ORDER OF THE GOVERNMENT OF THE REPUBLIC OF KAZAKHSTAN

of June 30, 2017 No. 407

About approval of the Concept of the cyber security ("Kibershchit Kazakhstan")

For the purpose of implementation of the Presidential decree of the Republic of Kazakhstan of February 15, 2017 No. 422 "About measures for implementation of the Message of the Head of state to the people of Kazakhstan of January 31, 2017 "The third upgrade of Kazakhstan: global competitiveness" DECIDES: the Government of the Republic of Kazakhstan

1. Approve the enclosed Concept of the cyber security ("Kibershchit Kazakhstan") (further – the Concept).

2. To the central state bodies of the Republic of Kazakhstan:

1) to take necessary measures for implementation of the Concept;

To represent 2) once a half-year no later than the 10th following reporting half-year, information in the Ministry of digital development, innovations and the aerospace industry of the Republic of Kazakhstan about the course of implementation of the Concept.

3. To the ministry of digital development, innovations and aerospace industry of the Republic of Kazakhstan:

1) in three-months time to develop the Actions plan on implementation of the Concept and in the procedure established by the legislation to submit for consideration in the Government of the Republic of Kazakhstan;

2) to represent two times a year, by July 25 and on January 25, summary information on the course of implementation of the Concept to Government office of the Republic of Kazakhstan.

4. To impose control of execution of this resolution on the Ministry of digital development, innovations and the aerospace industry of the Republic of Kazakhstan.

5. This resolution becomes effective from the date of its signing.

Approved by the Order of the Government of the Republic of Kazakhstan of June 30, 2017 No. 407

Concept of the cyber security ("Kibershchit Kazakhstan")

Content

1. Introduction

2. Analysis of the current situation

3. International experience

4. The purpose, tasks expected results and the period of realization

5. Basic principles and approaches

6. The list of regulatory legal acts by means of which implementation of the Concept is supposed

1. Introduction

The concept of the cyber security ("Kibershchit Kazakhstan") (further – the Concept) is developed according to the President's letter of the Republic of Kazakhstan "The third upgrade of Kazakhstan: Global competitiveness" taking into account Strategy approaches Kazakhstan-2050 on inclusion of Kazakhstan into number of 30 most developed states of the world.

The concept is based on assessment of the current situation in the field of informatization of state bodies, automation of the state services, perspectives of development of "digital" economy and technological upgrade of production processes in the industry, expansion of the sphere of rendering information and communication services.

The concept determines the main directions of realization of state policy in the field of protection of electronic information resources, information systems and networks of telecommunications, ensuring safe use of information and communication technologies (further – ICT).

The concept is designed to provide unity of approaches to monitoring of information security support of state bodies, physical persons and legal entities, and also development of mechanisms of warning and rapid response to incidents of information security, including in the conditions of emergency situations of social, natural and technogenic nature, introduction of emergency or warlike situation.

In case of development of the Concept the international experience in area of forming of approaches to protection of national information and communication infrastructure of the leading states in the field of development and use of information and communication technologies, and the countries aiming to broaden the sphere of their application for goal achievement of social and economic development is studied.

Accomplishment of this Concept will serve further upgrade of the Kazakhstan society and will become contribution of Kazakhstan to implementation of the Global program of cyber security of the UN.

Terms and determinations

For the purposes of this Concept cyber security is understood condition of security of information electronically and circles as its processings, storages, transfers (electronic information resources, information systems and information and communication infrastructure) from external and internal threats, that is information security in the field of informatization.

Information protection or electronic information resources and information systems – complex of the physical, technical, program, cryptographic and administrative measures aimed at information security support.

The classical model of information security is based on providing three information of attributes, significant for safety: confidentiality, integrity and availability.

Confidentiality of information means that only strictly narrow group of people determined by its owner can get acquainted with it.

If the information access is got by unauthorized person, there are illegal access or violation of confidentiality.

For some types protected by the law or the owner of information types confidentiality is one of the most important attributes (office information, types of secrets, personal data of limited access protected by the law, for example, the information about clients of bank, creditors tax supplied, the information of medical institutions on the state of health of patients etc.).

Integrity of information – capability of information (data) to remain in undistorted type. The unauthorized and not provided by the owner changes of information (as a result of error of the operator or deliberate action of unauthorized person) lead to integrity violation.

Integrity of the data connected with functioning of objects of critical information and communication infrastructure is especially important (for example, automated control systems for air traffic, electro and power supply and so on).

Availability of information is determined by capability of information system to provide timely easy access to information to the subjects having appropriate authority. Destruction or blocking of information (as a result of error or deliberate action) lead to availability loss.

Availability – important attribute for functioning of the information systems oriented to customer service by provision of information and communication services (information systems of sale of railway and aviation tickets, banking services, distribution of products Internet resources and electronic media on the Internet). Situation when the authorized user cannot get access to certain services (most often network), call failure in servicing.

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info