Bezpečnost (podnikových) informačních systémů

Abstract

S rozvojem informačních technologií vzrůstají i možnosti jejich zneužívání. Příspěvek představuje jeden z pohledů na bezpečnost informačních systémů. Ukazuje analogické principy jak pro podnik, tak pro státní instituci. Je charakterizováno pojetí bezpečnostních funkcí a mechanizmů, bezpečnostní politika, hierarchická struktura bezpečnostní politiky, vnější bezpečnost, vnitřní bezpečnost, proces výstavby bezpečnosti informačního systému a naplňování požadavků integrity dat.

The security of information systems is based upon three basic building blocks, these are: the Security Policy, External Security, and i"nternal Security of information technology systems. It is possible to consider all elements as "classical", and their resolution in the main does not directly correspond to developments in information technologies. This development is profoundly influenced by the last of these basic elements of security, i.e. security measures implemented within an information technology. It is possible to break down this security aspect into several sub-components. Some of which have already been theoretically as well as practically dealt with. This cannot however be said in full for areas corresponding to the integrity of data and indirectly, with the integrity of the overall system. It is precisely this issue of integrity in the form of data protection that is today being devoted increased levels of attention, since it is impossible to resolve and assure it on a general basis - in contrast to the majority of other security functions. Data security integrity is always closely associated with concrete implementations of information systems, since the data integrity function has to ensure the correctness and consistency of the data being administered - including its relationship to the real world. It is clear that the absolute enforcement of data integrity is not realistic, and that security functions must attempt to minimalise any insufficiencies. In view this situation leads to the necessity for transferring part of the security problem and attendant issues directly into the creation of those applications themselves that are directly associated with the solutions designed for a concrete system, and the consistent enforcement of the functions and mechanisms of data processing management.of these facts, the enforcement of a commensurate degree of data integrity is projected onto the necessity for the enforcement of the correct and approved procedures for administering and working with data.