LAW OF GEORGIA
ON INFORMATION SECURITY
Chapter I - General Provisions
Article 1 - Purpose of the Law
This Law aims to promote the efficient and effective maintenance of information security, define rights and responsibilities for public and private sectors
in the field of information security maintenance, and identify the mechanisms for exercising state control over the implementation of information
security policy.
Article 2 - Definition of terms
The terms used in this Law shall have the following meanings:
a) information security – an activity that ensures the protection of access to, integrity, authenticity, confidentiality, and non-repudiation of information
and information systems;
b) information security policy – a set of the standards, principles, and practices laid down in this Law, other normative acts and international treaties of
Georgia, that ensures information security and complies with the international standards established within the scope of its maintenance;
c) cyberspace – a domain characterized by the use of electronics and electromagnetic spectrum to store, modify, or exchange data via networked systems
and an associated physical infrastructure;
d) cyber-attack – an action when an electronic device and/or a network or a system connected thereto is used through disrupting, impeding, or
destroying the integrity of the systems, property or functions within the critical information system, or through obtaining information illegally;
e) computer incident – an actual or potential violation of information security policy by using an information technology that causes an unauthorized
access to, disclosure, damage or impediment of information, or theft of information resources;
f) critical information system – an information system whose uninterrupted operation is essential to national defence and/or economic security, as well
as to normal functioning of the state authority and/or society;
g) critical information system subject – a state body or a legal person whose uninterrupted operation of the information system is essential to the defence
and/or economic security of the State, as well as to the maintenance of state authority and/or public life;
h) confidential information – information, the breach of confidentiality, integrity or availability of which may cause a substantial damage to the
functions of the critical information system subject. The purpose of classifying information as confidential is to provide rules for the information asset
management, except for the rules defining access to public information set forth by the General Administrative Code of Georgia;
i) information for internal use – information designated only for employees and/or contractors of the critical information system subject. The breach of
the confidentiality, integrity, or availability of this information may cause a substantial disruption of the operation of the critical information system
subject, or impair the security of public authorities, state interest, or business reputation of a private person. The purpose of classifying information as
information for internal use is to provide the rules for information asset management, except for the rules defining access to public information set forth
by the General Administrative Code of Georgia;
j) information asset – all information and knowledge (particularly, technological means for the storage, processing, and transfer of information,
personnel and their knowledge of information processing) that is valuable to the critical information system subject;
k) information system – any combination of information technology and actions carried out by using such technology that facilitates the management
and/or decision-making;
l) network sensor – a device specifically designed for monitoring a network segment in order to identify the actions that indicate the attack against or
intrusion into the information system;
m) Data Exchange Agency– a legal entity under public law within the governance of the Ministry for Justice of Georgia (‘Data Exchange Agency���);
n) Cyber Security Bureau - a legal entity under public law within the Ministry for Defence of Georgia (‘Cyber Security Bureau’);
Law of Georgia No 1829 of 24 December 2013 – website, 28.12.2013
Article 3 - Scope of the Law
1. This Law shall apply to all legal persons and state authorities that are critical information system subjects. This Law shall also apply to the
organisations and agencies that are subordinated or related to the critical information system subject through labour, internship, contractual, or other
relationships and that provide access to information assets under such relationships.
2. The list of critical information system subjects and the criticality classification for the respective subjects shall be approved by an ordinance of the
Government of Georgia. The Ministry of Justice of Georgia, in agreement with the Ministries of Defence and Internal Affairs of Georgia and the State
http://www.matsne.gov.ge
14000000005001016807