Information Resources Security
Date: November 19, 2003Source: Computer Crime Research Center
By:
... not only for the separate person, but also for group of people. As a result the standard principle of “a presumption of innocence” as person exposed to illegal supervision, without his knowledge, finds himself in position of a suspect or even accused.
NextConcerning maintenance and legality of civil rights and liberties realization, and also use of computer facilities, it is necessary to pay attention to experience of developed countries in this sphere. So, the Congress of the USA has adopted corresponding laws allowing citizens, mass media and organizations to learn information of federal government agencies.
The right to request information concerning documentation of federal enforcement authorities: Ministries, administrative and military departments, governmental corporations and other authorities. These laws do not extend on documentation of such elective official positions as the President, Vice President, Senators and members of the House of Representatives of the Congress.
Besides the Information Law has established a number of restrictions on general rules, having defined concrete categories of information, which is not to be disclosed to citizens by their inquiries.
These categories are:
• secret documents;
• office regulations, rules, instructions, directions;
• information which is not to be disclosed according to other laws;
• confidential business information (commercial and financial information on entrepreneur activity of individuals and corporations);
• official mail;
• information on private life;
• information on criminal investigative work of law enforcement;
• information of financial institutions.
When use of information can entail forfeit of civil rights, privileges or capacities guaranteed by federal programs of public assistance, institution should receive information directly from the citizen whenever it is possible.
Documented information (document) - information fixed in any tangible carrier with properties, allowing to identify it.
The owner of information resources, information systems, technologies and means of their maintenance owns and uses the specified objects, and realizes authority of order in the limits of this law.
Information user (consumer) accesses information system or intermediary in order to get the necessary information.
Users are citizens, public authorities, institutions of local government, organizations and public associations have equal rights to access the state information resources. They are not obliged to prove necessity for reception of information required by the owner of these resources. Exception is the information with restricted access.
Access of natural persons and legal entities to the state information resources is the basis of realization of public control on activity of public authorities, institutions of local government, public, political and other organizations. It also covers economy, ecology and other spheres of public life.
Information from the state information resources received on legal bases can be used for creating the derivative information with a view of its commercial distribution with obligatory reference to a source. A source of profit in this case is the result of work and invested funds while creating derivative information, but not initial information.
The order of accumulating and processing of documented information with restricted access, rules of its protection, and order of access are determined by public authorities responsible for certain files and information types, according to their competence, or its direct owner, according to law.
Citizens and organizations have the right to access the documented information, the right on specification of this information with a view of its completeness and reliability. Also they have the right to know, who, and for what purposes, uses or used this information. Restriction of access to such information for citizens and organizations is allowable only on the bases provided for by law [4]. The owner of information resources is obliged to provide observance of information processing and granting rules. They are established by the corresponding laws or the owner of these information resources, according to these laws. The owner also accounts for violations of these rules in the order provided for by the corresponding laws.
All kinds of information systems and networks, technologies and means of their maintenance production make up a special branch of economic activities which development is defined by the state policy of informatization.
State and other organizations, and also citizens have equal rights on development and manufacture of information systems, technologies and means of their maintenance. Information systems, technologies and means of their maintenance can be property objects of individuals and legal entities, states. Individuals or legal entities, at whose expense these objects were created, purchased or received as inheritance, donations, or in other legal way are considered to be owners of information system, technology and means of their maintenance.
Information systems, technologies and means of their maintenance are the goods (products) with observance of exclusive rights of their developers. The proprietor of information system, technology and means of their maintenance defines the terms of their use.
Maintenance means of information systems and their technologies are software, technical, linguistic, legal, organizational means (software for computers; computer and communication facilities; dictionaries, vocabularies and glossaries; instructions and methods; regulations, statutes, duty instructions; schemes and their descriptions, other operational and accompanying documentation), used or created during designing of information systems and providing their operation.
The proprietor of information resources, information systems, technologies and means of their maintenance realizes authorities of ownership, usage, order of the specified objects in full extent.
The copyright and the property right on information systems, technologies and means of their maintenance may belong to different persons. The proprietor of information system, technology and means of their maintenance is obliged to protect rights of their author according to law.
Information systems, data bases and databanks designed for information services for citizens and organizations, are subject to certification in accordance with established procedure.
Organizations carrying out works in field of designing, development of information protection means and processing of personal data, receive licenses for this kind of activity. The order of licensing is defined by the corresponding legislation.
Computing system assignation for a wide range of users creates a certain risk concerning safety, for not all clients will fulfill requirements on its maintenance.
The order of data carriers storage should be precisely determined in the corresponding legal document. This act should provide for full safety of data carriers, convenience of necessary carriers search, control of information work, responsibility for unauthorized access to data carriers on purpose of copying, modifying or erasing, etc.
It is possible to get latent access to information archives which are concentrated in one place in great volumes. Besides the opportunity of remote information reception through the terminals located far away from places of data storage has appeared. Therefore, information security requires essentially new methods and means developed in view of information value, operating conditions, technical and software opportunities of computers and other means of collecting, transferring and processing. Certain actions of protection are necessary, when computer resources are used by several users through terminals in "multiprogram" and "division of time" modes.
Here appears a number of legal problems related to files of information, concentrated in databanks, knowledge of public and national value, national secret. Misuse of such information causes significant damage to society and separate person.
Scientists pay fair attention to legal aspects of information security [5]. These problems may arise while computer facilities are used in insufficiently considered way or with malicious intent. They are:
1. Legal questions of information files protection from distortions and establishment of legal responsibility for information safety.
2. Legal and technical questions of stored information protection from unauthorized access.
3. Establishment of legally secured norms and methods of copyright protection and priorities of software developers.
4. Development of actions on legalizing documents created by computers, and forming legal norms determining persons responsible for high quality of other documents.
5. Legal protection of interests of experts transmitting their knowledge in databanks.
6. Establishment of legal norms and legal responsibility for computers use when personal interests conflict with interests of other persons and society and capable to do harm to them.
Absence of appropriate registration and control of works, low labor and industrial discipline of the personnel, access of unauthorized...
Add comment
Email to a Friend
