awareness of students and staff to avoid inadvertently causing others inconvenience
through disclosure of data; to avoid breaking the law; to avoid causing the University
financial and reputational damage. This document being issued by the University’s
authorities can regulates the NANO level – the information and cyber security of a
natural person.
CONCLUSION
The above results of the research prove that the complex of scientific and
methodological knowledge gathered during systemic analysis of the legal regulation of
information security might be considered the methodological grounds of the latter. The
authors assume that it will help to diminish the gap between the dynamically
developing information societies and their information security legislation. Moreover,
the usage of main principles of the systemic approach can hardly be effective without
a common terminological environment.
The authors are using the multilevel approach to work out the structure of
information security legislation. It has been described by means of levels hierarchy,
interrelations between them and their general functioning mechanisms, as follows:
MEGA level – for international level, META level – for national one, MACRO – for
state one, MEZO – for the level of region (municipal), MICRO – for the level of legal
entity, and NANO – for the level of a natural person.
Therefore, by means of systemic multilevel approach we suggest considering the
legislation on provision of information security to be a dynamic multifunctional
structure with backlinks, which components are structured by levels and are
interrelated, producing synergetic effect and aiming at legal provision of information
security.
Systemic ranging of legal acts to different levels enables to take into account the
peculiarities of their implementation both in the level of functioning of the society and
in the level of national interests. Moreover, interpretation of legal provision of
information security of the cyber space of Ukraine and the EU as a system enables to
schematize them and to introduce a certain methodologic basis.
The suggested methodology is represented in a definite model of information
security implementation which is used in the certain level. The model aims at the
creation of System of Information Security Provision and implementation of System
of Information Security Management. Special attention is paid to a specific content of
the information security policy of the described information system.
Application of the systemic approach to legislation provision of the information
security is implied to enable the preempting legal reaction to dynamic changed taking
place in cyber space.
- 1044 -