The confidentiality, authenticity, integrity, obligation and availability of information systems based information and processes are mission-critical for the operation of most large organizations – in many cases, these efforts are imposed by legal and regulatory requirements. Technological development has multiplied and diversified the vectors for creation, production and exploitation information. The legal protection of technological measures applies without prejudice to public policy or public security. When applying the exceptions and limitations, they should be exercised in accordance with international and national obligations. Such exceptions and limitations may not be applied in a way which prejudices the legitimate interests of the right holder or which conflicts with the normal exploitation of his work or other subject matter. They should ensure, that right holders provide beneficiaries of such exceptions or limitations with appropriate means of benefiting from them, by modifying an implemented technological measure or by other means. Every country should provide effective sanctions and remedies for infringements of information security rights and obligations. The practice of OECD (Organisation for economic co-operation and development) in the field of information systems and information security and introduced the concept of a "culture of security" relating to safe information technology and Internet usage are observed in this article also. The most European countries security strategies are built on these guidelines.
Information technology security shall be a key factor governing information technology use by Lithuanian public sector, businesses and consumers. A culture of security shall be built around the development and deployment of information systems and electronic information exchange in Lithuania.
The new national information security strategy will help Lithuania become an information secure society. The Government must designate key targets underpinning information security in society. Strategy must take into account security requirements for the specific type of data, information processing or systems that may be involved. This will, moreover, enhance efforts to safeguard critical infrastructures.
Regulations concerning information security shall be enforced and further developed in a coordinated manner, and made straightforward and easy for users to follow. All parties share responsibility for promoting awareness and understanding of information technology security issues, and for nurturing an emergent "culture of security" within society.
The main purposes of the article – to identify, analyze and evaluate the practise of European Union, USA and other countries for the legal regulation on information systems and information security and adopt that practice for Lithuanian state information systems and information security regulation. Conclusions relating to the legal regulation of information systems and information security are provided. The methods of descriptive, comparative and system analysis are used in this article.