Article 1. The basic concepts used in this Law of the Law on Cybersecurity

Home / Laws / Article 1. The basic concepts used in this Law of the Law on Cybersecurity

The following basic concepts are used in this Law:

1) information protection means – software, technical and other means designed and used to ensure the protection of information;

2) a user with privileged rights is a user with enhanced access rights to a digital object that ensures its normal operating conditions.;

3) Critical digital objects – digital objects, the violation or termination of which leads to the illegal collection and processing of personal data with limited access and other information containing legally protected secrets, the occurrence of social and (or) man-made emergencies, or significant negative consequences for defense, security, international relations, the economy, certain areas of the economy or for the livelihoods of the population, resident in the relevant territory, including infrastructure: heat supply, electricity, gas supply, water supply, industry, healthcare, communications, banking, transport, hydraulic structures, law enforcement, "digital government";

4) National Source Code Repository – a repository of source codes and executable codes of digital objects compiled from them;

5) domain name is a symbolic (alphanumeric) designation formed in accordance with the rules of Internet addressing, corresponding to a specific network address and intended for named access to an Internet object.;

6) malicious program – a created or existing program or software product with changes that allows unauthorized access, destruction, blocking, modification or copying of digital data, as well as disrupting the functioning of digital objects.;

7) a single Internet access gateway is a hardware and software package designed to protect a digital object when accessing the Internet and (or) communication networks with Internet access;

8) cybersecurity – the state of protection of digital objects from violation of their confidentiality, integrity or accessibility;

9) cybersecurity audit – assessment of the security status of digital objects for compliance with cybersecurity requirements;

10) A cybersecurity researcher is a specialist in the field of cybersecurity who participates in a program of interaction with cybersecurity researchers.;

11) cybersecurity threat – a set of conditions and factors that create prerequisites for a cybersecurity incident;

12) cybersecurity event management system – software or hardware and software package designed for automated detection of cybersecurity events by collecting and analyzing event logs of a digital object;

13) cybersecurity event monitoring – continuous monitoring of a digital object in order to identify and identify cybersecurity events through a cybersecurity event management system;

14) cybersecurity event – an identified occurrence of a digital object state, indicating a possible cybersecurity violation or a previously unknown situation that may be relevant to ensuring cybersecurity;

15) program of interaction with cybersecurity researchers – organizational and technical measures that ensure the interaction of cybersecurity researchers with digital objects to identify vulnerabilities in them;

16) cybersecurity monitoring system – organizational and technical measures aimed at monitoring the safe use of digital technologies;

17) cybersecurity center – a legal entity or a structural subdivision of a legal entity that is a resident of the Republic of Kazakhstan without the participation of foreign legal entities and individuals engaged in the protection of digital objects;

18) the authorized body in the field of cybersecurity (hereinafter referred to as the authorized body) is the central executive body responsible for leadership and intersectoral coordination in the field of cybersecurity;

19) the National Institute for Development in the field of cybersecurity is a legal entity designated by the Government of the Republic of Kazakhstan for the development of the cybersecurity industry;

20) cybersecurity incident response service – a legal entity or a structural subdivision of a legal entity that is a resident of the Republic of Kazakhstan without the participation of foreign legal entities and individuals, responding to a cybersecurity incident in accordance with the competence established by this Law;

21) a cybersecurity incident is an event or a set of events that negatively affect the cybersecurity of a digital object.;

22) responding to a cybersecurity incident – actions taken to minimize or eliminate a cybersecurity incident, including actions taken to protect and restore the normal functioning of digital objects and the digital data contained therein, a process that includes identifying, analyzing and taking measures to counter events or violations that may pose a threat to the cybersecurity of digital assets. objects;

23) the cybersecurity industry center is a legal entity or a structural subdivision of a government body that organizes and coordinates cybersecurity measures in relation to subordinate organizations and (or) a regulated management area.;

24) internal cybersecurity audit is an objective, documented process of monitoring the qualitative and quantitative characteristics of the current state of cybersecurity of digital objects in an organization, carried out by the organization itself in its own interests;

25) cyberculture is a set of norms and values of safe and responsible behavior in a digital environment;

26) protection profile – a list of minimum security requirements for software and hardware components of digital objects;

27) state technical service is a state–owned legal entity established by decision of the Government of the Republic of Kazakhstan;

28) vulnerability – a flaw in a digital object that poses a threat to cybersecurity;

29) technical means – devices used for collecting, processing, storing, switching and transmitting digital data;

30) automated process control system is a digital infrastructure facility designed for automation, management, control and monitoring of production processes in real time;

31) the classifier of digital objects (hereinafter referred to as the classifier) is a systematic list of categories aimed at identifying, categorizing, describing and accounting for digital objects.;

32) digital event logging is the process of systematically recording, collecting and storing digital records of events occurring in digital objects for the purpose of subsequent analysis, identification of deviations and investigation of cybersecurity incidents;

33) The unified digital government e–mail gateway is a hardware and software package that ensures the protection of digital government e-mail in accordance with cybersecurity requirements.

The Law of the Republic of Kazakhstan dated November 24, 2015 No. 418-V SAM.

This Law regulates public relations in the field of informatization that arise in the territory of the Republic of Kazakhstan between government agencies, individuals and legal entities during the creation, development and operation of informatization facilities, as well as with state support for the development of the information and communication technology industry.

President

Republic of Kazakhstan

Constitution Law Code Standard Decree Order Decision Resolution Lawyer Almaty Lawyer Legal service Legal advice Civil Criminal Administrative cases Disputes Defense Arbitration Law Company Kazakhstan Law Firm Court Cases