As the founder of "1C" built a business with revenue of $1 billion (part 3)
Anatoly Karachinsky, head of IBS Group, is more careful in his assessments. He believes that although 1C has done an amazing job showing how a local developer can create a…

Continue reading →

Website editor: head to the Internet
The Internet has everything that can interest and easily find answers to almost all questions. And to ensure that the information on the web-pages was relevant, interesting and readable, follows…

Continue reading →

Not murderers, but partners: how it companies survive in the digital world
Captive it companies of large corporations — Sberbank technologies, LUKOIL-inform, itsk, etc. — have created new markets for traditional it companies. To make money on it, the participants of the…

Continue reading →

Information security specialist

Come up with one, trying to use the other. And have to protect the fruits of their own intelligence. So there was one of the most valuable professions – a specialist in information protection. Today, of course, is inextricably linked to computers.

Protect what?
Initially, the information security system was developed for the needs of the military. The strategic data on defence capability were so important that their leakage could lead to huge human losses. Accordingly, computer security turned to the experience of cryptography, that is, encryption. Cryptographic scripts and special programs appeared, allowing to automate the process of encryption and decryption.

Later, when the need to protect information spread to other areas, it became clear that sometimes encryption greatly complicates and slows down the transmission and use of data. And with the development of computer networks and systems began to appear other tasks.

Over time, there was a classification of secrets that need to be protected. They were divided into six categories: state secret, commercial, banking, professional, official and personal data. It is clear that for different industries and types of enterprises, one or two categories are priority. For science-related production, for example, it is essential to prevent leakage of plans, new developments and tests.

Experts believe that today, in contrast to the past decades, more attention is paid to two things: the availability and integrity of information. Accessibility means that each user can request the necessary service at any time and work in it without complications. On the other hand , during storage and transmission information must remain complete. This is especially true, for example, for banks, where it is important to prevent changes in details, attribution of extra zeros. At the same time, providers or operators absolutely need to maintain the availability and reliability of information systems (server, communication node), because this is the basis of success.

From whom to protect?
So, modern information security is the search for the optimal balance between availability and security. Or, in other words, it is a constant struggle with the stupidity of users and the intelligence of hackers.

There are several myths about who most encroaches on someone else’s information. For example, some exaggerate the chances of hackers. They say that they are such agile guys who only do that steal money from Bank accounts and destroy national security systems. From them and is strongly protected. In fact, hackers take not a number, but a skill. And statistics say that 70-80% of computer crimes are committed by working or fired employees, that is, within companies. Sometimes people with greater authority, passwords, and access to information cannot resist the temptation to take advantage of these benefits. And those who were fired, thus revenge firm, Department or personally dismissed the chief.

As for hackers, today many of them are legally engaged in testing new security programs. Actually, testing is that the program is trying to crack and watch its “reaction”. This is what gives rise to the most serious difficulties in relations with the state in the West.

The fact that in 1998 in the United States was adopted one of the most controversial laws – DCMA (Digital Millennium Copyright Act) – “Copyright act in the digital age.” It prohibited circumventing copy protection and distributing devices that could be used to infringe copyright. Moreover, the punishment under this law should be even in the case when the burglar did nothing but the hacking itself, did not cause material damage. After a specialist checks the reliability of software protection and publishes information about its weaknesses, he can be held liable for violation of the law.

How to protect?
It is clear that today to penetrate the information field of any enterprise or person it is not necessary to break the door or install “bugs”. Experts say: “a Fully protected computer is one that is locked in a safe in an armored room and is not even included in the outlet.” Thieves use programs such as “Trojan horse” (installed on your computer, the simplest just steal all passwords, advanced – allow you to view the contents of the screen, to intercept all the keys entered from the keyboard, change files, etc.). Attacks called “denial of service”, which disable network nodes, have also become fashionable. In this case, the operation of the node becomes impossible for several minutes or even hours. It is clear that such stops bring huge losses.

Criminal practice dictates the principles of the information security specialist. Less and less he is engaged in physical security (access control, video surveillance, etc.) and more – network and computer. There is a schematic diagram, which builds the work of such a specialist.

First, it conducts an information survey and analysis. This is the most important stage, as a result of which there is a so-called “model of the offender”: who, why and how can violate security. To competently conduct a survey, a professional should know the main directions of economic and social development of the industry, prospects, specialization and features of the enterprise, the specifics of competitors, the details of passing information on the units, know the personnel problems and be aware of the “undercurrents” in the team.

At the second stage, internal organizational and legal documents are developed, which maximally streamline information flows. It is clear that additional knowledge is needed here: legislation and law, the basics of organization, planning and management of the enterprise, office work, etc.

Next, an information security specialist manages the acquisition, installation and configuration of security tools and mechanisms. And here he can not do without serious training: information technology and programming, quantum and optical electronics, electronics, cryptographic protection methods, life safety.

Finally, at the next stage it is necessary to maintain, update and modernize the created security system. The largest banks, for example, change the software responsible for protection approximately every six months. In the departments that deal with security, work, as a rule, the most experienced programmers who are constantly trained and receive additional qualifications.

Let me learn
The demand for information security professionals is growing slowly but surely. If a few years ago, the heads of many small firms were puzzled mainly by physical security, every year increases the need for technically competent, fully trained professionals in the field of computer protection.

Accordingly, the competition for faculties that produce such specialists increases, the salary increases (the head of the information protection Department of a small Bank receives an average of $1-1.5 thousand) and the work becomes more complicated.

As the founder of "1C" built a business with revenue of $1 billion (part 3)
Anatoly Karachinsky, head of IBS Group, is more careful in his assessments. He believes that although 1C has done an amazing job showing how a local developer can create a…


Former head of Yota Devices decided to make money on hockey
Vladislav Martynov launches a system of processing and analysis of sports matches The Iceberg project, created by the team of Yota Devices co-founder Vladislav Martynov, will work on November 24.…


In the XXI century it is impossible to imagine modern society without gadgets, smartphones, tablets or smart watches. Undoubtedly, these devices make our lives easier and bring diversity to our…


"Code is the law": how to avoid substitution of the principle of decentralization (part 1)
The history of the Ethereum platform — will the blockchain really open an era of managed self-regulation? The end of winter was marked by the merger of several dozen companies,…