Social and Legal Studios

Abstract

The lack of comprehensible legal and regulatory instruments ensuring cyber security of Ukraine and protecting the information space of the State, systematic, effective and efficient responses to cyber threats require further research on the subject. The mentioned problems cannot be solved without the introduction of modern laws, regulations and new State policy in the sphere of digital security. The aim of the study, on the basis of the mentioned problems, is to analyze the reasons for the inadequate providing of cyber security of the State in general and the problems of the inefficiency of the regulatory framework in particular. The authors’ idea of strengthening the response to cybercrime, including its organized forms, updates the processing and public discussion of amendments and additions to existing legislation, in particular the expansion of chapter XVI of the Criminal Code of Ukraine “Crimes in the sphere of electronic computers (computers), systems and computer networks”. The vulnerability of Ukraine’s cyberspace stems from the absence of a single unified cyber security strategy, which requires the transformation of the State governance in the area of cyber security. All these initiatives should form a single programme for transforming cyber security. This approach is based on the development of the legal system for cyber security in Ukraine, which should be implemented in the legal and regulatory framework. In contrast to ISO/IEC 27000 series, which focuse on information security management, the security criterion of RD TSI 2.5-004-99, which isn’t corresponding to current requirements, has accordance with the architecture and parameters of the software and hardware of IS regulation – the integrated comprehensive information security system (CISS). On distinction to CISS, the organizational and legal structure of IS system should harmonize and implement modern international standards, primarily the ISO/IEC 27000 series of international standards. A separate problem area is audits of IS systems. In the RD TSI coordinate system, only state-accredited organizations are allowed to conduct audits. International certificates on information security and IT-audit aren’t currently recognized, which negatively affects to the audit quality

Keywords: cyber security, State information security, regulation, cyber threats, computer systems, certification, security management, strategy of cyber security, security information system (SIS), information security management system (ISMS)

Suggested citation