of investigating cybercrimes, - http://www.crime-research.org/eng/library/Golubev_sep.html

^macro[showdigestcomments;^uri[];Information Resources Security]

] ^macro[html_end]