The principle of legality and validity provides that the protected information, according to its legal status, refers to information that needs protection in accordance with the deal rooms.
Set Up a Useful Deal Room
The essence of the principle of openness of protection mechanisms and algorithms is that knowledge of algorithms for the operation of the protection system on should not allow even the developer of protection to overcome it. However, this does not mean at all that information about a specific protection system should be publicly available, it is necessary to provide protection against the threat of disclosure of system parameters.
Protection mechanisms should be intuitive and easy to use. The use of protective equipment should not be associated with the performance of actions that require significant additional labor costs during the normal work of legitimate users, and should not require the user to perform operations that are obscure to him. The manifestation of qualitative, revolutionary changes, which consist not only in individual digital transformations but also in a fundamental change in the structure of the economy, in the transfer of centers for creating added value to the sphere of building digital resources and end-to-end digital processes.
Deal room effective information protection is possible only on the basis of the integrated use of all known methods and approaches to solving this problem. A number of requirements are imposed on the concept of comprehensive protection:
- Development and bringing to the level of regular use of all the necessary mechanisms to ensure the required level of information security;
- The existence of mechanisms for the practical implementation of the required level of security;
- Availability of means of rational implementation of all necessary measures to protect information on the basis of the achieved level of development of science and technology;
- Development of methods for optimal organization and provision of all protection measures in the process of information processing.
A Systematic Approach on Setting Up relevant and Useful Deal Room
A systematic approach to protecting an information system implies the need to take into account all interrelated, interacting, and time-changing elements, conditions, and factors:
- For all types of information activities and information manifestations;
- In all structural elements;
- For all modes of operation;
- At all stages of the life cycle;
- Taking into account the interaction of the protected object with the external environment.
When ensuring the security of an information system with deal rooms, it is necessary to take into account all the weak, most vulnerable points of the information processing system, as well as the nature, possible objects, and directions of attacks on the system by violators (especially highly qualified intruders), ways of penetrating distributed systems and ways of unauthorized access to information. The protection system should be built not only taking into account all known penetration channels but also taking into account the possibility of the emergence of fundamentally new ways of implementing security threats. Should provide functionality that limits the data, transactions, and hardware required for users to fulfill their roles. Access permissions must include but are not limited to, read-only and read-write modes.
It is important to correctly choose the sufficient level of protection at which the costs, risk, and amount of possible damage would be acceptable (the task of risk analysis). External conditions and requirements change over time. The measures taken and the remedies established can provide both excessive and insufficient levels of protection. In order to be able to vary the level of protection, protective equipment must have certain flexibility.