Пошук по сайту

Information security now: what elements are missing?

The use of the World Wide Web and new technologies is accompanied with such phenomena as low level of security culture, increase of online users and dependence on digital infrastructure, spread of unwanted content, development of cyber fraud, information leakages, data loss, unauthorized access to information.

Cyberwarfare and cyberterrorism acquire global nature and pronounced dynamics, complicating their detection and opportunity to counteract.
Banking crime is also expanding, the number of unauthorized interference with computers has increased, and the responsibility for such crimes does not meet the standards of the International Cybersecurity Convention.

For example, according to the criminal proceedings No. 554/8338/17 in Poltava, 1.16 million UAH were stolen from 41 people by three persons; the punishment they received was insignificant, and there are a lot of such cases, since in 2018 the cyber police registered 11 131 criminal proceedings.

The increase in number of information crimes for last five years in 2.5 times means that each of us, especially the state, should improve information security.

What is Information Security?

In the Ukrainian legislation the term is only enshrined in the Law of Ukraine ‘On Basic Principles for the Development of an Information-Oriented Society in Ukraine for 2007-2015’ [1].

To cite examples, information security is about your bank card protection, the integrity of medical data in the helsi system, not forbidden content on social networks, the inability of outside editing of laws on rada.gov.ua, the privacy of messages in messengers, and protection from cyberattacks on critical infrastructure objects, such as Boryspil airport.
What are the state’s priorities in this area?

Accordingly, there are no state strategy in the field of information security and a plan for its implementation in Ukraine.
Even the Cabinet of Ministers of Ukraine Development Strategy does not provide priorities in the field of information security.[2]

In the Doctrine of Information Security of Ukraine is enacted that the national interests of Ukraine in the information field are such vital interests of individuals as:

ensuring the constitutional human rights and freedoms to gather, store, use and disseminate information;
ensuring constitutional human rights for the protection of private life;
protection from destructive information and psychological influences.

However, this document is a set of theoretical concepts about the goals, principles and legal components of information security.
Therefore, there is no understanding of clear tasks and responsible subjects for information security, since it is only the basis for the development of projects, concepts, strategies, targeted programs and action plans on information security of Ukraine.
In recent years, the need for comprehensive and effective approach to the process of ensuring the national information space security has significantly increased, and this is reflected in the regulations of foreign countries.
In Moldova, for example, is in effect the Information Security Strategy that provides a description of security and legal issues, goals, objectives, KPI, and the plan for its implementation with a clear distribution of responsible subjects.

Denmark also has the information and cyber security strategy at the state level, that comprehensively covers information security from the highest state level to human security on the network.

Estonia which is considered as the European leader in digital economy and administration, has been taking care of information security since 1996.

What are the prospects for Ukraine?

In my opinion, given the experience of the world’s best practices, information security in Ukraine should be considered as a system consisting of the four components: legal, technical, communicational and educational.
The legal component should set the rules and guarantee the state system of information protection legal mechanisms, provide the appropriate mechanism for prevention, reaction and investigation of any attacks on information security.

The technical component should provide confidentiality, integrity and accessibility of information with engineering- technical measures;

Communicational component is a provision with system for monitoring and content creation on social networks;
The educational component is an integrated systematic training on information security in educational institutions, as well as training for state authority and municipal government bodies employees, who work with information.

Based on these 4 components you can create the necessary first steps to strengthen information security:

1. To identify specific segments that require information security reform. For example, to conduct comprehensive audits (legal, technical, communicational and educational) in the field of information security in state authorities with the involvement of stakeholders.

2. To form with experts in the field of information security the national information security strategy and a realistic plan for its implementation, based on the identified vulnerabilities.

3. To begin the information security reform implementation.

***

[1] Information security is a condition of vital interests’ protection of human being, society and state, in which harm is prevented through incompleteness, inopportuneness and unreliability of used information; negative information impact; negative consequences of the information technologies use; unauthorized distribution, use and breach of the integrity, confidentiality, and accessibility of information.

[2] The 12.1 goal of the strategy provides only the protection of legally relevant information (on real estate rights, vehicles, corporate rights and other valuable assets).

 

#Information_Security #CyberSafety #інформаційнабезпека #кібербезпека

Анастасія Апетик, Експертка програми "Безпека громад", юристка

0