Policy guides

Key GDPR Issues InfoSec Professionals should address

The General Data Protection Regulation (GDPR) will enter into force on 25 May 2018. So what actions should InforSec Professionals already be taking to ensure compliance with the new regulation?

The GDPR will affect organisations that operate in the European Union (EU), do business with organisations in the EU, or store data in the EU. When preparing to implement the required changes to current practices, there are numerous challenges the information security professional must be ready to address.

Guide pour la directive sur la securite des reseaux et des systemes d’information

La directive sur la sécurité des réseaux et des systèmes d’information (NIS Directive) établit les premières règles de l’Union Européenne en matière de cyber sécurité.
L’applicabilité de la directive NIS est prévue pour août 2016. Les États membres disposeront de 21 mois pour implémenter cette directive dans leurs lois nationales et six mois pour identifier les opérateurs de services essentiels.

L’objectif de la directive est d’atteindre un niveau de sécurité élevé commun sur les réseaux et les systèmes d’information au sein de l’Union, en:

Guía sobre la directiva europea de seguridad en redes y sistemas de información

La Directiva europea de Seguridad en Redes y Sistemas de Información (NIS) representa el primer paso en regulación sobre ciberseguridad a nivel de la Unión Europea.
La entrada en vigor de la Directiva NIS se programó para Agosto de 2016. Los Estados Miembros tendrán desde entonces 21 meses para implementar esta  directiva en sus legislaciones nacionales, y 6 meses más para identificar a los operadores de servicios esenciales.

EC Communication: Strenghtening Europe's Cyber Resilience System and Fostering a Competitive and Innovative Cybersecurity Industry

In its Communication of 5 July 2016 the European Commission announces the launch of a public-private partnership on cybersecurity and additional market-oriented policy measures to boost industrial capabilities in Europe.

European Council Adopts EU-wide cyber security rules

17 May 2016 - the European Council formally adopts new rules to step up the security of network and information systems across the EU.

The network and information security directive (NISD) will increase cooperation between member states on the vital issue of cybersecurity. It lays down security obligations for operators of essential services (in critical sectors such as energy, transport, health and finance) and for digital service providers (online marketplaces, search engines and cloud services).

NIST launches public consultation on cyber security

The National Institute of Standards and Technology (NIST) is set to release an overhauled systems security engineering document it hopes will change the way software and computer designers think about cyber security.

NIST calls upon U.S. federal agencies, businesses and general population to re-think the approach to cyber security, which should not be just an add-on but a foundational component of any technology that touches the Internet.