CHAPTER 2. the problems OF protecting AGAINST malicious PROGRAMS AND SPAM
To efficiently counteract the distribution of malicious programs and spam, the adoption of comprehensive measures at different levels is necessary. An efficient solution to this problem is impossible without the participation of all interested parties. The following participants have to be involved to solve the problem:
program and hardware developers;
state executive and legislative bodies.
We must realize that no measures can guarantee complete protection. We can only talk about the minimization of risks rather than their complete elimination.
2.1. The Improvement of Regulations
The proper support of the informational security system development which includes the use of certified and licensed hardware and the subsequent certification of the system is one of the directions in the improvement of regulation with respect to malicious programs and spam
In spite of the considerable number of regulations in force in the field of information protection there exists a gap between the actual level of information and communication technologies and the legislation regulating their design, introduction, and operation. In particular, it is necessary to issue a document about terms and definitions in the area of malicious programs and spam and eliminate ambiguous interpretations of the corresponding concepts. It seems advisable to study the problem of regulatory strengthening of the responsibility of the state and non-governmental employees to observe a security policy in organizations (especially for actions which may result in the distribution of viruses or a decrease in the resistance of an infocommunication system to attacks).
In regulatory and technical terms, it is necessary to begin development of a set of profiles to protect against malicious programs according to the GOST/ISO IEC 15408 standard.
There is no need as yet to pass a separate law on spam, as amendments and additions to existing federal laws as well as regulations and laws at another level would be quite enough.
The federal law "On Advertising" should be supplemented with an article about distribution of advertising by electronic means (including computer networks and communication facilities), having established that the general procedures for regulating advertising activity with features resulting from the specifics of the technical means used are to be applied to such distribution.
The Code on administrative violations should be supplemented with an article about the administrative responsibility for distribution of unsolicited electronic and postal advertising and other kinds of messages.
The federal law "On postal communications" should be supplemented with a provision about the procedure for the delivery of mail to mailboxes whose subscribers have clearly expressed an unwillingness to receive advertising messages. This is not about a prohibition on receiving letters and newspapers in general. It means that, firstly, all mail should pass through post offices (i.e. should be sealed and postage paid), and, secondly, mail marked as "advertising" should not be delivered to mailboxes with stickers like "No advertising!"
2.2. THE Development of A SECURITY policy