International Journal of Open Information Technologies

This article considers problematic methodological issues arising in the process of scientific organization of protection of restricted information from leakage and disclosure. In particular, it notes the lack of elaboration of terminology in the domestic legislation and its inconsistency in the sectoral legislation, which offers different, sometimes contradictory definitions. Problem statement: to determine the balance of approaches to the protection of restricted access information in the organization, to determine the criteria for the leakage of restricted access information as a specific type of threats to information security. Results: the authors conducted research to select the target approach to the definition of information leakage and its relationship with the disclosure of restricted information, in addition, the article defines approaches to the definition of objects of protection - restricted information - value and regulatory, as well as identified key aspects that should be taken into account in the future when developing a comprehensive system of protection of restricted information from leaks. Practical significance: the proposed approaches can be used by information security specialists of commercial and non-commercial organizations when building threat models of restricted access information and building systems of protection of restricted access information. Discussion: one of the directions of defining approaches to information leakage protection is presented, it is important to continue the synchronization of the conceptual apparatus in the domestic information security system.

[On Information, Information Technologies and Information Protection: Federal Law No. 149-FZ of 27 July, 2006: Adopted by the State Duma on 8 July, 2006]. http://www.kremlin.ru/acts/bank/24157 (In Russ.)

Zarubin A., Smirnov B., Kharitonov S., Denisov D., Main drivers and trends of DLP systems development in the Russian Federation. Journal of Applied Informatics. 2020. Vol. 15, no. 3. p. 75-90. (In Russ., abstract in Eng.) doi: https://doi.org/10.37791/2687-0649-2020-15-3-75-90

Garbuzov G.V., Terenin A.A., Babak N.G. The usage of artificial intelligence technologies in an enterprise trade security policy creating. In: Kibrary, Sberbank. 2021 https://www.sberbank.ru/ru/person/kibrary/articles/tehnologiy_iskusstvennogo_intellekta_v_postroenii_rezhima_kommercheskoy_tayny (In Russ.)

Garbuzov G.V., Terenin A.A. [Artificial Intelligence is on the guard of banking information-2: Experience of Sberbank]. BIS Journal. 2020. no. 2. https://ib-bank.ru/bisjournal/post/1469 (In Russ.)

Kim J., Lee C., Chang H. The Development of a Security Evaluation Model Focused on Information Leakage Protection for Sustainable Growth. Sustainability. 2020. Vol. 12, no. 24. Article number: 10639. doi: https://doi.org/10.3390/su122410639

Dobrobaba M.B. Legal framework for personal data protection while using artificial intelligence technologies. In: Sinyukov V.N. (ed.) et. al. Proceedings of the X Moscow Legal Forum on Russia’s Sustainable Development: Legal Environment. Part 1. M.: MSAL; 2023. p. 168-172. EDN: DABYFL (In Russ.)

[On Approval of the Federal Accounting Standard FAS 14/2022 "Intangible Assets": Order of the Ministry of Finance of the Russian Federation No. 86n of 30 May 2022]. https://www.consultant.ru/document/cons_doc_LAW_420322 (In Russ.)

[On approval of the federal valuation standard "Valuation of intellectual property and intangible assets (FSO XI)": Order of the Ministry of Economic Development of Russia No. 659 of 30 November, 2022]. https://www.consultant.ru/law/hotdocs/78280.html (In Russ.)

Marriott Announces Starwood Guest Reservation Database Security Incident. Marriott News Center. 30 November, 2018. [Electronic resource]. https://news.marriott.com/news/2018/11/30/marriott- announces-starwood-guest-reservation-database-security-incident

Marriott International, Inc. capitalization. All stocks today. 2023. https://www.allstockstoday.com/MAR-market-cap.html

Cost of a Data Breach Report 2023. IBM Security; 2023. https://www.ibm.com/reports/data-breach

2023 Data Breach Report. Washington: Washington State Attorney General’s office. https://newsletter.radensa.ru/wp-content/uploads/ 2023/12/DBR2023-FINAL.pdf

2023 Data Breach Investigations Report. Verizon; 2023. Available at: https://www.verizon.com/business/resources/reports/dbir

[Damage Assessment Due to Information Leaks]. Infowatch. 06 September, 2023. https://www.infowatch.ru/analytics/analitika /otsenka-uscherba-vsledstvie -utechek-informatsii

GOST R 50922-2006 Protection of information. Basic terms and definitions: National standard of the Russian Federation. The date it came into force 01.02.2008. Approved and enacted by Order of the Federal Agency for Technical Regulation and Metrology of December 27, 2006 No. 373-st.

RS BR IBBS-2.9-2016 Ensuring information security of organizations of the banking system of the Russian Federation. Information Leakage Prevention’ (adopted and put into effect by the Order of the Bank of Russia dated April 11, 2016 No. OD-1205). https://cbr.ru/statichtml/file/59420/rs-29-16.pdf

Shvyriaev P.S. Data Breaches: The Main Enemy Within. E-journal "Public Administration". 2022. no. 91. p. 226-241. (In Russ., abstract in Eng.) doi: https://doi.org/10.24412/2070-1381-2022-91-226-241

Liu D., Liu X., Ma L., Chang Y., Wang R., Zhang H., Yu H., Wang E. Research on Leakage Prevention Technology of Sensitive Data based on Artificial Intelligence. In: 2020 IEEE 10th International Conference on Electronics Information and Emergency Communication (ICEIEC). Beijing, China: IEEE Computer Society; 2020. p. 142-145. doi: https://doi.org/10.1109/ICEIEC49280.2020.9152286

Zhu T., Ye D., Wang W., Zhou W., Yu P.S. More Than Privacy: Applying Differential Privacy in Key Areas of Artificial Intelligence. IEEE Transactions on Knowledge and Data Engineering. 2022. Vol. 34, no. 6. p. 2824-2843. doi: https://doi.org/10.1109/TKDE.2020.3014246

Guha A., Samanta D., Banerjee A., Agarwal D. Deep Learning Model for Information Loss Prevention From Multi-Page Digital Documents. IEEE Access. 2021. vol. 9. p. 80451-80465. doi: https://doi.org/10.1109/ACCESS.2021.3084841