Information security in the structure of legal education

This paper explores the issues of information security and liability for violation in the information sphere. In addition, most attention is paid to subjects of legal relations. The entities of legal relations in the field of information security are the individual, the state, the legislative, executive and judicial powers, security system, the Security Council of the Republic of Kazakhstan, the citizens. The behavior of the entities in this field is determined by the requirements of the laws and other normative legal acts in the exercise of their rights and responsibilities to ensure the protection of objects of legal relations. The rights and obligations of the entities are given norms of laws and other normative legal acts establishing the rules of behavior of the entities in the order of the objects of legal protection, control and monitoring of information security. It also imposes restrictions information rights and freedoms in order to protect the interests of citizens, society and state.

The increasing role of information in almost all spheres of life is due to many factors, and especially the formation of the information sector of the economics, equal in importance, and sometimes superior in the resource potential its traditional units such as industry, agriculture and services. Economists view the information as a commodity, an object of market relations, and the lawyers think about legal information security.

Legal regulation of information security is formed on the basis of legal information covering all areas of activity of the information society. They cover all areas of the information society, all the entities and objects of legal relations [1].

Objects and entities of legal relations in the field of information security — is spirituality, morality and intelligence of the individual and society, the rights and freedoms of the individual in the information sphere, democratic system, knowledge and spiritual values of society, constitutional order, sovereignty and territorial integrity of the state. The entities of legal relations in the field of information security are the individual, the state, the legislative, executive and judicial powers, security system, the Security Council of the Republic of Kazakhstan, the citizens. The behavior of the entities in this field is determined by the requirements of the laws and other normative legal acts in the exercise of their rights and responsibilities to ensure the protection of objects of legal relations. The rights and obligations of the entities are given norms of laws and other normative legal acts establishing the rules of behavior of the entities in the order of the objects of legal protection, control and monitoring of information security. It also imposes restrictions information rights and freedoms in order to protect the interests of citizens, society and state. In the formation of the rules of law, establishment of the rights and obligations methods of constitutional, administrative and civil law are applied.

In the Internet there are no geographical and geopolitical borders, thereby it is a «collision» and «breaking» of the national legislation of many countries. On this basis, there is the problem of forming new international information legislation.

Legal liability for violations of the law regulating relations in the sphere of information has a number of specific features. In our view these features are the following:

1) the offense is always associated with the information;

2) the offense can be considered as legal information (if there is a link with information not only direct but also indirect by the presence of its material carrier).

As any legal liability, the responsibility for offenses in the field of information law is implemented in the framework of relations, the entity of which is the offender of information law and the state in the person of the authorized to sanctions of powers. A person made answerable is entitled to protection from such unlawful institution [2].

Specific reasons must be for liability.

With respect to the civil and legal liability of such bases are the terms, which form a part of the civil offense: wrongfulness of behavior (action or inaction) of the person who is supposed to take responsibility, the presence of the victim's loss or damage, including moral, causal connection between the wrongful behavior of the offender and the nature of consequences in the form of loss or damage to the victim, the presence of guilt of the offender.

A person committed an administrative offense shall be liable under the law in force at the time and place of the administrative offense. Administrative offense is a wrongful, guilty action (inaction) of a natural or legal person for whom the Code of Administrative offense defined administrative responsibility. In the field of information applicable law provides significant list of administrative measures applied to offenders.

The criminal legislation of Kazakhstan establishes a significant number of rules, according to which the acts committed in the field of information are recognized as criminally liable. These norms are dispersed in the following sections of the Criminal Code: crimes against freedom, honor and dignity of the person, crimes against the constitutional rights and freedoms of the person and citizen, crimes against property, crimes in the sphere of economic activity, crimes against public safety, crimes against the constitutional order, crimes in the field of computer information, crimes against the peace and security of mankind. Criminal penalties associated with the information, directly or indirectly, are set for such acts as defamation, insult, violation of privacy, violation of the secrecy of correspondence, telephone conversations, postal, telegraph and other communications knowingly false advertising, et al. [3].

It must be said that the international community has paid attention to the problem of legal regulation of information relations, Internet before. In particular, under the auspices of the UN Commission on International Trade Law (UNCITRAL) and the Council of Europe adopted: Model Law on Electronic Commerce in 1996, the Electronic Signatures in 2001, the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data in 1981, on cybercrime in 2001, the directive concerning the processing of personal data and the protection of privacy in the electronic communications sector in 2002, and others [4].

A special place in information — media relations takes the Republic of Kazakhstan's Law of July 10, 2009 «On amendments and additions to some legislative acts of the Republic of Kazakhstan on the issues of information and communication networks», or, as it is listed by name in abbreviated form, the «Law on the regulation of the Internet». The changes were only in fifteen laws. «Online Resources» are equated to the media with all its consequences on limiting the spread of illegal content and possible unpleasant consequences for violators. only the court has the right to make decision to impose sanctions, including the extreme — the suspension or discontinuance of the media.

An important role in the conscious design of information processes plays the right, by which not only the existing relationship governed by, but there is an expansion of the scope of information which is dictated by the needs of society [5].

In the Concept of Legal Policy of the Republic of Kazakhstan for the period from 2010 to 2020, an important task of national law is identified: it is the definition of the basis of the state system for protecting information and the main threats in this area. In this regard, it is important to develop mechanisms for implementing a unified state policy in the field of information security. As a result, the Ministry of Information and Communication of the Republic of Kazakhstan, in conjunction with state bodies, including the Ministry of Internal Affairs of the Republic of Kazakhstan, is carrying out joint work to counter threats to national information security.

Along with this, the following were adopted: the Information Security Concept until 2016, the State Program «Information Kazakhstan 2020, whose goal is to safeguard the interests of society and the state in the information sphere, protect the constitutional rights of man and citizen, and create conditions that ensure the transition of Kazakhstan to the information society.

At present, information technologies in Kazakhstan are developing at a high pace, digitalization of the information space — communication networks and mass media (media) is taking place [6].

As a result of the rapid development of the processes of informatization of society and the state, incl. ahead of the development of «e-government», in Kazakhstan there are prerequisites for building an information society. Thus, according to the rating of countries' readiness to use e-government technologies of the United Nations for 2010, Kazakhstan ranked 46 out of 192 countries (81 in 2008).

The state program «Information Kazakhstan 2020» set the following tasks: the practical implementation of «e-government»; adoption of special legislation on «e-government»; development of standards for the provision of public electronic services; development of a three-level standard scheme of «electronic akimat»: oblast, city, district». There is a need to develop innovative forms of access to intellectual information, radically expand the fund of the Kazakh National Electronic Library.

An important direction of the state program should be the modernization of the domestic media. The media sphere should work on the basis of clear standards of the national Code of Journalistic Ethics, as well as legal norms protecting the consumer from distorted and unreliable information [7].

In addition, work should continue on the promotion of global information on Kazakhstan using the most up-to-date information technologies. In particular, it is necessary to expand the geography of information flows from Kazakhstan to the countries of East Asia and the Muslim world.

Modern information technologies are being intensively introduced into all spheres of society's life and activity. The national and economic security of the state begins to depend directly on ensuring information security. That is why, in order to create guarantees to ensure the necessary durability of information protection means, the state assumes responsibility for licensing the activities of organizations engaged in information protection and certification of relevant technical means. Today's level of protection from external information threats in global open networks can not be considered satisfactory: there is still no comprehensive and technically sound strategy in this area in Kazakhstan. In order to change the situation, a set of measures in the field of legislation and standardization of the means providing information security of Kazakhstan should be urgently developed and implemented. The priority tasks in this direction are:

• – adoption of a special law similar to the «Computer Security Act» in the United States, which imposes on the specific state structures responsibility for methodological support of work in the field of information security;
• – development of unified approaches to ensuring security for organizations of different profiles, size and patterns of ownership;
• – ensuring the appearance on the market of a sufficient number of various certified tools for solving information security problems [8].

One of the problems in the field of information security in Kazakhstan is the lack of official documents with detailed recommendations for building secure information systems similar to those developed, for example, by the American Institute of Standard Technologies (USA) and the British Standard. Although there are no regulations in the UK that require the implementation of government standards, about 60 % of British firms and organizations voluntarily use the developed standard, and the rest intend to implement its recommendations in the near future.

Licensing and certification in the field of information security systems can reduce the severity of this problem. It is necessary to create a guarantee to the user that the information protection tools used by him can provide the necessary level of protection. It is licensing that can contribute to the fact that the problem of information protection will be dealt with only by highly qualified specialists in this field, and the products they create will be at the appropriate level and will be able to pass certification [9].

The Internet sharpens any security problem in the network environment to the limit, and if earlier one could ignore the development of information technology, world experience and international legislation in the field of information and communications security, now it is impossible to afford this. The Internet conducts a strict selection, it has its own system of licensing and certification.

Taking into account the requirements of information security and the world practice of activities in the field of information protection, it seems advisable to join Kazakhstan to the established systems of international standardization and certification of information technologies, which in practice means:

• bringing national and industry standards in line with international standards;
• participation of representatives of the Republic of Kazakhstan in international certification systems (including certification tests);
• the possibility of recognizing international certificates in Kazakhstan.

In addition, according to the current legislation, any organization engaged in the collection and processing of personal data (for example, operations with plastic cards) must have a license to engage in such activities and use certified means for this [10].

There are serious problems of ensuring the information security of banks, which have not yet found their solution. For example, how to ensure a secure exchange of information with the representative office of the bank abroad? Here there is a legal conflict, according to which, on the one hand, domestic remedies abroad can be exported only by special permission, and on the other hand, it is possible to use foreign-made protection equipment that has only passed Kazakhstan certification, and there are none.

The dynamics of the development of information technologies in the socio-economic and cultural life of society and the state exposes increased requirements to the solution of information security issues.

Ensuring the information security of the state requires the use of an integrated approach that includes organizational, technical, programmatic, social mechanisms that can realize the constitutional rights and freedoms of the individual and citizen in the field of obtaining information, using it to protect the constitutional order, sovereignty and territorial integrity of the Republic of Kazakhstan, economic and social stability, law and order, development of mutually beneficial international cooperation information security.

The main normative and legal act regulating relations in the sphere of ensuring security in Kazakhstan is the Law of the Republic of Kazakhstan «On National Security», which regulates legal relations in the field of national security of the Republic of Kazakhstan and defines the content and principles of ensuring the security of the individual and citizen, society and the state, system, goals and directions of ensuring national security of the Republic of Kazakhstan. Among the types of national security, information security is singled out as a separate type. Information security is the state of the security of the information space of the Republic of Kazakhstan, as well as the rights and interests of the individual and citizen, society and the state in the information sphere against real and potential threats, which ensures the sustainable development and information independence of the country [11].

In Article 6 of this law, among the main threats to national security are determined the following: reducing the level of protection of the information space of the country, as well as national information resources from unauthorized access; information impact on the public and individual consciousness associated with the deliberate distortion and dissemination of unreliable information to the detriment of national security. Accordingly, the level of security determines the quality of national security, allowing to assess the effectiveness of measures to prevent modern threats and measures to prevent and eliminate them. In the field of the information space, these threats are especially dangerous, because it is through the information that an individual is formed about the world around him, his worldview and motivations for certain actions.

Thus, the legal provision of information security as an activity is aimed at countering threats to the security of the main objects of national interests in the information sphere. Structurally, it includes an independent direction of legal regulation, an independent field of legal science and a system of training courses. Each of the selected components of the legal provision of information security is based on a certain system of principles and is used to solve the tasks of the system of methods inherent in it. Information security from the point of view of this research should be considered as a state of protection of the information space of the Republic of Kazakhstan in the first place. Secondly, it is the protection of the rights and interests of the individual and citizen, society and the state in the information sphere from real and potential threats, when sustainable development and information independence of the country is ensured. Legal maintenance of the state of security and activities to counter and prevent threats is the main condition for the activities of the modern state.

References

1. Constitutsiia Respubliki Kazakhstan. Priniata na respublikanskom referendume 30 avhusta 1995 hoda [The Constitution of the Republic of Kazakhstan on August 30, 1995]. adilet.zan.kz. Retrieved from http://adilet.zan.kz/rus/docs/K950001000 [in Russian].
2. Zakon Respubliki Kazakhstan «O borbe s korruptsiei» 2 iiulia 1998 hoda [The Law of the Republic of Kazakhstan «On Combating Corruption» on July 2, 1998]. adilet.zan.kz. Retrieved from http://adilet.zan.kz/rus [in Russian].
3. Zakon Respubliki Kazakhstan «O protivodeistviі korruptsii» [The Law of the Republic of Kazakhstan «On Counteracting Corruption» 01/01/2016]. adilet.zan.kz. Retrieved from http://adilet.zan.kz/rus [in Russian].
4. Poslanie Prezidenta Respubliki Kazakhstan — Lidera natsii N. Nazarbayeva narodu Kazakhstana «Stratehiia «Kazakhstan – 2050» Novaia politika slozhivshehosia hosudarstva [Message of the President of the Republic of Kazakhstan — the leader of the nation N. Nazarbayev to the people of Kazakhstan «Strategy «Kazakhstan – 2050» New policy of the established state]. Kazakhstanskaia pravda ot 02.02.2016 — Kazakhstan's truth from 02.02.2016. Retrieved from # 40-41 http: // www@zakon.kz [in Russian].
5. Zakon Respubliki Kazakhstan «Ob informatsii» ot 8 maia 2003 h. [Law of the Republic of Kazakhstan «On Information» from May 8, 2003]. Yuridicheskoe rukovodstvo «Zakonodatelstvo 2016» — Legal Guide «Legislation 2016» [in Russian].
6. Ukaz Prezidenta Respubliki Kazakhstan «O kontseptsii informatsionnoi bezopasnosti» Respubliki Kazakhstan do 2016 hoda» [Decree of the President of the Republic of Kazakhstan «On the Concept of Information Security of the Republic of Kazakhstan until 2016»]. Retrieved from www.egov.kz [in Russian].
7. Hosudarstvennaia prohramma «Informatsionnyi Kazakhstan – 2020» [State program «Information Kazakhstan – 2020»]. Retrieved from www.egov.kz [in Russian].
8. Dmitrienco, T.A. (2015). Obespechenie informatsionnoi bezopasnosti i razvitie informatsionnoi infrastructury Respubliki Kazakhstan [Maintenance of information security and development of the information infrastructure of the Republic of Kazakhstan]. Informatsionno-analiticheskii zhurnal «ANALYTIC» — Informational and analytical magazine «ANALYTIC», 5, 12–14 [in Russian].
9. Streltsov, A.A. Aktualnye problemy obespecheniia informatsionnoi bezopasnosti [Actual problems of ensuring information security]. Tekhnolohii bezopasnosti — Security technologies, 11, 54 [in Russian].
10. Informatsionnaia bezopasnost. Ofitsialnyi sait Komiteta natsionalnoi bezopasnosti Respubliki Kazakhstan [Information security. Official site of the Committee of National Security of the Republic of Kazakhstan]. knb.kz. Retrieved from knb.kz [in Russian].
11. Zakon Respubliki Kazakhstan ot 6 yanvaria 2012 h. No. 527-IV «O natsionalnoi bezopasnosti Respubliki Kazakhstan» [Law of the Republic of Kazakhstan] dated January 6, 2012 No. 527-IV «On the National Security of the Republic of Kazakhstan»]. (2014). Kazakhstanskaia pravda — Kazakhstan's truth, January, 17, 19–20 (26838–26839) [in Russian].