+38 (044) 454-07-92
info@ligabezinfo.org
info@ligabezinfo.org
LEGAL FRAMEWORK
LIST OF LEGISLATION DOCUMENTS ABOUT CYBERSECURITY IN UKRAINE
Legislative and conceptual acts
- Law of Ukraine "On the Basic Principles of Cyber Security of Ukraine".
- Resolution of the Cabinet of Ministers of Ukraine "On approval of general requirements for cyber protection of critical infrastructure".
- Law of Ukraine "On Information".
- Law of Ukraine "On protection of information in information and telecommunication systems".
- Law of Ukraine "On State Secrets".
- Law of Ukraine "On electronic documents and electronic document management".
- The doctrine of information security.
- Law of Ukraine "On National Security of Ukraine".
- Article 15 of the Constitution of Ukraine. Control over the legality of cybersecurity measures in Ukraine.
- The concept of development of the digital economy and society of Ukraine for 2018-2020.
National Standards of Ukraine
- State standard of symmetric information encryption «Калина» (ДСТУ 7624: 2015).
- State hashing standard «Купина» (ДСТУ 7564: 2014).
- ДСТУ 4145: 2002 – electronic digital signature on elliptical curves.
Sectoral standardization of cybersecurity in Ukraine
- Resolution of the Cabinet of Ministers of Ukraine "On approval of general requirements for cyber protection of critical infrastructure".
- Memorandum of Cooperation and Cooperation in the Field of Cyber Security and Cyber Defense, aimed at preventing, detecting, effectively responding to and counteracting current cyber threats, raising the level of information security and situational awareness in the field of cyber security and cyber security.
- NERC Series of Critical Information Infrastructure Protection Standards.
- Resolution №95 "On the organization of measures to ensure information security in the banking system of Ukraine."
- Resolution of the NBU Board "On approval of the Regulation on information protection and cyber protection in payment systems".
- Resolution of the NBU Board "On approval of regulations on information security".
- Resolution of the Board of the NBU "On approval of the Rules for the organization of protection of electronic banking documents using the means of information protection of the National Bank of Ukraine".
LIST OF INTERNATIONAL STANDARDS, DOCUMENTS AND LEGISLATIVE REGULATIONS ABOUT CYBERSECURITY ISSUES
ISO / IEC series of standards
- ISO/IEC27000:2019 - Information technology — Security techniques — Information security management systems — Overview and vocabulary
- ISO/IEC 27001:2013 - Informationtechnology - Security techniques - Information security management systems - Requirements
- ISO/IEC 27002:2013/COR 2:2015 - Information technology — Security techniques — Code of practice for information security controls
- ISO/IEC 27003:2017 - Information technology — Security techniques — Information security management systems — Guidance
- ISO/IEC 27004:2016 - Information technology — Security techniques — Information security management ― Monitoring, measurement, analysis and evaluation
- ISO/IEC 27005:2018 - Information technology — Security techniques — Information security risk management
- ISO/IEC 27006:2015/AMD 1:2020 - Information technology — Security techniques — Requirements for bodie sproviding audit and certification of information security management systems
- ISO/IEC 27007:2020 - Information security, cybersecurity and privacy protection — Guidelines for information security management systems auditing
- ISO/IEC 15408-1:2009 - Common Criteria for Information Technology Security Evaluation
- ISO/IEC TS 27008:2019 - Методи безпеки - Вказівки для оцінки засобів контролю інформаційної безпеки
- ISO27032 – Information Technology. Methods of protection
- ISO 27035 – Incident management
- ISO 22301 – Business continuity management systems
- ISO31000 – Risk management
Other international standards
- Cybersecurity standard ANSI / ISA 62443
- Payment Card Industry Data Security Standard (PCI DSS)
- COBIT5 (Control Objectives for Information and Related Technologies) / Objectives of information and related technologies management
- COSOERM2017 enterprise risk management system
- TheCISCriticalSecurityControlsforEffectiveCyberDefensev7.1 / Important security measures Central Internet security to provide effective cybersecurity
- Microsoft Operations Framework (MOF) 4.0
European Union. General provisions on cybersecurity
- REGULATION (EU) 2019/881 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act)
- DIRECTIVE (EU) 2016/1148 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union
- COMMISSION RECOMMENDATION (EU) 2017/1584 of 13 September 2017 on coordinated response to large-scale cybersecurity incidents and crises
- COMMISSION RECOMMENDATION (EU) 2019/534 of 26 March 2019 Cybersecurity of 5G networks
- Resilience, Deterrence and Defense: Building strong cyber security for the EU
- DIRECTIVE 2002/58/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)
- REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCILof 27 April 2016on the protection of natural persons with regard to the processing of personal data and on the freemovement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
- COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL on Promoting Data Protection by Privacy Enhancing Technologies
- Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace
- Strengthening Europe’s Cyber Resilience System and Fostering a Competitive and Innovative Cybersecurity Industry
- CONVENTION ON CYBERCRIME 23.XI.2001
Cybersecurity in the field of critical infrastructure protection
- Communication from the Commission on a European Programme for Critical Infrastructure Protection
- A Framework Strategy for a Resilient Energy Union with a Forward-Looking Climate Change Policy
- Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection
- Commission Recommendation on cybersecurity in the energy sector
- Recommendations to the European Commissionfor the Implementation of Sector-Specific Rules for Cybersecurity Aspects
- Cybersecurity in the Energy Sector
- Cybersecurity in Finance
- Guidance on cyber resilience for financial market infrastructures
- Cyber Information and Intelligence Sharing Initiative
- NERC CIP Standards
- CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY ACT 2018
- NIPP 2013: Partnering for Critical Infrastructure Security and Resilience
- ExecutiveOrder 13636 — Improving Critical Infrastructure Cybersecurity
- Framework for Improving Critical Infrastructure Cybersecurity
Regulating cybersecurity issues in the United States
- Cybersecurity Information Sharing Act of 2015
- Health Insurance, Portability and Accountability Act of 1996
- Financial Modernization Act (Gramm-Leach-Bliley Act) of 1999
- Internal Security Act of 2002
- NIST Special Publication 800-82 – Guide to Industrial Control Systems Security
- NIST Special Publication 800-50 - Building an Information Technology Security Awareness and Training Program
- NIST Special Publication 800-40 - Guide to Enterprise Patch Management Technologies
- NIST Special Publication 800-53 – Security and Privacy Controls for Federal Information Systems and Organizations
- NIST Special Publication 800-63-3 – Digital Identity Guidelines
