DOI: 10.7256/2454-0668.2023.2.40068
EDN: ALNSVX
Received:
24-03-2023
Published:
31-03-2023
Abstract:
The article is devoted to the theoretical and methodological foundations of ensuring the information security of the state. Information wars in the global information space have become an urgent threat to the security and sovereignty of Russia. The article is devoted to the analysis of the theoretical foundations and methodology of studying the mechanism of ensuring information security, disclosure of essential features, the structure of the outlined category. Revealing the essential aspects of information security, the level of its provision in Russia is investigated. The purpose of the work is to assess the effectiveness of state program-targeted planning in the field of information security, to identify problem areas in this area. The article provides an overview of regulatory documents regulating information security issues. A special contribution to the author's research is that the specificity of the system of special methods in the topic under study is manifested in the complementarity of regulation determined by key vectors. At the same time, the key methodological function of information law is the formation of a set of tools purposefully designed to regulate relations in the information sphere in accordance with the objective laws of the dynamic development of the global information society and the existing state policy of digitalization. At the same time, the set of legal methods of regulating public relations in connection with countering threats and challenges to the security of the individual, society and the state in the information environment, based on the methods, are transformed based on the specifics of the subject area.
Keywords:
information law, methodology, theory of law, information security, digitalization, legislation, threats and risks, legal regulation, legal support, information society
This article is automatically translated.
Illegal use of information becomes an urgent problem in the XXI century, when the level of informatization of society, if it has not reached its peak, then has disproportionately high indicators in comparison with the last century. In this regard, the Decree of the President of the Russian Federation "On the Strategy for the development of the Information Society in the Russian Federation for 2017-2030" was adopted, in which information security was indicated as one of the directions of development of Russian information and communication technologies [1]. All these aspects pose new questions to the legislator, law enforcement officers and scientists, for the resolution of which it may be worth reviewing some provisions of the existing concept of information security, as well as rethinking the meaning of certain theoretical and legal phenomena and concepts within the framework of science and the field of information law. Law in the field of information security, being a sub-branch within the framework of information law, occupies a special place in the system of norms of this legal branch [2, p. 4]. If back in the XX and the beginning of the XXI century it was possible to have discussions about the existence of an information law branch within the framework of the Russian law system, at the moment the existence of this branch is already an objective given and in general does not require such a broad discussion [3, p. 13]. Nevertheless, this does not prevent some authors, without recognizing the existence of an established and already formed branch of information law, to assert only about the process of its origin and formation at the moment [4, p. 47]. The factor that determined the independence of the information law branch is the special nature of information legal relations [5, p. 140]. The relations arising within the framework of information law and constituting its subject, according to A.A. Chebotareva, have the following specific features: 1) they arise, change and stop when information is accessed; 2) these relations are formed about objects having a certain specificity, which include information, information objects, information technologies, and phenomena to which information rights and obligations are directed" [6, p. 30]. According to the position of I.L. Bachilo, the subject of information law includes relations expressed in: 1) information with a variety of forms of its manifestation and information resources formed on this basis; 2) means and technologies of working with information (information technologies - the potential of ICT); 3) means and technologies of communication of information over communication networks" [7, p. 23]. As you can see, the subject of information law is not limited to relations related only to the information itself, but assumes a broader list of relations, which includes, among other things, relations expressed in information systems designed to work with information, as well as in other objects to which information rights and obligations are directed. The complex nature of information law has predetermined the duality of information legal relations, which include both private law and public law aspects. The specific weight of the private law aspect of information legal relations, as it may seem, has been reduced due to the exclusion of information from the list of objects of civil rights enshrined in Article 128 of the Civil Code of the Russian Federation [8]. However, many other articles of the Civil Code of the Russian Federation repeatedly mention information as, if not an object of civil law, then a separate legal category, an object of legal relationship. Thus, Articles 726, 727 of the Civil Code of the Russian Federation regulate the procedure for transmitting information to the customer, as well as the confidentiality regime of information received by the parties. Article 1045 of the Civil Code of the Russian Federation mentions the right of a party to a simple partnership agreement to information. In addition, in paragraph 1 of Article 1465 of the Civil Code of the Russian Federation, the concept of one of the objects of means of individualization (production secret) is disclosed as "information of any nature (production, technical, economic, organizational and others)", which is consistent with the concept of information enshrined in Federal Law No. 149-FZ of July 27, 2006 "On information, information technologies and information protection": information (messages, data) regardless of the form of their presentation [9]. Thus, the civil-legal aspect of information legal relations consists in the use of information within the framework of contractual and other civil-legal relations (including intellectual property objects) between subjects of civil law. Subjects of law enter into these legal relations on a dispositive basis, that is, on the basis of legal equality and freedom of expression. In this regard, such legal relations can be called horizontal (coordination). The public-legal aspect of information legal relations consists in the application of administrative and legal methods of regulation to ensure guarantees of the exercise of information rights and freedoms. Within the framework of this aspect, the state-management impact on information legal relations is implemented through the application of power regulations and prohibitions designed to ensure proper observance and protection of the rights of subjects of information law, as well as strengthening the sovereignty of the state in the information space.
Considering the methodological basis, it can be noted that the problem of the method of legal regulation of information security has been the subject of research by many scientists, most of whom consider classical methods of regulation in the context of public law relations [10, p. 105]. Some scientists note that the specifics of legal relations in connection with information security, determined by the interests of many subjects, are determined by the influence of the specifics of security in other areas on legal regulation, in particular through the application of technical and organizational measures. The legal provision of information security as a sub-branch of information law is characterized by a complex method of legal regulation, integrating elements of imperative and dispositive methods of regulation. However, it is easy to notice that information and legal relations in the field of information security to a large extent have public-legal characteristics rather than private-legal ones, since they directly affect relations in the field of protection and protection of objects of information law. Thus, the Law on Personal Data applies both imperative and dispositive norms. Dispositive regulation, as mentioned above, for example, is applied in Article 6 of this Law. The method of mandatory regulation is used in a variety of norms of the Law on Personal Data, including the provisions of Article 14, which establishes the grounds for restricting the right of a subject to access to his data [11]. Nevertheless, within the framework of legal provision of information security, there is also the use of a dispositive method of legal regulation. Thus, in Part 3 of Article 6 of Federal Law No. 152-FZ of July 27, 2006 "On Personal Data", the personal data operator has the right to entrust the processing of personal data to another person. However, the exercise of this right is made dependent on the consent of the subject of personal data. Consequently, it can be concluded that within the framework of legal provision of information security, the methods of dispositive and imperative regulation generally accepted in the science of information law are used, with the latter prevailing [12, p. 21]. It is worth noting that the relations arising in the field of information security are of a diverse nature, which makes it possible to apply a variety of methods of legal regulation used in various branches of Russian law. Thus, when creating intellectual property objects (for example, know-how), civil law methods are used, when protecting employee's personal data, labor law methods are used, and when state control (supervision) over the processing of personal data, administrative law methods are used. Much less often there is a recommendation method of legal regulation. Usually this method is used when establishing recommended samples (forms) of documents. One of the examples of its use within the framework of the law in the field of information security is the recommended sample of the certificate of conformity of the means of information protection [13]. Legal relations in the field of information security are primarily the subject of regulation of the Law on Information, however, this regulatory legal act does not exhaust the list of sources of law in the field of information security. The norms related to the regulation of information security are contained in Article 16 of this law, which is referred to as "information protection". Meanwhile, it should be emphasized that the concepts of "information security" and "information protection" are far from identical, since the latter is a special case of the former. As we noted earlier, this is due to the variety of relations included in the subject of information law. At the same time, the set of legal methods of regulating public relations in connection with countering threats and challenges to the security of the individual, society and the state in the information environment, based on methods, are transformed based on the specifics of the subject area, forming a unique, interconnected and interdependent array of techniques and methods characteristic of the legal provision of information security as a complex and intersectoral education, aimed at achieving national interests in the information sphere in modern conditions of digitalization [14, p. 92]. Thus, the specificity of the system of special methods in the topic under study is manifested in the complementarity of regulation determined by key vectors. At the same time, the key methodological function of information law is the formation of a set of tools purposefully designed to regulate relations in the information sphere in accordance with the objective laws of the dynamic development of the global information society and the existing state policy of digitalization.
References
1. Decree of the President of the Russian Federation No. 203 dated May 9, 2017 "On the Strategy for the development of the information Society in the Russian Federation for 2017-2030" // SZ RF. 2017. No. 20. St. 2901.
2. Lovtsov D.A. Theoretical foundations of the systemology of information law // Information law. 2014. No. 2. pp. 4-13.
3. Polyakova T.A. Legal provision of information security in building an information society in Russia: Diss. ... Dr. yurid. sciences': 12.00.14 / Polyakova Tatiana Anatolyevna. M.: Russian Legal Academy. Ministry of Justice of the Russian Federation, 2008. – 438 p.
4. Aryamov A.A., Rueva E.O. Digital law as an object of criminal law protection // Russian Justice. 2020. No. 1. pp. 45-47.
5. Information law: A textbook for university students studying in the specialty 021100 "Jurisprudence" / edited by I.Sh. Kilyaskhanov. M.: UNITY-DANA, Law and Law, 2004. – 335 p.
6. Chebotareva A.A. Legal provision of personal information security in the global information society: Diss. ... Dr. yurid. sciences': 12.00.13 / Chebotareva Anna Aleksandrovna. Moscow: IGP RAS, 2017. – 472 p.
7. Bachilo I. L. Information law: textbook for academic bachelor's degree / I. L. Bachilo. — 5th ed., reprint. and additional — M.: Yurayt Publishing House, 2017. – 419 p.
8. The Civil Code of the Russian Federation (Part one) of 30.11.1994 No. 51-FZ // Rossiyskaya Gazeta, No. 238-239, 08.12.1994.
9. Federal Law No. 149-FZ of 27.07.2006 "On Information, Information Technologies and Information Protection" // Rossiyskaya Gazeta, No. 165, 29.07.2006.
10. Bachilo I.L. Information Law: Textbook. 2nd ed., reprint. and additional M.: Yurayt, 2011. – 522 p.
11. Federal Law No. 152-FZ of July 27, 2006 "On Personal Data" // SZ RF. 2006. No. 31 (part 1). Article 3451.
12. Gorodov O.A. Information law: Textbook. M.: Prospect, 2007. – 242 p.
13. Order of the FSTEC of Russia dated 03.04.2018 No. 55 "On approval of the Regulations on the certification system of information protection means" (Registered with the Ministry of Justice of Russia on 11.05.2018 No. 51063) // Official Internet Portal of legal Information http://www.pravo.gov.ru , 14.05.2018.
14. Minbaleev A.V. Characteristics of the method of legal regulation (on the example of the method of information law) // Bulletin of the South Ural State University. Series: Law. 2013. No. 2. Vol. 13. pp. 91-94
Peer Review
Peer reviewers' evaluations remain confidential and are not disclosed to the public. Only external reviews, authorized for publication by the article's author(s), are made public. Typically, these final reviews are conducted after the manuscript's revision. Adhering to our double-blind review policy, the reviewer's identity is kept confidential.
The list of publisher reviewers can be found here.
The subject of the study. An article submitted for review, prepared on the topic: "Theoretical and methodological foundations of information security", as the subject of the study, has an analysis of the theoretical and methodological foundations of the Institute of Information Security as part of information law. Research methodology. In the course of the work, modern methods of scientific cognition, both general scientific and private, were used. The methodological apparatus of the article consists of the following elements of analysis: diachronic and synchronous, internal and external comparison, formal legal method, as well as dialectical methods of scientific cognition: analysis, abstraction, induction, deduction, hypothesis, analogy, synthesis, historical and theoretical-prognostic. The relevance of research. Information security issues as components of the national security of the state are very relevant at the present stage. The Institute of Information Security is designed to ensure the preservation of state, military and other secrets of the Russian Federation, protect information and telecommunications infrastructure, information technologies and information systems from cybercrime, and stimulate the necessary level of scientific and technical developments. For these reasons, a correct theoretical and methodological approach will contribute to the effectiveness of various measures ensuring information security. Scientific novelty. It cannot be said that the topic of the article is new to legal science. Many experts in the field of information law dealt with information security issues: Y.M. Baturin, I.L. Bachilo, T.A. Polyakova, P.U. Kuznetsov, V.B. Naumov, A.A. Smirnov, A.V. Minbaleev, A.A. Streltsov, etc. In the aspect of studying the theoretical and methodological foundations of information security, there are publications by Yu.A. Belevskaya and A.P. Fisun. Not all of these scientists are referred to by the author of the reviewed article. However, it cannot be denied that the work done by the author of this article contains certain elements of scientific novelty. Style, structure, content. The work is written in a scientific style. Special legal terminology is used, both from the general theory of law and from information law. However, the author makes grammatical and stylistic mistakes in his work: for example, in the paragraph "A recommendation method of legal regulation is much less common. This method is usually used to establish recommended samples (forms) of documents. One example of its use within the framework of law in the field of information security is the recommended sample of the certificate of conformity of the information security tool" the adjective recommended is repeated 2 times and 1 time is recommended, i.e. once in each sentence of this paragraph. The author uses the term "normative legal act" instead of "normative legal act", etc. The article is logically structured, although there is no formal division into separate parts. The introduction should be finalized, substantiate the relevance, show the practical significance and scientific novelty of this particular topic chosen by the author. The content of the topic is not fully disclosed. So, if the "methodological foundations" are analyzed, then the second component, the "theoretical foundations" of information security, contains only fragmentary mentions in the article. It is unclear what the author means by writing "the concept of information security", I would like to know his opinion. It would also be nice to show how the categories "concept" and "theoretical and methodological foundations" of information security relate. Further, the relevance of the author's lengthy arguments on the independence of information law as a branch of law in this article is questionable. Bibliography. It can be noted that the author has not studied the publications of recent years on the topic. The last work in the bibliography list is dated 2020. Which clearly raises a question for the readership: is the topic relevant? Bibliographic sources are designed in violation of GOST requirements. Appeal to opponents. The article contains appeals to opponents. The author makes an attempt to argue his position, being critical of opposing opinions (in particular, about the independence of information law). It can be noted that there are certain branches of law that have "spun off" for a long time, but discussions about their independence or dependence have not stopped so far (for example, family law). I would like to see arguments in favor of the author's position in the article. The borrowings in the article are decorated with links to the source of the publication. Conclusions, the interest of the readership. The article "Theoretical and methodological foundations of information security" needs to be finalized, does not meet all the requirements for scientific publications. The topic is relevant, so in principle it may be of interest to the readership.
|