LEGISLATIVE DISTINCTION BETWEEN THE CONCEPTS OF «CYBERSECURITY» AND «INFORMATION SECURITY»

Abstract

In modern conditions of development of society, the system of information interaction actively uses various technical means, telecommunication systems. The level of distribution, receipt, use of necessary knowledge and information affects various spheres of public life. At the same time, the growth of information volumes is so great that for its productive use it is necessary to introduce computers, modern elements of information and communication infrastructure, including the global Internet. The growing scale of use of modern information technologies, widely used in all spheres of state and public activity determines the special relevance of the task of constant improvement of the system of protection of common information resources. At the same time, the factors increasing the need for legislative differentiation between the concepts of "cybersecurity" and "information security" have become obvious. This article outlines the author's positions on the definitions of "information security", "information security in the field of informatization", "cybersecurity"; an analysis of the current versions of legal norms on information security and cybersecurity; foreign practice of ensuring the security of information / data. The importance of information protection is due to the exchange of electronic documents and the provision of electronic services. The problem of ensuring information security, cybersecurity is complex and is associated with the need to combine legislative, organizational measures, further unification of the scientific, technical and economic potential of interested legal entities, the use of existing and the development of new, most effective approaches, methods and means of information protection. Taking into account the provisions of the current legislation, advanced foreign practice, the opinion of the expert community of Kazakhstan, it is recommended to distinguish at the legislative level the concepts of "information security" and "ensuring cybersecurity" as applied to the field of informatization. In addition, in order to introduce into the legislation of the Republic of Kazakhstan and a uniform interpretation of the conceptual and categorical apparatus in ensuring cybersecurity, it is proposed to introduce such definitions as a threat to cybersecurity, a cybersecurity incident. It is proposed to expand the responsibilities of the owner of critical infrastructure facilities.