Organizational and legal provision of information security of enterprises

Authors

DOI:

https://doi.org/10.31617/3.2023(127)05

Keywords:

enterprise information security, information with limited access, enterprise security service, corporate ethics.

Abstract

Introduction. Within the framework of European integration, the effectiveness of the work of national enterprises depends on the information security, and ultimately the degree of protection of the public interests of the country, the informational rights of people and citizens.

Problem. In the conditions of military and informational aggression against Ukraine, it is important to ensure organizational and legal infor­mation security of enterprises, which includes the analysis of the legislative framework in this area, as well as the study of person­nel who may become a source of information leakage.

The aim of the article is to assess the legal regulation of information security of enterprises from the point of view of their organizational component and to determine the threats of information leakage that may be created by the enterprise personnel in connection with access to confidential, secret and official information.

Methods. A number of philosophical, general scientific, special scientific principles and methods are used: dialectical, comparative analysis, systemic, analysis and synthesis, formal and legal.

Results. Normative and legal regulation of information security in Ukraine is ensured by the Constitution of Ukraine, a number of laws and other normative and legal documents.  

In order to eliminate dangers and threats to the company’s activity, it is necessary to analyse the external and internal environment of its activity and eliminate factors of a destructive nature. In this context, it is important to control the access of employees to work with documents and materials that contain information with limited access. Corporate ethics is also an important tool.

Conclusions. Ukraine managed to achieve certain successes in terms of normative and legal regulation of information security, although a number of shortcomings remained.

The use of modern personnel technologies allows enterprises to ensure information security. Employees who are guilty of disclosing information that is a commercial secret, in accordance with Part 6 of Art. 36 of the Civil Code of Ukraine bear responsibility established by law – disciplinary, material, civil, administrative or criminal. An important element of information security of enterprises is control, which is entrusted to its security service.

Author Biographies

Natalia BONDARENKO, State University of Trade and Economics

PhD (Law), Associate Professor, Associate Professor of the Department of Legal Security of Business

Olena SYTNICHENKO, State University of Trade and Economics

PhD (Law), Associate Professor, Associate Professor of the Department of Legal Security of Business

References

Kaljuzhnyj, R., & Bajev, O. (2009). Normatyvno-pravove zabezpechennja informacijnoi' bezpeky Ukrai'ny [Regulatory and legal provision of information security of Ukraine]. Pravova informatyka – Legal informatics, 4(24), 5-12 [in Ukrainian].

Shyra, T. (2016). Zagrozy kadrovoi' bezpeky pidpryjemstva Zagrozy kadrovoi' bezpeky pidpryjemstva [Threats to personnel security of the enterprise]. Ekonomika i suspil'stvo – Economy and society, 7, 532-535 [in Ukrainian].

Zubok, M. (2015). Informacijna bezpeka v pidpryjemnyc'kij dijal'nosti [Information security in business activities]. Kyi'v. GNOZIS [in Ukrainian].

Alijev, T. (2019). Jak pokaraty pracivnyka za rozgoloshennja komercijnoi' tajemnyci [How to punish an employee for disclosing a commercial secret]. Zarplata i kadry – Salary and personnel. https://uteka.ua/ua/publication/commerce-12-zarplaty-i-kadry-3-kak-nakazat-rabotnika-za-razglasheniekommercheskoj-tajny [in Ukrainian].

Galjuk, O. (2020). Shljahy pidvyshhennja kul'tury pidpryjemnyctva abo «korporatyvna etyka» jak zasib vyhovannja biznesmena [Ways of improving the culture of entrepreneurship or «corporate ethics» as a means of educating a businessman]. Galyc'kyj ekonomichnyj visnyk – Galician Economic Bulletin, 63 (2), 176-182 [in Ukrainian].

Konstytucija Ukrai'ny: Zakon vid 28.06.1996 № 254k/96. VR. Baza danyh «Zakonodavstvo Ukrai'ny». VR Ukrai'ny. [Constitution of Ukraine: Law of 28.06.1996 № 254k/96. VR. Database «Legislation of Ukraine». Verkhovna Rada of Ukraine]. https://zacon2.rada.gov.ua/laws/show (data zvernennja: 09.03.21) [in Ukrainian].

Zakon Ukrai'ny pro informaciju. Vidomosti Verhovnoi' Rady Ukrai'ny (VVR). 1992. №48. St. 650. Baza danyh «Zakonodavstvo Ukrai'ny». VR Ukrai'ny [Law of Ukraine on information. Information of the Verkhovna Rada of Ukraine (IVR). 1992. №48. Art. 650. Database «Legislation of Ukraine». Verkhovna Rada of Ukraine]. https://zakon.rada.gov.ua/laws/show/2657-12#Text (data zvernennja: 11.03.21) [in Ukrainian].

Pro nacional'nu bezpeku Ukrai'ny: Zakon Ukrai'ny vid 21.06.2018 r. № 2469-VIII [On the national security of Ukraine: Law of Ukraine dated June 21, 2018 № 2469-VIII]. (2018). Vidomosti Verhovnoi' Rady Ukrai'ny – Information of the Verkhovna Rada of Ukraine, 31 [in Ukrainian].

Pro dostup do publichnoi' informacii': Zakon Ukrai'ny vid 13.01.2011 r. № 2939-VI [On access to public information: Law of Ukraine dated January 13, 2011 № 2939-VI] (2011). Golos Ukrai'ny – Voice of Ukraine, 24. [in Ukrainian].

Cyvil'nyj kodeks Ukrai'ny. Zakon Ukrai'ny vid 16 sichnja 2003 r. № 435-IV. Verhovna Rada Ukrai'ny [The Civil Code of Ukraine. Law of Ukraine dated January 16, 2003 № 435-IV. Verkhovna Rada of Ukraine] https://zakon.rada.gov.ua/laws/show/435-15# [in Ukrainian].

Kryminal'nyj kodeks Ukrai'ny vid 5 kvit. 2001 r. [The Criminal Code of Ukraine dated April 5 2001] (2001). Vidomosti Verhovnoi' Rady Ukrai'ny – Information of the Verkhovna Rada of Ukraine, 25-26 [in Ukrainian].

Kodeks Ukrai'ny pro administratyvni pravoporushennja vid 7 grud. 1984 r. [Code of Ukraine on Administrative Offenses from December 7 1984] (1984). Vidomosti Verhovnoi' Rady Ukrai'ns'koi' RSR – Information of the Verkhovna Rada of the Ukrainian SSR, Додаток до № 51 [in Ukrainian].

Gospodars'kyj kodeks Ukrai'ny. Vidomosti Verhovnoi' Rady Ukrai'ny (VVR). 2003. №18. №19-20. №21-22. St.144. Baza danyh «Zakonodavstvo Ukrai'ny» [Economic Code of Ukraine]. (2003). Vidomosti Verhovnoi' Rady Ukrai'ny (VVR) St.144. Baza danyh «Zakonodavstvo Ukrai'ny». Vidomosti Verhovnoi' Rady Ukrai'ny – Information of the Verkhovna Rada of Ukraine, 18-22. https://zakon.rada.gov.ua/laws/show/436-15#Text (data zvernennja: 10.03.21) [in Ukrainian].

Kodeks zakoniv pro pracju Ukrai'ny vid 10.12.1971 № 322-VIII [Code of Labor Laws of Ukraine dated 10.12.1971 № 322-VIII]. https://www.rada.gov.ua/laws/show/322-08 [in Ukrainian].

Doktryna informacijnoi' bezpeky Ukrai'ny: zatverdzheno Ukazom Prezydenta Ukrai'ny vid 25 ljutogo 2017 roku № 47/2017 [Information security doctrine of Ukraine: approved by the Decree of the President of Ukraine dated February 25, 2017 № 47/2017]. https://www.president.gov.ua/documents/472017-21374 [in Ukrainian].

Strategija kiberbezpeky Ukrai'ny: zatverdzheno Ukazom Prezydenta Ukrai'ny vid 14 travnja 2021 №447/2021. Oficijnyj sajt Prezydenta Ukrai'ny [Cybersecurity Strategy of Ukraine: approved by the Decree of the President of Ukraine dated May 14, 2021 №447/2021. Official website of the President of Ukraine]. https://zakon.rada.gov.ua/laws/show/447/2021#Text [in Ukrainian].

Pro perelik vidomostej, shho ne stanovljat' komercijnoi' tajemnyci: Postanova KMU vid 09.08.93 r. № 611 [About the list of information that does not constitute a commercial secret: Resolution of the CMU of August 9, 1993. № 611]. https://zakon.rada.gov.ua/laws/show/611-93-%D0%BF#Text [in Ukrainian].

Gapak, O. (2021). Zahyst informacii' v komp’juternyh systemah. [Protection of information in computer systems.] Uzhgorod [in Ukrainian].

Published

2023-04-21

How to Cite

[1]
BONDARENKO Н. and SYTNICHENKO О. 2023. Organizational and legal provision of information security of enterprises. Foreign trade: economics, finance, law. 127, 2 (Apr. 2023), 76–87. DOI:https://doi.org/10.31617/3.2023(127)05.

Issue

Section

PUBLIC AND PRIVATE LAW