Draft Doctrine of Information Security of the Russian Federation
After a short wait, the Draft Information Security Doctrine of the Russian Federation appeared on the Web. The document is very high-level, defining only common goals and directions for the development of an information security system. Therefore, the document does not contain any specific descriptions of the procedures, products, instructions, and so on. Nevertheless, the document is very interesting. First of all, itβs interesting how the state sees information security and how it sees the role of citizens in information security.
Let us leave aside the political component of this document (one way or another, each state has its own interests and each state naturally wants to defend them) and look at it exclusively from the point of view of ensuring information security.
')
The curious begins in the section of terms and definitions. Say there are national interests?
That is, national interests are primarily the interests of the state, and not the interests of society as a whole or of individual citizens. The truth is the next paragraph the interests of society and the state leads on the same level:
Further, the situation is clarified:
That is, each of the three parties must sacrifice something for security purposes. In general, the situation raises no questions - we all live in society and must take into account the interests of other persons. But who determines who and what should be done? Moreover, the document has one more point:
That is, the infringement of the rights and freedoms of citizens is unacceptable. It turns out that the state should sacrifice its interests? The question is extremely interesting, but the document is not disclosed - although at the end of the document it is said that:
In this regard, it is extremely interesting - should such a large-scale program pass through the legislature?
But back to the beginning of the document - in the definitions section:
Again, the bias towards measures by the state, whereas without the support of society (for example, computer literacy education), ensuring such large-scale measures is hardly unrealizable.
Strange, but in the above definition among the resources to be protected there are no resources hosted on foreign servers. Even if a company stores its data on servers in Russia, it is often necessary to store and process data on servers located all over the world. The state refuses to protect the interests of companies or security requirements do not apply to foreign servers?
Due to what do the authors of the Project see an increase in information security?
Unfortunately, most of the points of the project are devoted to strengthening the vertical of power and improving the perfection of the administrative mechanism. In order not to create an incorrect impression - in fact, this is also a necessary thing - let us recall at least the quality of the elaboration of laws in the field of information security, the level of tenders, and so on. It is necessary to improve in this area a lot. And this is also stated in the document:
What does the document say about the role of individuals in enhancing information security?
Again, mainly measures by the state - about increasing the relevance of knowledge through interaction with companies of various types, involving institutions in the process of releasing new products, developing new technologies - not a word
And the development of the personality is again assumed through administrative measures - legal regulation and the development of legal awareness in one point.
Mentioned in the document and the fashionable topic of public-private partnership:
But certification will not be able to leave.
If conclusions are drawn, the document is not bad, but I would very much like to correct its bias towards strengthening the interaction between the state and society β for example, in developing the same security concept β after all, it will concern us all.
Let us leave aside the political component of this document (one way or another, each state has its own interests and each state naturally wants to defend them) and look at it exclusively from the point of view of ensuring information security.
')
The curious begins in the section of terms and definitions. Say there are national interests?
That is, national interests are primarily the interests of the state, and not the interests of society as a whole or of individual citizens. The truth is the next paragraph the interests of society and the state leads on the same level:
Further, the situation is clarified:
That is, each of the three parties must sacrifice something for security purposes. In general, the situation raises no questions - we all live in society and must take into account the interests of other persons. But who determines who and what should be done? Moreover, the document has one more point:
That is, the infringement of the rights and freedoms of citizens is unacceptable. It turns out that the state should sacrifice its interests? The question is extremely interesting, but the document is not disclosed - although at the end of the document it is said that:
In this regard, it is extremely interesting - should such a large-scale program pass through the legislature?
But back to the beginning of the document - in the definitions section:
Again, the bias towards measures by the state, whereas without the support of society (for example, computer literacy education), ensuring such large-scale measures is hardly unrealizable.
Strange, but in the above definition among the resources to be protected there are no resources hosted on foreign servers. Even if a company stores its data on servers in Russia, it is often necessary to store and process data on servers located all over the world. The state refuses to protect the interests of companies or security requirements do not apply to foreign servers?
Due to what do the authors of the Project see an increase in information security?
Unfortunately, most of the points of the project are devoted to strengthening the vertical of power and improving the perfection of the administrative mechanism. In order not to create an incorrect impression - in fact, this is also a necessary thing - let us recall at least the quality of the elaboration of laws in the field of information security, the level of tenders, and so on. It is necessary to improve in this area a lot. And this is also stated in the document:
What does the document say about the role of individuals in enhancing information security?
Again, mainly measures by the state - about increasing the relevance of knowledge through interaction with companies of various types, involving institutions in the process of releasing new products, developing new technologies - not a word
And the development of the personality is again assumed through administrative measures - legal regulation and the development of legal awareness in one point.
Mentioned in the document and the fashionable topic of public-private partnership:
But certification will not be able to leave.
If conclusions are drawn, the document is not bad, but I would very much like to correct its bias towards strengthening the interaction between the state and society β for example, in developing the same security concept β after all, it will concern us all.
Source: https://habr.com/ru/post/270475/
All Articles