Kibernetinio saugumo teisinis reguliavimas: kibernetinio saugumo strategijos
In: Socialinės technologijos: mokslo darbai = Social technologies : research papers, Volume 3, Issue 1, p. 189-207
ISSN: 2029-7564
16 results
Sort by:
In: Socialinės technologijos: mokslo darbai = Social technologies : research papers, Volume 3, Issue 1, p. 189-207
ISSN: 2029-7564
Purpose – to analyse the compliance with basic principles of data protection in selected consumer oriented cloud services contracts, and also to highlight the adequate level of data protection in the mentioned contracts, evaluating existing data protection directive 95/46/EC, also proposed General data protection regulation. Design/methodology/approach – various survey methods have been used in the work integrated. Documental analysis method has been used in analysis of scientific literature, legal acts and other documents, where aspects of legal data protection requirements have been included. Legal documents analysis method together with logical-analytic method has been used in analysing Directive 95/46/EU, Proposal for a regulation of the European Parliament and of the Council and jurisprudence of the European Court of Human Rights. Comparative method has been applied for revealing difference between particular cloud services contracts and also comparing the compliance of cloud services contracts to requirements of basic European data protection principles, established in the international documents. Findings – from the brief analysis of selected consumer oriented cloud service providers, it may be implied that more or less all the legal principles, established in the legal acts, are reflected in the privacy policies and/or service agreements. However, it shall be noted that there is a big difference in wording of the analysed documents. Regarding other principles, all examined cloud service providers do not have indemnification provisions regarding unlawful use of personal data. Research limitations/implications – the concept of the contract was presented in a broad sense, including the privacy policies and/or terms and conditions of the service providers. In accordance with the content of the principles, the authors grouped data protection principles, applied in cloud services into fundamental and recommendatory. Practical implications – the research results will be helpful for cloud service providers, dealing with personal data of data subjects (natural persons). Originality/value – the mentioned research of cloud provider contracts examined 4 sets of standard terms and conditions of cloud service providers targeting individual consumers. The following personal data protection principles were evaluated: transparency, purpose specification and limitation, erasure of data, confidentiality, availability, integrity, indemnification. ; Įvadinėje straipsnio dalyje autoriai apibūdino nuotolinės kompiuterijos paslaugos reiškinio ypatumus – sąvoką, požymius, pagrindinius privalumus ir rizikas. Tinkamas duomenų apsaugos reikalavimų įgyvendinimas nuotolinėje kompiuterijoje – vienas iš pagrindinių šių dienų iššūkių. Autoriai, remdamiesi Duomenų apsaugos direktyva 95/46/ EB, Bendruoju duomenų apsaugos reglamento pasiūlymu bei Europos žmogaus teisių teismo jurisprudencija, pristatė pagrindinius ir rekomenduojamus duomenų apsaugos principus, taikytinus nuotolinėje kompiuterijoje sutartinių santykių su galutiniais vartotojais kontekste. Tiriamojoje straipsnio dalyje autoriai analizavo pasirinktų nuotolinės kompiuterijos paslaugų teikėjų privatumo politikų ir/ar paslaugų teikimo sutarčių nuostatas bei tikrino jų atitiktį pagrindiniuose teisės aktuose įtvirtintiems teisiniams duomenų apsaugos reikalavimams. Atlikta analizė parodė, kad pagrindiniuose teisės aktuose numatyti teisinės duomenų apsaugos reikalavimai atsispindi nuotolinės kompiuterijos paslaugų teikimo privatumo politikose ir/ ar paslaugų teikimo sutarčių nuostatose. Tačiau taip pat būtina pažymėti, kad pasirinktų nuotolinės kompiuterijos paslaugų teikėjų formuluotės yra skirtingos. Pavyzdžiui, "Google" privatumo politikos nuostatos yra aiškios, lengvai įtraukiančios vartotoją į duomenų kontrolės procesą. Kitų paslaugų teikėjų sutarčių nuostatos nėra lengvai suprantamos. Visų paslaugų teikėjų sutarčių su galutiniais paslaugų vartotojais sąlygos neturi žalos atlyginimo dėl neteisėto duomenų naudojimo mechanizmo sąlygos.
BASE
In: Socialinės technologijos: mokslo darbai = Social technologies : research papers, Volume 3, Issue 2, p. 390-414
ISSN: 2029-7564
In: Information & Media, Volume 50, p. 233-239
ISSN: 2783-6207
In: Information & Media, Volume 50, p. 240-247
ISSN: 2783-6207
Straipsnyje analizuojama tapatybės vagystė elektroninėje erdvėje ir pagrindiniai šios pavojingos veikos požymiai. Straipsnį sudaro keturios dalys. Pirmoje dalyje analizuojamos tapatybės ir identifi kavimo elektroninėje erdvėje kategorijos. Antroji dalis skirta aptarti ir susisteminti tapatybės elektroninėje erdvėje vagystės būdams ir formoms. Trečioje straipsnio dalyje pateikiama tapatybės vagystės elektroninėje erdvėje samprata. Ketvirtoji straipsnio dalis skirta tapatybės vagystės elektroninėje erdvėje, kaip atskiros veikos, kriminalizavimo aptarčiai. Straipsnyje atlikta analizė leidžia teigti, kad tapatybės vagystės elektroninėje erdvėje būdai ir formos yra labai įvairūs ir nuolat kinta, atsiranda vis naujų. Įvairiuose šaltiniuose iki šiol diskutuojama dėl tapatybės vagystės sampratos. Atlikę analizę autoriai siūlo naudoti tapatybės vagystės elektroninėje erdvėje sampratos variantą. Straipsnyje taip pat pateikiamos naujausios tapatybės vagystės elektroninėje erdvėje kriminalizavimo tendencijos.Online Identity TheftDarius Štitilis, Marius Laurinaitis
SummaryThe article analyzes the identity theft in electronic space, and the main aspects of this dangerous crime. The article consists of four parts. The fi rst part analyzes the identity and identifi cation in electronic space category. The second part is dedicated to discussing and systematizes techniques and forms of identity theft in electronic space. The third paragraph proposes the conception of the identity theft in electronic space. The fourth paragraph analyzes identity theft in electronic space as the individual crime, and proposes criminalize aspects. The analysis in this article suggests that the methods of identity theft in electronic space are very different and constantly changing, as well as new ways and forms. In different sources there are a lot of discussions about the concept of identity theft. The authors carried out suggest using of identity theft in electronic space version as the concept. The article also includes the latest identity theft in electronic space criminalize aspects.>
Straipsnyje nagrinėjama elektroninės komercijos ir pridėtinės vertės mokesčio suderinamumo dilema.Daugiausia dėmesio skiriama naujai sukurtai ir nuo 2004 m. gegužės 1 d. Lietuvoje įsigaliojusiai apmokestinimoschemai, kuri taikoma specialiai elektroniniu būdu teikiamoms paslaugoms. Pardavėjams,užsiimantiems elektronine komercija, keliami dideli reikalavimai, todėl pabrėžiama, kad pareigos, kuriasįtvirtina teisės normos, neatitinka galimybių, kurias suteikia informacinės technologijos. Net ir nauji pridėtinėsvertės mokesčio pokyčiai ne iki galo suderino mokesčių institucijų ir elektronine komercija užsiimančiųpardavėjų tarpusavio santykius. Naujoji schema – tai tik pirmas, tačiau reikšmingas žingsnissiekiant tradicinį pridėtinės vertės mokestį efektyviai pritaikyti naujai komercijos formai.Value added tax in electronic commerceIrmantas Rotomskis, Darius Štitilis SummaryElectronic space is steadily gaining popularity as anattractive environment for business organisation. Electronicdispatch of goods in a digital form allowing toavoid traditional checking procedure, increased level ofanonymity of operations carried out within internet, introductionof electronic currency, and considerable mobilityof electronic commerce account for the governmentalinstitutions' concern about effective applicationof tax rates that have existed up until now. Special attentionis given to the value added tax (VAT) as its regulationby current legislation has become largely ineffectivein terms of newly-introduced business models.Criticism of VAT for its poor effectivity in the area ofelectronic commerce was based, to a degree, on thecircumstance that identification of the second partyof a deed, that is the buyer, was impossible. Mostauthors argue that information technologies allow toidentify only the IP of a computer system, not a subjectwho used it.The main objective of this article is to analyse thedilemma of e-commerce and value added tax (VAT)compatibility. A search for effective ways of imposinga VAT tax on electronic commerce lasted in theEuropean Union up till 2000. In 2002, the adoption ofthe Sixth Directive "On Value Added Tax" consolidateda new pattern applied to the taxation of servicesrendered exclusively in an electronic way. Requirementsof this Directive are in force also in the Republicof Lithuania since 1 May 2004.High demands are raised to the e-commerce sellers,therefore the focus is set on inadequateness betweenobligations which are definite in legal norms and opportunitieswhich e-commerce provides. Even thenew changes applying VAT does not wholly balancethe relationship between tax institutions and e-commercesellers. The new scheme is a first step to the efficientapplication of traditional VAT to the new formof commerce.
BASE
In: Information & Media, Volume 42, Issue 43, p. 84-90
ISSN: 2783-6207
Straipsnyje nagrinėjama elektroninės komercijos ir pridėtinės vertės mokesčio suderinamumo dilema. Daugiausia dėmesio skiriama naujai sukurtai ir nuo 2004 m. gegužės 1 d. Lietuvoje įsigaliojusiai apmokestinimo schemai, kuri taikoma specialiai elektroniniu būdu teikiamoms paslaugoms. Pardavėjams, užsiimantiems elektronine komercija, keliami dideli reikalavimai, todėl pabrėžiama, kad pareigos, kurias įtvirtina teisės normos, neatitinka galimybių, kurias suteikia informacinės technologijos. Net ir nauji pridėtinės vertės mokesčio pokyčiai ne iki galo suderino mokesčių institucijų ir elektronine komercija užsiimančių pardavėjų tarpusavio santykius. Naujoji schema – tai tik pirmas, tačiau reikšmingas žingsnis siekiant tradicinį pridėtinės vertės mokestį efektyviai pritaikyti naujai komercijos formai.Value added tax in electronic commerceIrmantas Rotomskis, Darius Štitilis
SummaryElectronic space is steadily gaining popularity as an attractive environment for business organisation. Electronic dispatch of goods in a digital form allowing to avoid traditional checking procedure, increased level of anonymity of operations carried out within internet, introduction of electronic currency, and considerable mobility of electronic commerce account for the governmental institutions' concern about effective application of tax rates that have existed up until now. Special attention is given to the value added tax (VAT) as its regulation by current legislation has become largely ineffective in terms of newly-introduced business models.Criticism of VAT for its poor effectivity in the area of electronic commerce was based, to a degree, on the circumstance that identification of the second party of a deed, that is the buyer, was impossible. Most authors argue that information technologies allow to identify only the IP of a computer system, not a subject who used it. The main objective of this article is to analyse the dilemma of e-commerce and value added tax (VAT) compatibility. A search for effective ways of imposing a VAT tax on electronic commerce lasted in the European Union up till 2000. In 2002, the adoption of the Sixth Directive "On Value Added Tax" consolidated a new pattern applied to the taxation of services rendered exclusively in an electronic way. Requirements of this Directive are in force also in the Republic of Lithuania since 1 May 2004.High demands are raised to the e-commerce sellers, therefore the focus is set on inadequateness between obligations which are definite in legal norms and opportunities which e-commerce provides. Even the new changes applying VAT does not wholly balance the relationship between tax institutions and e-commerce sellers. The new scheme is a first step to the efficient application of traditional VAT to the new form of commerce.
The authors present a more comprehensive analysis of two countries—the United States and Nigeria. The choice is based on the fact that the United States has a great experience of fighting cyber crimes and, as research has shown, is the only country where online identity theft is criminalized. While the situation in Nigeria is taken for an in-depth consideration because of its Criminal Code Act having a separate chapter in which personation is criminalized. Also, in this article, summarized information about other analyzed countries is presented, the differences of the existing criminal legislation are described and the variety of sanctions for online identity theft phases is discussed. However, the research has shown that the penalties imposed for online identity thefts (or its separate phases) are mostly fines or imprisonment. In this article, it is emphasized that online identity theft is not criminalized (except the United States), and this impedes the detection, investigation and prosecution of such conduct at both domestic and international levels. Therefore, the authors are going to bring online identity criminalization up for discussion on the basis of the research presented in this article.
BASE
The authors present a more comprehensive analysis of two countries—the United States and Nigeria. The choice is based on the fact that the United States has a great experience of fighting cyber crimes and, as research has shown, is the only country where online identity theft is criminalized. While the situation in Nigeria is taken for an in-depth consideration because of its Criminal Code Act having a separate chapter in which personation is criminalized. Also, in this article, summarized information about other analyzed countries is presented, the differences of the existing criminal legislation are described and the variety of sanctions for online identity theft phases is discussed. However, the research has shown that the penalties imposed for online identity thefts (or its separate phases) are mostly fines or imprisonment. In this article, it is emphasized that online identity theft is not criminalized (except the United States), and this impedes the detection, investigation and prosecution of such conduct at both domestic and international levels. Therefore, the authors are going to bring online identity criminalization up for discussion on the basis of the research presented in this article.
BASE
The authors of the present article analyze the criminal legislation of eight foreign countries (the United States, the United Kingdom, Nigeria, France, Finland, Estonia, Russia, China) as well as Lithuania in order to discuss and compare the criminalization aspects of online identity theft. Online identity theft is a rather new phenomenon and dangerous not only to separate individuals but to the whole society. It is concerned with the violation of consumer protection rules, security and privacy and anti-spam rules, etc. Online identity theft is a global problem, and this leads to the discussions whether it should be criminalized or not. The analysis is focused on the Three-Phase Model of online identity theft: obtaining identity-related information (phase 1), interaction with identity-related information (phase 2) and the use of the identity-related information in relation to a criminal offence (phase 3). The authors analyze whether in the countries under investigation online identity theft is treated as a criminal act or separate phases of it are considered as constituent elements of common crimes such as unlawful access to data, fraud, forgery, etc. only.The authors present a more comprehensive analysis of two countries—the United States and Nigeria. The choice is based on the fact that the United States has a great experience of fighting cyber crimes and, as research has shown, is the only country where online identity theft is criminalized. While the situation in Nigeria is taken for an in-depth consideration because of its Criminal Code Act having a separate chapter in which personation is criminalized. Also, in this article, summarized information about other analyzed countries is presented, the differences of the existing criminal legislation are described and the variety of sanctions for online identity theft phases is discussed. However, the research has shown that the penalties imposed for online identity thefts (or its separate phases) are mostly fines or imprisonment. In this article, it is emphasized that online identity theft is not criminalized (except the United States), and this impedes the detection, investigation and prosecution of such conduct at both domestic and international levels. Therefore, the authors are going to bring online identity criminalization up for discussion on the basis of the research presented in this article. ; Straipsnyje nagrinėjama tapatybės vagystės elektroninėje erdvėje kriminalizavimo būklė pasirinktose užsienio valstybėse, nustatant atitinkamų baudžiamųjų normų dispozicijas, įskaitant sankcijas. Analizuojamos pasirinktų aštuonių užsienio valstybių (Jungtinių Amerikos Valstijų, Jungtinės Karalystės, Nigerijos, Prancūzijos, Suomijos, Estijos, Rusijos, Kinijos) ir Lietuvos baudžiamųjų įstatymų teisės normos, nagrinėjant tapatybės vagystės kriminalizavimo būklę lyginamuoju aspektu. Tapatybės vagystės elektroninėje erdvėje kriminalizavimo būklė pasirinktose užsienio valstybėse analizuojama remiantis trijų stadijų tapatybės vagystės elektroninėje erdvėje kriminalizavimo modeliu. Analizuojama, kaip pasirinktose valstybėse kriminalizuotos atitinkamos modelio stadijos, apibendrinamos už pavojingas veikas nustatytų sankcijų rūšys ir dydžiai.
BASE
Cyber security has become an important issue both on the EU and the national level. Cyber security is now perceived as a part of national security. The newly emerging cyber security policy, comprising national cyber security strategies as an important constituent part, has been recently paid considerable attention. Speaking of national cyber security strategies, a positive thing is that the majority of EU member states have already approved such strategies. However, the approved strategies differ considerably in terms of their content and implementation. The present article aims at identifying reasons for differences in individual national strategies and analyses aspects of their unifications in expectation to find out an optimum balance between the degree of unification and the need to retain differences arising from intrinsic national singularities. To this end, the article analyses the issue of national cyber security on the basis of Lithuania's cyber security strategy as a sample in the context of ENISA good practices for the development of cyber security strategies and by application of ENISA developed KPIs and testing ENISA cyber security strategy evaluation tool. Finally, the article suggests recommendations on further development of national cyber security strategies in terms of their unification and national singularities.
BASE
Cyber security has become an important issue both on the EU and the national level. Cyber security is now perceived as a part of national security. The newly emerging cyber security policy, comprising national cyber security strategies as an important constituent part, has been recently paid considerable attention. Speaking of national cyber security strategies, a positive thing is that the majority of EU member states have already approved such strategies. However, the approved strategies differ considerably in terms of their content and implementation. The present article aims at identifying reasons for differences in individual national strategies and analyses aspects of their unifications in expectation to find out an optimum balance between the degree of unification and the need to retain differences arising from intrinsic national singularities. To this end, the article analyses the issue of national cyber security on the basis of Lithuania's cyber security strategy as a sample in the context of ENISA good practices for the development of cyber security strategies and by application of ENISA developed KPIs and testing ENISA cyber security strategy evaluation tool. Finally, the article suggests recommendations on further development of national cyber security strategies in terms of their unification and national singularities.
BASE
Cyber security has become an important issue both on the EU and the national level. Cyber security is now perceived as a part of national security. The newly emerging cyber security policy, comprising national cyber security strategies as an important constituent part, has been recently paid considerable attention. Speaking of national cyber security strategies, a positive thing is that the majority of EU member states have already approved such strategies. However, the approved strategies differ considerably in terms of their content and implementation. The present article aims at identifying reasons for differences in individual national strategies and analyses aspects of their unifications in expectation to find out an optimum balance between the degree of unification and the need to retain differences arising from intrinsic national singularities. To this end, the article analyses the issue of national cyber security on the basis of Lithuania's cyber security strategy as a sample in the context of ENISA good practices for the development of cyber security strategies and by application of ENISA developed KPIs and testing ENISA cyber security strategy evaluation tool. Finally, the article suggests recommendations on further development of national cyber security strategies in terms of their unification and national singularities.
BASE
Cyber security has become an important issue both on the EU and the national level. Cyber security is now perceived as a part of national security. The newly emerging cyber security policy, comprising national cyber security strategies as an important constituent part, has been recently paid considerable attention. Speaking of national cyber security strategies, a positive thing is that the majority of EU member states have already approved such strategies. However, the approved strategies differ considerably in terms of their content and implementation. The present article aims at identifying reasons for differences in individual national strategies and analyses aspects of their unifications in expectation to find out an optimum balance between the degree of unification and the need to retain differences arising from intrinsic national singularities. To this end, the article analyses the issue of national cyber security on the basis of Lithuania's cyber security strategy as a sample in the context of ENISA good practices for the development of cyber security strategies and by application of ENISA developed KPIs and testing ENISA cyber security strategy evaluation tool. Finally, the article suggests recommendations on further development of national cyber security strategies in terms of their unification and national singularities.
BASE
Given the global nature of cyber threats, assurance of a cyber security policy is very important not only at the local organisation level, but also at national and international level. Currently, cyber security as such is not suitably regulated internationally; therefore, the role of national cyber security strategies has become particularly significant. Lithuania is among the leaders in the EU and globally in the development of the optical fibre network. FTTP coverage has already reached 95%, the highest in the EU. Regardless of that, the cyber security programme effective in Lithuania does not provide conditions to ensure an appropriate level of cyber security and may not be regarded as a high-level contemporary strategic document in the area of cyber security. This article presents a study the main outcome of which are guidelines for a contemporary model of the Lithuanian national cyber security strategy. Based on comparative and historical studies as well as expert interviews conducted by authors and on the best practice of other countries, the article presents the elements of a model of the Lithuanian national cyber security strategy as well as guidelines on the content of these elements of the model. The article also reveals which elements of the model of the national cyber security strategy should most of all reflect the national situation and which elements may be unified and possibly also adapted in the cyber security strategies of other countries.
BASE