Article
Правовые вопросы обеспечения информационной безопасности личности
Purpose. Rapid development of relations in the information sphere requires assurance of information security of the individual, the state and society. The adoption of the updated Doctrine of information security puts the interests of an individual at the head of legal regulation in this area, however, this legal institute still lacks of sufficient regulation in the current legislation. The article aims to examine certain aspects of information security of a person, some problems of terminology usage and classification.
Methods: methodological basis of the research constituted a set of methods of scientific knowledge: general sci- entific methods (materialistic dialectics), private scientific methods (systemic, comparative legal method, etc.). The paper investigates Russian and foreign normative legal acts, scientific works and international documents.
Results. The paper reveals crucial insufficiency in legal regulation of information security of a person. Research pays attention to the need of terminological development. Also, the paper highlights issue of interpretation of relations included into information security sphere. Author concludes that narrow technical interpretation limits the further de- velopment of the industry.
Discussion. The principles and ideas formulated in the work can be used in law-making activities in the field of in- formation security of a person, as well as subsequent development of scientific ideas about legal, ideological, techni- cal and methodological measures to ensure information security of a person.
Widespread acceptance and adoption of cloud computing calls for adaptation and development of existing risk assessment models of information systems. The approach suggested in this article can be used for risk assessment of information systems functioning on the basis of cloud computing technology, and assess the effectiveness of security measures.
Some provisions of SWOT analysis and assessment of its productivity in business are criticized.
This paperwork overviews core technologies implemented by comparably new products at information security market - web application firewalls. Web applications are a very wide-used and convenient way of presenting remote users with access to corporate information resources. It can however become single point of failure rendering all the information infrastructure unreachable for legitimate clients. To prevent malicious access attempts to endpoint information resources and, intermediately, to web server, a new class of information security solutions has been created. Web application firewalls function at the highest, seventh layer of ISO/OSI model and serves as a controlling tunnel for all the traffic heading to and from company’s web application server(s). To ensure decent levels of traffic monitoring and intrusion prevention web application firewalls are equipped with various mechanisms of data exchange session “normalness” control. These mechanisms include protocol check routines, machine learning techniques, traffic signature analysis and more dedicated means like denial of service, XSS injection and CRRF attack prevention. Ability to research and add user rules to be processed along with vendor-provided ones is important since every company has its own security policy and, therefore the web application firewall should provide security engineers with ways to tweak its rules to reflect the security policy more precisely. This research is based on wide practice experience integrating web application firewalls into security landscape of various organizations, their administration and customization. We illustrate our research of available filtering mechanisms and their implementations with example product features by market leaders, schemes and screenshots from real web application firewall systems.
The use of hardware virtualization for ensuring information security is discussed. A review of various approaches to improving the security of software systems based on virtualization is given. A review of possible scenarios of using virtualization by intruders is also presented. The application domains and limitations of the available solutions and perspectives of future development in the field are discussed.
In this paper we present a virtualization-based approach of protecting execution of trusted applications inside potentially compromised operating system. In out approach, we do not isolate application from other processes in any way; instead, we use hypervisor to control processes inside OS and to prevent undesired actions with application resources. The only requirement for our technique to work is presence of hardware support for virtualization; no modifications in application or OS are required.
These Conference Proceedings combines materials of the conference – research pa- hese Conference Proceedings combines materials of the conference – research papers and thesis reports of scienti ers and thesis reports of scientific workers and professors. It examines the problematic c workers and professors. It examines the problematic of risks and safety in rapidly changing world. Some articles deal with questions of social f risks and safety in rapidly changing world. Some articles deal with questions of social and political relations in emerging information society. A number of articles are covered nd political relations in emerging information society. A number of articles are covered with problems of environmental security and anti-emergency. Some articles are devoted ith problems of environmental security and anti-emergency. Some articles are devoted to technosphere and nature in the context of problems of life and health. o technosphere and nature in the context of problems of life and health.
The article is devoted to a particular form of freedom of assembly — the right to counter-demonstrate. The author underlines the value of this right as an element of democratic society, but also acknowledges the risk of violent actions among participants of opposing demonstrations. Due to this risk, the government may adopt adequate measures restricting the right to counter-demonstrate, certain types of which are analyzed in this paper.
Development of standards of international controllability is reviewed in the article. Institutional approach is applied to development of international legal regime of Energy Charter. Definition of controllability is connected to development of international standards of dispute settlement, which are described in the article in detail. In connection with controllability, Russian interest, defense of investment in European Union and ecological investment encouragement, is reviewed in the article.
мировое управление и управляемость, Мировая экономика, международное экономическое право, энергетическая хартия, International control and controllability, International economics, international economic law, Energy Charter
международное частное право; недвижимость; ; школа бартолистов; бартолисты; теория статутов; статуарная теория/