Explain what information systems are. State information systems (GIS): practical issues of information security

Settings

The set of software, hardware, organizational support and personnel, which is designed to provide the right people with the information they need in a timely manner, is called an information system. In this article we will talk in more detail about what an information system is, we will give information about some types of existing systems.

Information system

In the second article of the Law on Information, the following definition of IP is given: an information system is a collection of information contained in databases, and technical means and information technologies that ensure its processing.

IP signs:

  • Performing one or more functions in relation to information;
  • Unity of the system, implying the presence of a common file base, uniform standards and protocols, uniform management, and more;
  • The ability to perform the specified functions to create compositions and decomposition of system objects.

Basic requirements for IP:

  • Efficiency;
  • Functioning quality: consistency with standards, accuracy, security;
  • Reliability. The system should not fail on the following thresholds: information quality, access time, performance,
  • Safety.

What is an automated information system

An automated information system is an interconnected set of software, data, standards, equipment, procedures and personnel, which is designed to process and collect, store, distribute and issue information and meets the requirements that arise from the goals of a particular organization.

In essence, AIS is a man-machine system based on an automated technology for obtaining information, which is used to optimize the management process and information support of personnel in specific activities.

Due to the formalization of processing processes and the complexity of structuring information, the automation of information procedures is difficult. The degree of automation of information processes can range from ten to twenty percent.

What is an information retrieval system

The definition of an ISS is as follows: an information retrieval system is an applied computer environment designed to search, collect, process, sort, store and filter large-scale arrays of information in a structured form.

ISS, information retrieval systems are designed to solve certain types of problems, characterized by their own set of objects and their attributes.

IPS, information retrieval systems are subdivided into:

  1. Documentary. In such information retrieval systems, all stored documents are indexed in a special way. Each individual document is given an individual code, which makes up the search image. That is, the search will be conducted by search images, and not by the documents themselves. Thus, one usually searches for literature in large libraries. The required book is searched for by the number indicated in the catalog card.
  2. Factographic. These information retrieval systems store facts, not documents; these facts relate to any subject area. The search is carried out on the basis of the fact.

Information retrieval systems, IPS include 2 parts of the database:

  • DB is the database itself;
  • DBMS is a database management system.

DB - a set of structured data that relate to a specific subject area.

DBMS is a complex of language and software tools that are necessary for creating a database, keeping them up to date, and organizing the search for the necessary information in them.

The most famous are such DBMS as Microsoft Access, Dbase, FoxPro, Clipper, Paradox.

What is a corporate information system

Any large company, moreover a rapidly developing one, will sooner or later face the problem of organizing information and automation processes that will participate in processing this information.

At the beginning of the development of an organization, it is possible for employees to use standard office applications, but over time, the constant growth of information volumes will set the company the task of organizing a Corporate Information System (CIS).

KIS, Corporate Information System is a scalable system that is designed for the complex automation of the economic activities of organizations, corporations, companies that require unified management.

The introduction of the corporate information system, the corporate information system, will give the following results:

  • Increased resistance to external influences, flexibility and internal control.
  • Increasing the competitiveness and efficiency of the company.
  • Reducing the cost of goods and services.
  • Decrease in warehouse stock.
  • Increase in sales of goods and services.
  • Improving the interaction with suppliers.
  • Reducing the lead time.

All this will contribute to the implementation of the main goal of the corporate information system, the corporate information system, which is to increase the profitability of the organization through the most efficient use of all the company's resources and improve the quality of management decisions made by the management.

We hope that everyone who was interested in the question of what an information system is, could find an answer to it in this article.

Information system (IP) - a system for storing, retrieving and processing information, and the corresponding organizational resources (human, technical, financial, etc.) that provide and disseminate information (ISO / IEC 2382: 2015).

The information system is designed to provide the right people with the right information in a timely manner, that is, to meet specific information needs within a certain subject area, while the result of functioning information systems is an information products - documents, information arrays, databases and information services.

The concept of an information system is interpreted in different ways, depending on the context.

A fairly broad understanding of the information system implies that its integral components are data, technical and softwareas well as personnel and organizational arrangements. Federal law broadly interprets the concept of "information system" Russian Federation "On information, information technology and information protection", meaning by an information system the totality of information contained in databases and information technologies and technical means ensuring its processing.

Among Russian scientists in the field of informatics, the broadest definition of IP is given by M.R.Kogalovsky, in whose opinion the concept of an information system, in addition to data, programs, hardware and human resources, should also include communication equipment, linguistic means and informational resources, which together form a system that provides "support for the dynamic information model of some part of the real world to meet the information needs of users": 59.

A narrower understanding of an information system limits its composition to data, programs, and hardware. Integration of these components makes it possible to automate information management processes and targeted end-user activities aimed at obtaining, modifying and storing information. So, the Russian standard GOST RV 51987 means under the IS "an automated system, the result of which is the presentation of output information for subsequent use." GOST R 53622-2009 uses the term information computing system to denote a set of data (or databases), database management systems and applications that operate on computing facilities as a whole to solve certain problems.

In the activities of the organization, the information system is considered as software that implements the business strategy of the organization. At the same time, it is good practice to create and deploy a single corporate information system that meets the information needs of all employees, services and departments of the organization. However, in practice, the creation of such a comprehensive information system is too difficult or even impossible, as a result of which the enterprise usually operates several different systems that solve separate groups of tasks: production management, financial and economic activities, electronic document management, etc. Some tasks are "covered" several information systems simultaneously, some of the tasks are not automated at all. This situation is called "patchwork automation" and is quite typical for many enterprises.

Classification by architecture

  • tabletop (desktop), or local
  • distributed (distributed
  • file-server
  • client-server

In client-server ISs, the database and DBMS are located on the server, while workstations contain only client applications.

two-link and multi-link.

In two-link (eng. two-tier) IS only two types of "links": the database server, which contains the database and DBMS (back-end), and workstations, which are client applications (front-end). Client applications access the DBMS directly.

In multi-link (eng. multi-tierapplication servers). Custom client applications do not access the DBMS directly; they interact with middleware. A typical example of a three-tier architecture is modern web applications that use databases. In such applications, in addition to the DBMS tier and the client tier running in a web browser, there is at least one intermediate tier - a web server with the corresponding server software.

  • automated
  • automatic

obligatory

  • information and reference, or information retrieval IS
  • Data processing IC, or decisive IS

  • Economic information system - an information system designed to perform management functions at an enterprise.
  • Medical information system - an information system intended for use in a medical or medical institution.
  • Geographic information system is an information system that provides collection, storage, processing, access, display and distribution of spatially coordinated data (spatial data).

Classification according to the scope of tasks (scale)

  • Personal The IS is designed to solve a certain range of tasks for one person.
  • Group IS is focused on the collective use of information by members of a working group or unit.
  • Corporate IS automates all business processes of an entire enterprise (organization) or a significant part of them: 73, achieving their complete information consistency, redundancy and transparency. Such systems are sometimes called enterprise information systems and integrated enterprise automation systems.

Demand

According to research by the Ministry of Labor of the Russian Federation, for 2015 professions related to the IT industry (database administrator, programmer, web and multimedia application developer, network and system administrator, information resource specialist, information systems specialist, telecommunications maintenance specialist, technician on data protection) are included in the list of the 50 most demanded professions in Russia. The developers of the list considered 1620 professions, more than 13.3 thousand organizations were interviewed.

The information system is:

Information system

Term information system (IS) used in both broad and narrow sense.

IN broad sense an information system is a set of technical, software and organizational support, as well as personnel, designed to provide the right people with the right information in a timely manner.

Also, in a fairly broad sense, the concept of an information system is interpreted by the Federal Law of the Russian Federation of July 27, 2006 No. 149-FZ "On Information, Information Technologies and Information Protection": "an information system is a set of information contained in databases and information technologies that ensure its processing and technical means ".

One of the broadest definitions of IS was given by M. R. Kogalovsky: “An information system is a complex that includes computing and communication equipment, software, linguistic tools and information resources, as well as system personnel and providing support for a dynamic information model of a certain part of the real world to satisfy information needs of users ".

The ISO / IEC 2382-1 standard gives the following definition: "An information system is an information processing system that works in conjunction with organizational resources, such as people, technology and financial resources, that provide and distribute information."

Russian GOST RV 51987 defines an information system as "an automated system, the result of which is the presentation of output information for subsequent use."

IN narrow sense An information system is only a subset of IS components in a broad sense, including databases, DBMS and specialized application programs. IS in the narrow sense is considered as a software and hardware system designed to automate the purposeful activity of end users, providing, in accordance with the processing logic embedded in it, the ability to receive, modify and store information.

In any case, the main task of IS is to meet specific information needs within a specific subject area. Modern IS is de facto inconceivable without the use of databases and DBMS, therefore the term "information system" in practice merges in meaning with the term "database system".

Ideally, a single corporate information system should function within an enterprise that satisfies all existing information needs of all employees, services and departments. However, in practice, the creation of such an all-encompassing IS is too difficult or even impossible, as a result of which several different ISs usually operate in an enterprise that solve separate groups of tasks: production management, financial and economic activities, etc. Some tasks are "covered" simultaneously by several ISs. some tasks are not automated at all. This situation is called "patchwork automation" and is quite typical for many enterprises.

Information systems classifications

Classification by architecture

By the degree of distribution, they are distinguished:

  • tabletop (desktop), or local IS, in which all components (DB, DBMS, client applications) are located on one computer;
  • distributed (distributed) IS, in which the components are distributed over several computers.

Distributed ISs, in turn, are divided into:

  • file-server IS (IS with "file-server" architecture);
  • client-server IS (IS with client-server architecture).

In file-server ISs, the database is located on the file server, and the DBMS and client applications are located on the workstations.

In client-server ISs, the database and DBMS are located on the server, and client applications are located on the workstations.

In turn, client-server ICs are divided into two-link and multi-link.

In two-link (eng. two-tier) IS there are only two types of "links": the database server, which contains the database and DBMS (back-end), and workstations, which are the client applications (front-end). Client applications access the DBMS directly.

In multi-link (eng. multi-tier) IS are added intermediate "links": application servers ( application servers). Custom client applications do not access the DBMS directly; they interact with middleware. A typical use case for multilinks is in modern web applications that use databases. In such applications, in addition to the DBMS link and the client link running in a web browser, there is at least one intermediate link - a web server with the corresponding server software.

Classification by degree of automation

According to the degree of automation, ICs are divided into:

  • automated: information systems in which automation may be incomplete (that is, constant personnel intervention is required);
  • automatic: information systems in which automation is complete, that is, personnel intervention is not required or is required only occasionally.

"Manual IS" ("without a computer") cannot exist, since the existing definitions prescribe obligatory the presence of hardware and software in the IS. As a result, the concepts of "automated information system", "computer information system" and simply "information system" are synonymous.

Classification by the nature of data processing

By the nature of data processing, IP are divided into:

  • information and reference, or information retrieval IS, in which there are no complex data processing algorithms, and the purpose of the system is to search and display information in a convenient form;
  • Data processing IC, or decisive ISwhere data is processed using complex algorithms. These systems primarily include automated control systems and decision support systems.

Classification by scope

Since IS are created to meet information needs within a specific subject area, each subject area (scope) has its own type of IS. It makes no sense to list all these types, since the number of subject areas is large, but the following types of IP can be indicated as an example:

System(system - a whole made up of parts; Greek) is a collection of elements interacting with each other, forming a certain integrity, unity.

System architecture - a set of system properties essential for the user.

System element - a part of the system that has a specific functional purpose. Elements composed of simple interconnected elements are often referred to as subsystems.

System organization - internal orderliness, consistency of the interaction of system elements, manifested, in particular, in limiting the variety of the state of elements within the system.

System structure - the composition, order and principles of interaction of system elements, which determine the basic properties of the system. If individual elements of the system are spaced at different levels and are characterized by internal connections, then they speak of hierarchical structure systems. Adding to the concept system the words informational reflects the purpose of its creation and functioning. Information systems provide collection, storage, processing, search, and delivery of information required in the process of making decisions on problems from any field. They help analyze problems and create new information products.

Information systemis an interconnected set of tools, methods and personnel used to store, process and issue information in order to achieve the goal. The modern understanding of the information system involves the use of a computer as the main technical means of processing information. In addition, the technical implementation of the information system in itself will mean nothing if the role of the person for whom the information is intended is not taken into account and without whom it is impossible to receive and present it.

It is necessary to understand the difference between computers and information systems. Computers equipped with specialized software are the technical base and tool for information systems. An information system is inconceivable without personnel interacting with computers and telecommunications.

In a regulatory sense information system is defined as “an organizationally ordered set of documents (an array of documents) and information technologies, including using the means computing technology and communications that implement information processes ”[RF Law“ On Information, Informatization and Information Protection ”dated 20.02.1995, No. 24-FZ].

Processes in information systems

Information process - “the process of creation, collection, processing, accumulation, storage, search, distribution and consumption of information” [RF Law “On Participation in Information Exchange” dated 04.07.1996, No. 85-FZ].

Information resource - these are separate documents and separate arrays of documents, documents and arrays of documents in information systems (libraries, archives, funds, data banks, other types of information systems) [Law of the Russian Federation "On participation in information exchange"].

In the regulatory aspect document is defined as information recorded on a material medium with details that allow it to be identified. Process documenting transforms information into information resources.

Processes that ensure the operation of an information system of any purpose can be conventionally represented as consisting of the following blocks:

    input of information from external or internal sources;

    processing input information and presenting it in a convenient form;

    output of information for presentation to consumers or transfer to another system;

    feedback is information processed by the people of a given organization to correct the input information.

Information processes are implemented using information proceduresthat implement one or another mechanism for processing input information into a specific result.

There are the following types of information procedures:

    Completely formalized, during which the algorithm for processing information remains unchanged and fully defined (search, accounting, storage, transfer of information, printing documents, calculation on models).

    Informalizable information procedures, during the execution of which new unique information is created, and the algorithm for processing the original information is unknown (the formation of a set of choice alternatives, the choice of one option from the obtained set).

    Poorly formalized information procedures, during which the information processing algorithm can change and is not fully defined (planning task, assessment of the effectiveness of economic policy options).

Functions of information departmentsthat create and maintain information systems (administrator service): notification and processing of requests; maintaining the integrity and safety of information; periodic revision of information; automation of information indexing.

In general, information systems are determined by the following properties:

    any information system can be analyzed, built and managed on the basis of general principles of building systems;

    the information system is dynamic and evolving;

    when building an information system, it is necessary to use a systematic approach;

    the output of an information system is information on the basis of which decisions are made;

    an information system should be perceived as a man-machine information processing system.

Information systems implementation can contribute to:

    obtaining more rational options for solving management problems through the introduction of mathematical methods;

    release of workers from routine work due to its automation;

    ensuring the reliability of information;

    improving the structure of information flows (including the document management system);

    providing consumers with unique services;

    reducing the cost of producing products and services (including information).

Information system concept

GENERAL PRESENTATION

INFORMATION SYSTEMS

TYPES OF INFORMATION TECHNOLOGIES.

INFORMATION TECHNOLOGY.

STRUCTURE AND CLASSIFICATION OF INFORMATION SYSTEMS.

INFORMATION SYSTEMS.

In the past, information was considered a bureaucratic field and a limited decision-making tool. Today information is considered as one of the main resources for the development of society, and information systems and technologies as a means of increasing the productivity and efficiency of people.

Information systems and technologies are most widely used in production, management and financial activities, although shifts have begun in the minds of people employed in other areas, regarding the need for their implementation and active use. This determined the angle of view from which the main areas of their application will be considered. The main attention is paid to the consideration of information systems and technologies from the standpoint of using their capabilities to increase the efficiency of workers in the information sphere of production and support decision-making in organizations (firms).

Purpose of section - to state the main ideas related to the use of information systems and information technologies, to acquaint with the existing variety of types of systems that determine the appropriate information technology for working on a personal computer in order to support decision-making.

AFTER STUDYING THE SECTION YOU SHOULD KNOW:

Ø Concept of information system and information technology

Ø Concepts, ideas, problems of information systems and technologies

Ø The role of information systems and technologies in the development strategy of the organization

Ø Signs of classification of information systems and technologies

Ø The structure of a typical information system

Ø The main types of functional information systems in firms

Ø Components of information technology

Ø The essence of information technology: data processing, management, office automation, decision support, expert systems


· General idea

· The role of the governance structure in the information system

· Examples of information systems

In scientific and technical literature, the terms " system », « control system », « automated control system », « automated information systems ».

The word "system" comes from the Greek systema which means whole, made up of parts or a set of elements connected with each other and forming a certain integrity, unity.

The concept of "system" has a wide range of applications.

Under system understood a set of elements or parts connected with each other and with the external environment, the functioning of which is aimed at obtaining a specific useful result.

In accordance with this definition, almost every economic object can be considered as a system striving in its functioning to achieve a certain goal. An example is the education system, energy, transport, economic, etc.

The system has the following basic properties:

· Complexity;

· Divisibility;

· Integrity;

· The variety of elements and the difference in their nature;

· Structuredness.

Complexity of the system depends on the set of components included in it, their structural interaction, as well as on the complexity of internal and external connections and dynamism.

System divisibility means that it consists of a number of subsystems or elements, selected according to a specific feature that meets specific goals and objectives.

System integrity means that the functioning of many elements of the system is subordinated to a single goal.

Variety of elements systems and differences in their nature is associated with their functional specificity and autonomy. For example, in the material system of an object associated with the transformation of material and energy resources, such elements as raw materials, basic and auxiliary materials, fuel, semi-finished products, spare parts, finished products, labor and money resources can be distinguished.

System structure determines the presence established links and the relationship between elements within the system, the distribution of system elements at levels of hierarchy.

Thus under system understand any object that is simultaneously considered both as a single whole and as a set of dissimilar elements combined in the interests of achieving the set goals. The systems differ significantly from each other both in composition and in terms of their main goals.

Example 1.1. Here are several systems consisting of different elements and aimed at achieving different goals.

Management is the most important function, without which the purposeful activity of any socio-economic, organizational and production system (enterprise, organization, territory) is inconceivable.

The system that implements control functions is called control system. The most important functions implemented by this system are forecasting, planning, accounting, analysis, control and regulation.

Management is associated with the exchange of information between the components of the system, as well as the system with the environment. In the management process, information is obtained about the state of the system at each moment of time, about the achievement (or not achievement) of a given goal in order to influence the system and ensure the implementation of management decisions.

In computer science, the concept of "system" is widespread and has many semantic meanings. Most often it is used in relation to a set of technical means and programs. The hardware of a computer can be called a system. A system can also be considered a variety of programs for solving specific applied problems, supplemented by procedures for maintaining documentation and managing calculations.

Adding the word "information" to the concept of "system" reflects the purpose of its creation and functioning. Information systems provide collection, storage, processing, search, and delivery of information required in the process of making decisions on problems from any field. They help analyze problems and create new products.

INFORMATION SYSTEM - an interconnected set of tools, methods and personnel used to store, process and issue information in order to achieve the goal.

The modern understanding of the information system involves the use of a personal computer as the main technical means of processing information. In large organizations, along with a personal computer, the technical base of an information system may include a mainframe or a supercomputer. In addition, the technical implementation of the information system in itself will mean nothing if the role of the person for whom the information is intended is not taken into account and without whom it is impossible to receive and present it.

Attention! Under ORGANIZATION we will understand a community of people united by common goals and using common material and financial resources for the production of material and information products and services. In the text, two words will be used on an equal basis: "organization" and "firm".

It is necessary to understand the difference between computers and information systems. Computers equipped with specialized software are the technical base and tool for information systems. An information system is inconceivable without personnel interacting with computers and telecommunications.

Thus, any system of management of an economic object has its own information system, called an economic information system.

Economic Information System (EIS) - this is a set of internal and external flows of direct and feedback information communication of an economic object, methods, means, specialists involved in the process of information processing and the development of management decisions.

The information system is a system of information services for employees of management services and performs technological functions for the accumulation, storage, transmission and processing of information. It develops, is formed and functions in the regulations determined by the methods and structure of management activities adopted at a specific economic facility, realizes the goals and objectives facing it.

The modern level of informatization of society predetermines the use of the latest technical, technological, software tools in various information systems of economic objects.

Automated Information System (AIS) represents aggregate information , economic and mathematical methods and models, technical, programmatic, technological means and specialistsdesigned for information processing and making management decisions.

10. Information systems

1. Information systems: definition, purpose of creation, structure.

2. Basic principles of IP development

3. Classification of information systems.

4. Systems of classification and coding of economic information.

IP classes: MR I, MRP II, ERP

1. Information systems: definition, purpose of creation, structure.

Information- this is some information, knowledge about objects and processes of the real world. Economic information is usually displayed in the form of documents.

Document is a material carrier of information that has legal force and is executed in accordance with the established procedure.

System is a complex of interrelated means that act as a whole. Each system is characterized by structure, input and output flows, purpose and restrictions, and a law of functioning.

System covers a complex of interrelated elements that act as a whole in achieving the goals set.

Each system includes components

1. The structure of the system is a set of elements of the system and the relationships between them.

2. Functions of each element of the system

3. Input and output of each element and the system as a whole.

4. Objectives and limitations of the system and its individual elements (achieving cost reduction and increasing profits)

Each system has properties of divisibility and integrity.

IP provides collection, storage, processing of information about the facility supplying workers of various ranks with information for the implementation of management functions.

EIS is system, functioning which is the collection, storage, processing and dissemination of information about the activities of any economic entity in the real world.

EIS are intended for solving problems of processing data of office automation, performing information search and individual tasks based on artificial intelligence methods (from lectures).

Information System (IS) is a software and hardware complex designed for automated collection, storage, processing and delivery of information. Usually ISs deal with large amounts of information that has a rather complex structure. The classic examples of information systems are banking systems, transport ticketing systems, etc.

IP always specializes in information from a certain area of \u200b\u200bthe real world: economics, technology, medicine, etc. The part of the real world displayed in the IS is called subject area ... Therefore, economic IP is an IP whose subject area is economics. In this sense, it acts as an information model of the subject area.

Any system of management of an economic object has its own information system, called an economic information system.

Economic Information System (EIS) - a set of internal and external flows of direct and feedback information communication of an economic object, methods, means, specialists involved in the process of information processing and the development of management decisions.

The information system is information service system for employees of management services and performs technological functions for the accumulation, storage, transmission and processing of information. It is formed, formed and functions in the regulations determined by the methods and structure of management activities adopted at a specific economic facility, realizes the goals and objectives facing it.

IP structure

The most common division of EIS subsystems is the separation of the supporting and functional parts. The functional part is actually a model of the object management system. As applied to control systems, the feature of structuring can be the object control functions, in accordance with which the EIS consists of functional subsystems. The supporting part of the EIS consists of information, technical, software, organizational, legal and other types of support.

Regardless of the features, any EIS consists of functional and supporting parts. The functional part is determined by a set of tasks to be solved, identified for certain types of activities of various economic objects (according to functions).

The supporting part is a complex of interconnected means of a certain type that ensure the functioning of the system as a whole or its individual elements. The supporting subsystems include: information support for IO, technical support for maintenance, software for MO, legal support for Legal A, software software, organizational support for Organizational A, technological support for Tech.

IO - a set of a unified system of classification and coding of information of unified documentation systems, schemes of information flows circulating in organizations, as well as the methodology for constructing a database IO is subdivided into out-of-machine and intra-machine.

Out-of-machine unified documentation system, as well as a classification system for coding accounting information.

Intra-machine - documents and arrays of documents stored in the computer memory in the form of libraries, archives, databases, knowledge bases.

TO - a set of technical means intended for the operation of the IS, as well as the corresponding documentation for these means and technological processes.

Tech.O - focused on the selected information technology for entering the registration of transmission, processing and issuance of effective information. (centralized, distributed, decentralized)

Software - includes: system-wide and special software products, as well as technical documentation (OS, shells, programs ....)

Mat.O. - a set of mathematical methods, models, algorithms for the implementation of the goals and objectives of the IS, as well as the functioning of the complex of technical means.

Org.O - a set of methods and means that regulate the interaction of workers with technical means and among themselves in the process of developing and operating IS.

Right. - a set of legal norms that determine the creation of the legal status and functioning of IP, governing the procedure for obtaining the transformation and use of information. (from lectures)

The structure of information includes in its totality the following concepts: information space, subject area, object, object instance, object properties, object interaction and interaction properties. To describe a subject area means to enumerate objects and relationships between them, and then describe them with attributes and constituent units of information.

The structure of economic information is quite complex and can include various combinations of information aggregates with a certain content. An information set is understood as a group of data characterizing an object, process, operation. By structural composition, information aggregates can be divided into:

    requisites,

    indicators,

    There are about 100 state information systems in the Russian Federation, they are subdivided into federal and regional. An organization operating with any of these systems is required to comply with the data protection requirements that it processes. Depending on the classification, different requirements are imposed on different information systems, for non-compliance with which sanctions are applied - from a fine to more serious measures.

    The operation of all information systems in the Russian Federation is determined by the Federal Law of July 27, 2006 No. 149-FZ (as amended on July 21, 2014) "On Information, Information Technologies and Information Protection" (July 27, 2006). Article 14 of this law provides detailed description GISov. Operators of state information systems processing information of limited access (which does not contain information constituting a state secret) are subject to the requirements set forth in the Order of the FSTEC of Russia dated February 11, 2013 No. 17 “On approval of requirements for the protection of information that does not constitute a state secret contained in state information systems ”.

    Recall that the operator is a citizen or entityoperating the information system, including processing the information contained in its databases.

    If the organization is connected to the state information system, then FSTEC Order No. 17 obliges to certify the system, and only certified information security means (having valid FSTEC or FSB certificates) should be used to protect information.

    It is not uncommon for the operator of an information system to mistakenly classify it as a GIS, while it is not. As a result, redundant security measures are applied to the system. For example, if by mistake the operator of the personal data information system classified it as a state one, he will have to fulfill more stringent requirements for the security of the information being processed than required by law. Meanwhile, the requirements for the protection of personal data information systems, which are regulated by FSTEC Order No. 21, are less stringent and do not oblige to certify the system.

    In practice, it is not always clear whether the system to which you need to connect is state-owned, and, therefore, what measures must be taken to build information protection. Nevertheless, the plan of inspections by regulatory bodies is growing, and fines are steadily increasing.

    How to distinguish GIS from non-GIS

    The state information system is created when it is necessary to ensure:

    • implementation of the powers of government agencies;
    • information exchange between government agencies;
    • achievement of other goals established by federal laws.

    To understand that the information system belongs to the state, you can use the following algorithm:

    1. Find out if there is a legislative act prescribing the creation of an information system.
    2. Check the availability of the system in the Register of Federal State Information Systems. Similar registers exist at the level of the subjects of the Federation.
    3. Pay attention to the purpose of the system. An indirect sign of referring the system to a GIS will be the description of the powers that it implements. For example, each administration of the Republic of Bashkortostan has its own charter, which, among other things, describes the powers of local self-government bodies. The IS “Accounting for citizens in need of residential premises in the territory of the Republic of Bashkortostan” was created to implement such powers of administrations as “the adoption and organization of the implementation of plans and programs for the integrated socio-economic development of the municipal district”, and is a GIS.

    If a system involves the exchange of information between government agencies, it is also highly likely to be government (for example, a system of interdepartmental electronic document management).

    This is GIS. What to do?

    FSTEC Order 17 prescribes the following measures to protect information for GIS operators:

    • formation of requirements for the protection of information contained in the information system;
    • development of an information protection system of an information system;
    • implementation of information protection system of the information system;
    • certification of the information system for information security requirements (hereinafter - certification of ISPD) and putting it into operation;
    • ensuring the protection of information during the operation of the certified information system;
    • ensuring the protection of information during the decommissioning of a certified information system or after a decision has been made to end information processing.

    Organizations that are connected to state information systems should perform the following steps:

    1. Conduct IP classification and identify security threats.

    IP classification is carried out in accordance with clause 14.2 17 of the FSTEC order.

    Information security threats are determined by results

    • assessing the capabilities of violators;
    • analysis of possible vulnerabilities of the information system;
    • analysis (or modeling) possible ways implementation of threats to information security;
    • assessing the consequences of violation of information security properties (confidentiality, integrity, availability).

    2. Formulate requirements for the information processing system.

    System requirements should contain:

    • the goal and objectives of ensuring the protection of information in the information system;
    • security class of the information system;
    • a list of regulatory legal acts, methodological documents and national standards that the information system must comply with;
    • list of objects of information system protection;
    • requirements for measures and means of information protection used in the information system.

    3. Develop a system for protecting the information of the information system.

    To do this, you need to carry out:

    • design of the information security system of the information system;
    • elaboration operational documentation on the information protection system of the information system;
    • prototyping and testing of the information security system of the information system.

    4. Implement the information security system of the information system, namely:

    • installation and configuration of information security tools in the information system;
    • development of documents defining the rules and procedures implemented by the operator to ensure the protection of information in the information system during its operation (hereinafter - organizational and administrative documents for the protection of information);
    • implementation of organizational measures to protect information;
    • preliminary tests of the information security system of the information system;
    • trial operation of the information protection system of the information system;
    • checking the built information protection system for vulnerability;
    • acceptance tests of the information security system of the information system.

    5. To certify ISPDn:

    • to conduct qualification tests;
    • get your hands on a certificate of conformity.

    There is a widespread opinion that the availability of organizational and administrative documents is sufficient to pass the inspection by the regulatory authorities, therefore GIS operators often neglect the implementation of security measures. Indeed, Roskomnadzor pays close attention to documents and the implementation of organizational and administrative measures to protect personal data in an organization. However, if questions arise, specialists from the FSTEC and the FSB can be involved in the audit. At the same time, FSTEC looks very closely at the composition technical protection information and checks the correctness of the compilation of the threat model, and the FSB checks the implementation of the requirements regarding the use of cryptographic information protection tools.

    Oleg Necheukhin, Information Systems Security Expert, "Kontur-Security"

    The article by Nikolai Mikhailovsky, published in this issue of the journal, rightly notes the confusion in IT terminology. This confusion covers not only the concepts of "information system" (IS) and "IP architecture", it is not at all harmless and often prevents in practice from clearly defining what is the subject of development in a specific project: IS, only its KSA (see below) or the whole system (AC)?

    To try to clarify the matter, below are key definitions from regulatory documents and, by comparison, from more general sources. The definitions are selected from the working materials of the author of this note, which were an addition to the main materials of courses for specialists and managers. (This explains the presence of comments and the free arrangement of the material in this article - after all, this is not a glossary!) That is why it is said about it: practice has repeatedly shown that a glossary is not enough either. The creation of a common "conceptual space" - for at least ten course participants - requires another half hour to an hour of discussion to get the same understanding of things like "system", "IS" and "KSA". Finally, with regret, we have to note that outside of the note there was material that could clarify what "System engineering" is, software architecture and other important processes and subjects of design, design and use of systems.

    System:

    A complex consisting of processes, hardware and software, devices and personnel capable of meeting the established needs or goals ().

    Note: close enough to the definition of an automated system (AS) in GOST 34.

    Automated system (AS):

    In the process of functioning, an automated system is a combination of a complex of automation tools, organizational, methodological and technological documents and specialists who use them in the course of their professional activities. (From the guidelines RD 50-680-88 of the GOST 34 series of standards for automated systems (AS).)

    A comment.
    Recent years have been marked by a qualitative expansion of the meaning of the term "system", reflected in the documents of international committees and professional communities focused on IT. There is a transition to an interpretation that is even broader than indicated in, due to the explicit inclusion of components of other types (materials, methods, etc.). In this regard, the relevance of a wider use of the term "information management system" (see, for example, c) and a narrower use of the term "information system" (see below) is growing.

    Information System (IS):

    1) a system designed to collect, transfer, process, store and issue information to consumers and consists of the following main components:

    • software,
    • information Support,
    • technical means,
    • service staff ().

    2) Information system - The collection of people, procedures, and equipment designed, built, operated, and maintained to collect, record, process, store, retrieve, and display information ().

    A comment.
    The IS is initially considered as a system indifferent to the specific goals of users, similar to an automatic telephone exchange, a general-purpose library or a railway station reference service, which provides its information services as a subsystem or an adjacent system to a more general system: an enterprise, city, industry, country, etc. (cm. ). Once again, we note that too often IS is understood as a variety of things - from KSA to AC.

    The standards have a clear definition of the technical concept of "IT system", which is often required to be used instead of IS. So in GOST R ISO / MEK TO 10000-1-99 it is determined

    Information technology system (IT system):

    A collection of information technology resources providing services over one or more interfaces. (This is close to the concept of "a set of automation tools" in guidelines RD 50-680-88 from GOST 34, where the main provisions of this ND complex are given.)

    A set of automation tools for an automated system; KSA AC:

    The collection of all components of the speaker, with the exception of people ().

    Sources (which are not named directly in the text)

    1. Webster's New World Dictionary of Computer Terms, Fourth edition, 1993.
    2. GOST 34.003-90. Information technology... A set of standards and guidelines for automated systems. Terms and Definitions.
    3. D.Meister, J.Rabido, Engineering and psychological assessment in the development of control systems. "Soviet Radio", M. 1970.
    4. The Big English-Russian Polytechnic Dictionary, M., "Russian language", 1991.
    5. Information systems in economics: Textbook / Ed. Prof. V.V. Dick. - M .: Finance and Statistics, 1996.
    6. GOST R ISO / IEC 12207-99. Information technology. Software life cycle processes. GOSSTANDARD OF RUSSIA. Moscow, 1999.
      7.

    Zinder Evgeny Zakharovich,
    chief editor of the magazine "DIS", director of the analytical and design bureau "Group 24".
    You can write to him at the addresses:

Recommended
Microcircuit amplifier TDA7294: description, datasheet and examples of use Low frequency amplifier on tda7294
TDA7294: amplifier circuit
Instructions for making a switching power supply from an energy-saving lamp
Castration of protected Sanyo and Panasonic batteries and a small educational program on Li-ion