Information Protection in Telecommunication Systems” [49] etc. The macro level also
includes acts of institutional character which maintain the competences of state
authorities for the provision of national security in information and other fields of
functioning of the state, society and person, e.g. “On National Security” [46], “On
Security Service of Ukraine” [48], “On the State Service for Special Communications
and Information Protection of Ukraine” [42].
MEZO is for legal acts of regional (municipal) authorities (e.g. [33]), and the legal
acts of higher legal force that regulate their competences in terms of prompt solutions
for national security provision, including cyber one as well. These regulations are
binding for all the legal entities, their officials and citizens on the territory subordinate
to the mentioned authority.
MICRO covers both local acts of legal entities on information security provision
of a definite enterprise or organization and legal acts of higher legal force that regulate
their competences in terms of prompt solutions for information and cyber security
provision, e.g. “Information technologies. Cryptographic protection of information.
Elliptic Curve Digital Signature. State Standard of Ukraine 4145-2002” [15], Order of
the State Service of Special Communications and Information Protection of Ukraine
“On Ratification of Regulations on the Development, Production and Usage of
Cryptographic Information Protection Means” [26] and “On Ratification of
Requirements to formats, structure and protocols of secure means of digital signature”
[25], Methodic Recommendations on the Organization and Technical Actions of State
and Private Notaries in the Field of Usage of Common and State Registrars of Ukraine
[23], Regulation of the National Bank of Ukraine “On Ratification of Regulations on
the Provision of Continuous Functioning of Information Systems of the National Bank
of Ukraine and banks of Ukraine” [30].
NANO is represented by regulations of any legal force (all the higher levels of the
hierarchy) that are related to the information security of a natural person and
personality in conceptual and applied sense (e.g. the European Parliament and the
Council’s General Data Protection Regulation [27], the Law of Ukraine “On Personal
Data Protection” [50]).
Nowadays Ukrainian legislation on information security is patchy and uneven.
Some spheres of MEZO, MICRO and NANO levels are just developing (so called stage
of strategic planning, when adoption of a regulation is included in the strategic
documents of macro and meta levels, for instance: Draft Regulation of the Cabinet of
Ministers of Ukraine “On Ratification of Regulations on the Methods of Forming of
the Units of Critical Information Infrastructure, Algorithm of Including of the Units of
Critical Information Infrastructure to the State Registrar of the Units of Critical
Information Infrastructure, its creation and functioning” [31]). The other issue is that
- 1040 -