According to the European Commission, the Digital Services Act is a comprehensive set of new rules, which regulate the responsibilities of digital services. Together with the Digital Markets Act, it will create a safer digital space for users of digital services, protecting their fundamental rights online. The Acts will also create a level playing field so that digital businesses can grow within the single market and compete globally.
The Cyber Law Toolkit is a dynamic interactive web-based resource for legal professionals who work with matters at the intersection of international law and cyber operations. At its heart, the Toolkit currently consists of 19 hypothetical scenarios. Each scenario contains a description of cyber incidents inspired by real-world examples, accompanied by detailed legal analysis. The aim of the analysis is to examine the applicability of international law to the scenarios and the issues they raise. The Toolkit was formally launched on 28 May 2019 in Tallinn, Estonia. Its first general annual update was published on October 2, 2020.
NIST has released NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This report promotes greater understanding of the relationship between cybersecurity risk management and ERM, and the benefits of integrating those approaches.
“Estonia is a cyber country of excellence with a robust cyber defensive system in terms of technology and people. Given their deep expertise, I believe they will have substantial lessons to share, which will be enormously helpful in finding efficiencies in our science and technology efforts while understanding how best to defend against cyber warfare,” said Robert Kimball, the C5ISR Center’s senior research scientist for cyber security. Kimball also noted Estonia is home to the NATO Cyber Defense Center and Cyber Range.
According to NIST in its recently published paper on forensic science challenges and the cloud, “Cloud computing has revolutionized the methods by which digital data is stored, processed, and transmitted.” The paper goes on to highlight that, “One of the most daunting new challenges is how to perform digital forensics in various types of cloud computing environments. The challenges associated with conducting forensics in different cloud deployment models, which may cross geographic or legal boundaries, have become an issue.” The complete paper, NIST Cloud Computing Forensic Science Challenges, published in August of 2020, aggregates, categorizes, and discusses the forensics challenges faced by experts when responding to incidents that have occurred in a cloud-computing ecosystem.
According to Wikipedia, malware analysis is the study or process of determining the functionality, origin, and potential impact of a given malware sample. In this new handbook from the NATO Cooperative Cyber Defence Centre of Excellence, the authors share concise insight and general techniques for analyzing the most common malware types for the Windows OS.
One of the cyber scenarios highlighted in the Cyber Law Toolkit describes the potential use of ransomware against municipal governments and healthcare providers. Given the pandemic and recession constraints in today’s world, this scenario and its potential implications are more relevant than ever and worthy of consideration by legal, business, and information technology professionals.
“The Coalition to Reduce Cyber Risk (CR2) is calling for a global approach to cybersecurity risk management underpinned by interoperable frameworks,” said Alexander Niejelow, President of the CR2 Board of Directors and Senior Vice President of Cybersecurity Coordination and Advocacy for Mastercard. “Our companies recognize that good cybersecurity risk management rests on a common security baseline of practices as well as a common taxonomy and lexicon. By recognizing this common core as a global standard, companies can more effectively reduce risk as we work across multiple economies and sectors.”
The following guidance, prepared and published by the Data Protection Commission (DPC) of Ireland, has been developed to aid data controllers and processors to ensure they meet their obligations with regard to the security of personal data they process.
The European Data Protection Supervisor (EDPS) is the European Union’s independent data protection authority, tasked with ensuring that the institutions and bodies of the EU respect data protection law. The following update shares an overview of the EDPS and presents the 2019 EDPS Annual Report.