FERGUSON, Donald. European Cybersecurity Certification Schemes and cybersecurity in the EU internal market. International Cybersecurity Law Review. 2022, vol. 2022, No 3, p. 51-114. ISSN 2662-9720.
Other formats:   BibTeX LaTeX RIS
Basic information
Original name European Cybersecurity Certification Schemes and cybersecurity in the EU internal market
Authors FERGUSON, Donald (124 Canada, guarantor, belonging to the institution).
Edition International Cybersecurity Law Review, 2022, 2662-9720.
Other information
Original language English
Type of outcome Article in a journal
Field of Study 50501 Law
Country of publisher Germany
Confidentiality degree is not subject to a state or trade secret
WWW Open access časopisu
RIV identification code RIV/00216224:14220/22:00125626
Organization unit Faculty of Law
Keywords in English certification; cybersecurity; schemes
Tags rivok
Tags International impact, Reviewed
Changed by Changed by: Mgr. Petra Georgala, učo 32967. Changed: 23/3/2023 11:47.
Abstract
The principal question addressed by this paper is: how adequate are the minimum security objectives of the European Union Cybersecurity Act (Regulation (EU) 2019/881) in assisting organisations in the European Union internal market with resisting and recovering from cyber threats? The question is answered by first identifying the scope of the minimum security objectives. Scope identification, performed through legislative interpretation, reveals an integrated system of security objectives with significant gaps. Second, the minimum security objectives are evaluated within a model of cyber attacks from attack reconnaissance to legal proceedings to reveal further significant gaps. Finally, the minimum security objectives are evaluated within five cyber attack scenarios, reflecting the highest ranking cyber threats to the internal market. The simulation analysis accentuates the findings of the model analysis and identifies further significant gaps. In conclusion, the minimum security objectives are found to be largely inadequate in assisting organisations in the European Union internal market with resisting and recovering from cyber threats. The analysis of the adequacy of the minimum security objectives is timely, as the first European cybersecurity certification schemes are currently being designed.
Links
EF16_019/0000822, research and development projectName: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur
PrintDisplayed: 30/7/2024 14:22