Information technologies and communications ministry of development tashkent university of information technologies named after muhammad al-khorezmi

Bu sahifa navigatsiya:

• "ENGLISH ” PREPARED ON THE SUBJECT 1-INDEPENDENT WORK Fulfilled

REPUBLIC OF UZBEKISTAN INFORMATION TECHNOLOGIES AND COMMUNICATIONS MINISTRY OF DEVELOPMENT TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES NAMED AFTER MUHAMMAD AL-KHOREZMI KARSHI BRANCH FACULTY OF COMPUTER ENGINEERING AX-11-22-GROUP STUDENT "ENGLISH ” PREPARED ON THE SUBJECT 1-INDEPENDENT WORK Fulfilled: Esanov Asliddin Received: Nigmoyeva Makhlyu KARSHI-2022 Information security information There are a number of public organizations that provide information and assistance on the types of network attacks and their elimination, as well as training. Some of them are listed below with their website: 1. American Society for Industrial Security (ASIS) – American industrial safety organization: offers training in necessary security and holds the certification of “Certified Protection Professional” (Certified Protection Professional). 2. Computer Emergency Response Team Coordination Center (CERT/CC) – Center for the Coordination of the activities of emergency response groups on computers: founded by the Advanced Research Defense Projects Agency of the US Department of Defense with the aim of studying computer and network attacks, finding methods for protecting systems and disseminating basic information about attacks, and is currently located at the Software Engineering Institute To the center's website www.cert.org you can visit through. 3. Forum of Incident Response and Security Teams (FIRST) – incident response and security groups Forum: an International Organization for security, which is a member of more than 100 organizations of educational institutions, departments and Commerce. FIRST was established in order to prevent incidents occurring in local protection and international security and to help them respond quickly. His website – www.first.org. 4. InfraGard: a private industry consortium and the U.S. Federal Department, directed by the CIA, which carries out information exchange in order to protect the infrastructure of critical information systems. A source for more information about InfraGard: www.infragard.net. 5. Information Security Forum (ISF) – Information Security Forum: launched by Coopers and Lybrand as a European security forum, this organization has expanded due to its international activities and was ISF in 1992. The ISF directs its activities by publishing "applied research"and posting at regional summits. You can learn more about this organization www.securityforum.org you can find out from the site. 6. Information Systems Security Association (ISSA) – Information Systems Security Association: it is also an international organization that conducts computer security training and scientific research. ISSA helps sponsor many certification programs such as Certified Information Systems Security Professional (CISSP), Systems Security Certified Practitioner (SSCP), and Certified Information Systems Auditor (CISA). To obtain information about the ISSA organization, refer to this site: www.issa.org. 7. National Security Institute (NSI) – National Security Institute: provides information on all types of threats to security breaches. The computer security part of this organization includes risk announcements, research work, information for managers and regulatory documents on safety and information about state standards. Web address – nsi.org. 8. SysAdmin, Audit, Network, Security (SANS) Institute – System Administrator, audit, network and security institute: offers information, training, research work and other resources for security professionals. Launched under the Global Information Assurance Certification (GIAC) program, the SANS Institute offers a complete training program in the United States and internationally. It provides online security training along with paternity programs. SANS Institute internet shtorm Center for the purpose of studying the degree of danger of some internet threats (Internet Storm Center – isc.incidents.org) founded. Web page of the Institute – www.sans.org. The threat to information security and its types Purpose and conceptual framework for Information Protection In general, the purpose of Information Protection can be expressed as follows: - prevent information leakage, theft, violation, counterfeiting; - prevention of the threat to the security of the individual, society, state; - prevent illegal actions such as destruction, modification, hacking, copying, blocking of information; - prevention of other forms of illegal influence on information resources and information systems, ensuring the legal regime as an object of personal property on documented information; - protection of the constitutional rights of citizens by maintaining the confidentiality and confidentiality of personal information contained in the information system; - preservation of state secrets, ensuring the confidentiality of information documented according to legislation; - ensuring the rights of subjects in Information Processes and in the design, development and application of Information Systems, Technologies and means of their provision. The effectiveness of Information Protection is determined by its timeliness, activity, continuity and complexity. Conducting protective measures in a comprehensive manner ensures the elimination of dangerous channels through which information can be scattered. It is known that the channel of information scattering, which remains open only one, sharply reduces the effectiveness of the entire protection system. An analysis of the state of affairs in the field of Information Protection shows that a fully formed concept and structure of protection is formed, the basis of which is the following: - highly improved technical means of Information Protection, developed on an industrial basis; - the presence of specialized organizations in solving information protection issues; – a sufficiently clearly expressed system of views on this problem; - sufficient practical experience, etc. However, according to Foreign Press reports, criminal actions in relation to information are not decreasing, but rather are gaining a steady trend of growth. The concept of threats to protected information and its structure. According to the general direction, threats to information security are divided into: - Threats to the constitutional rights and freedoms of citizens in the spheres of spiritual development of Uzbekistan, spiritual life and information activities; - threats to the development of the country's Information, Telecommunications and communications industry, to meet the requirements of the domestic market, to enter the world market for its products, as well as to ensure the collection, storage and efficient use of local information resources; - Threats to the functioning in moderation of information and telecommunication systems introduced and created on the territory of the Republic, to the security of information resources. In information computing systems, it is advisable to consider three interrelated organizers from the point of view of ensuring information security: 1) information; 2) technical and software tools; 3) service personnel and users. The purpose of the organization of any information computing systems is to provide users with reliable information at the same time, as well as to maintain their confidentiality. In this case, it is necessary that the task of providing information is solved on the basis of protection against external and internal unauthorized influences. The dissemination of information is seen as an uncontrolled or illegal departure of confedential information from the organization or circle of persons to whom this information is entrusted. There are three manifestations of the threat. 1. The threat to the violation of confidentiality means that in this case the information will be known to those who do not have permission to it. This situation occurs through the acquisition of illegal access when confedential information is transmitted to a stored system or from one system to another. 2. The threat to violation of integrity embodies any deliberate change in information in the computing system or when it is transmitted from one system to another. When criminals intentionally change information, it means that the information integrity has been compromised. Also, the information integrity is considered violated even when illegal changes are made to information due to accidental errors of software and hardware tools. Information integrity is the existence of information in an intact state. 3. The threat of service disruption occurs as a result of the fact that the resources of the computing system remain blocked from being able to be used by other users or criminals as a result of deliberate actions. Access to information is a feature of a system in which information circulates, provides subjects with timely access to information of interest to them without resistance, and is ready for automated services that respond to requests from subjects when addressed at a voluntary time. The principles of Information Protection can be divided into three groups: the use of Information Protection in the protection of legal, organizational and technical intelligence and information processing in means of computational techniques. The practice of using information protection systems shows that only complex information protection systems can be effective. It includes the following measures: 1. Legislation. The use of legal acts in the field of Information Protection, which strictly determine the rights and obligations of legal entities and individuals, as well as the state. 2. Spiritual-boots. Violation of strictly defined rules of conduct at the facility is the formation and support of the environment in which a sharply negative assessment by most employees is introduced. Download 126.86 Kb. Do'stlaringiz bilan baham: