Title: Violation of Human Rights in the Field of Information Security

Introduction:

Definition of Information Security - Information security, or infosec, involves

protecting information and communication systems from unauthorized access,
modification, or destruction. It aims to ensure confidentiality, integrity, and
availability of sensitive data through measures like access control,
authentication, and incident response. These practices mitigate cyber threats,
safeguard data, and maintain trust.
Cyberspace is already used by terrorists to spread propaganda, radicalise
potential supporters, raise funds, communicate and plan.

Importance of Information Security in Protecting Human Rights

1. Privacy Protection: Information security safeguards individuals' right to

privacy by preventing unauthorized access to personal data. This is
essential for preserving autonomy and dignity, as privacy is a
fundamental human right.

2. Freedom of Expression and Communication: Securing information

channels ensures the free flow of ideas and opinions without fear of
censorship or surveillance. This upholds the right to freedom of
expression, a cornerstone of democratic societies.

3. Preserving Digital Identity: In the digital age, personal identity is

closely tied to online presence. Information security measures protect
individuals from identity theft and ensure the integrity of their digital
identity, reinforcing the right to a secure and stable identity.

4. Cybersecurity and Physical Safety: In certain instances, compromised

information security can have physical ramifications. Protecting sensitive
data helps prevent cyber-attacks that may harm individuals physically or
violate their right to life and security.

In summary, information security is a vital component of the modern human

rights landscape. It empowers individuals, preserves privacy, and upholds
democratic principles in the face of evolving digital challenges. Governments,
organizations, and individuals must prioritize information security to ensure a
safe and secure digital environment that respects and protects fundamental
human rights.
Overview of Human Rights Violations in the Context of Information Security

1. Cyberbullying and Online Harassment:

Weak information security can contribute to cyberbullying and
harassment, infringing on individuals' right to live free from fear
and violence.
The anonymity provided by the digital realm can exacerbate these
issues, making it difficult to hold perpetrators accountable.

2. Impacts on Democratic Processes:

Election interference through cyber-attacks can undermine the
democratic process, affecting the right to participate in government.
Manipulation of information and dissemination of fake news can
distort public discourse and compromise informed decision-
making.

Violation of Human Rights in the Field of Information Security:

Violation of human rights in the field of information security can occur in

various ways, often involving privacy infringements, surveillance, censorship,
and discrimination. Here are some examples:

1. Cyberattacks on Activists and Journalists:

o Hacking and cyberattacks on journalists, activists, or dissidents to
suppress their freedom of speech and expose their private
information.
o Governments or entities using malware or other cyber tools to
undermine political opposition.
2. Lack of Cybersecurity Safeguards:
o Organizations failing to implement proper cybersecurity measures,
resulting in data breaches that compromise individuals' personal
information.
 o Insufficient protection of sensitive data, leading to identity theft
and financial losses.

Information Security in Kazakhstan:

Current state:
Kazakhstan faces information security challenges, with legislative
measures emphasizing the protection of information space, but concerns
persist regarding state control, centralization, external influences from
Russian media, lack of awareness about the communication revolution,
and a tactical rather than strategic focus.
Main threats and Problems:
1. Overemphasis on State Control: Some experts suggest a paternalistic
approach, advocating for state control over mass consciousness. There's a
concern that information security is viewed primarily as a tool for state
purposes, potentially limiting citizens' access to critical information.
2. Centralization Concerns: Analysts point out concerns regarding over-
centralization in the state's handling of information security. The need for
a more decentralized approach is emphasized, involving coordination
between state bodies, the private sector, and the media.
3. External Influence from Russian Media: Experts identify the Russian
media as a significant threat to Kazakhstan's information space. The focus
is not on what people learn from Russian sources but on potential gaps in
knowledge. There is a call to promote learning diverse languages beyond
Russian.
4. Lack of Awareness on Communication Revolution: A fundamental
problem lies in the society's insufficient awareness of the communication
revolution that began in the late 20th century. This lack of understanding
hinders the formulation of effective strategies for information security.
5. Tactical Emphasis over Strategic Approach: The current approach to
information security in Kazakhstan appears to prioritize tactical methods
 rather than adopting a strategic perspective. Experts emphasize the need
for a unified and coordinated policy involving state bodies, the private
sector, and the media.

In conclusion, Kazakhstan faces challenges in achieving comprehensive

information security. The state-centric approach, potential over-centralization,
external influences from Russian media, and a lack of awareness about the
communication revolution contribute to the existing problems. To enhance
information security, there is a need for a more balanced approach, increased
public awareness, and strategic planning that addresses both data protection and
the broader social infosphere. Coordination between various stakeholders,
including state bodies, the private sector, and the media, is crucial for
developing effective policies in this evolving landscape.

Information Security in UK

The United Kingdom has emerged as one of the countries with high standards in
information security, primarily due to its proactive approach in addressing cyber
threats and safeguarding its digital landscape. The UK's commitment to
information security is outlined in its comprehensive National Cyber Security
Strategy, which is designed to achieve three key objectives:

Objective 1: Tackling cyber crime and making the UK one of the most secure
places in the world to do business

The UK recognizes the growing threat of cybercrime and its potential

impact on businesses. To address this, the country has implemented
robust measures to combat cyber threats, aiming to create a secure
environment for businesses to operate. This includes collaborations
between law enforcement agencies, government bodies, and private sector
organizations. Initiatives such as the National Cyber Security Centre
(NCSC) have played a crucial role in providing guidance, expertise, and
incident response support to businesses, thereby enhancing the overall
cybersecurity posture.
Objective 2: Making the UK more resilient to cyber attack and better able to
protect our interests in cyberspace

The UK government places a strong emphasis on building resilience

against cyber attacks to protect national interests. This involves investing
in advanced technologies, threat intelligence, and incident response
capabilities. The country has also engaged in international partnerships to
share threat information and best practices, contributing to a global effort
to combat cyber threats. The development of the Active Cyber Defence
(ACD) program is an example of the UK's commitment to proactively
identifying and mitigating cyber threats before they can cause significant
harm.

Objective 3: Building the UK’s cross-cutting knowledge, skills and capability to

underpin all cyber security objctives

Recognizing that cybersecurity is a dynamic and evolving field, the UK

places importance on continuously developing the knowledge and skills
of its workforce. The country has invested in educational programs,
training initiatives, and research to cultivate a strong cybersecurity talent
pool. This includes collaborations between academia, industry, and
government to ensure a comprehensive and well-rounded approach to
addressing cybersecurity challenges. By building a skilled and
knowledgeable workforce, the UK aims to maintain its competitive edge
in cyberspace and effectively address emerging threats.

In summary, the UK's high level of information security is a result of a holistic

and multi-faceted approach. The country's commitment to tackling cybercrime,
enhancing resilience to cyber attacks, and investing in the knowledge and skills
of its cybersecurity workforce has contributed to its reputation as one of the
most secure places in the world to conduct business in the digital age.

Interesting Facts:
In the spring of 2011, Sony announced that criminals had successfully
targete the PlayStation network, compromising the personal details of up
to 100 million customers and resulting in the network shutting down for
several weeks. The costs to Sony are expected to total $171 million.
List of Data Breaches and Cyber Attacks in 2023 – 8,214,886,660 records
breached
References:

1. Sabitov, Daniyar. (2016). Information Security in Kazakhstan:

Protection of Data and Ideas.
https://www.researchgate.net/publication/344726329_Information_Sec
urity_in_Kazakhstan_Protection_of_Data_and_Ideas
2. Ford, N. (2024). List of Data Breaches and Cyber Attacks in 2023 –
8,214,886,660 records breached. IT Governance UK
Blog. https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-
cyber-attacks-in-2023
3. The UK Cyber Security Strategy. (2011).GOV.UK.
https://assets.publishing.service.gov.uk/media/5a78a991ed915d04220
645e2/uk-cyber-security-strategy-final.pdf