The European Commission has launched a call to select the members of the Stakeholder Cybersecurity Certification Group (SCCG). The group is being formed in terms of the recently promulgated European Cybersecurity Act and will advise the Commission on strategic priorities and on the Union Rolling Work Programme on Certification.
Google has been fined almost €50 million ($57m) by French regulators for violating Europe’s strict data-privacy rules. The fine marks the first major penalty brought against a U.S. technology giant since the General Data Protection Regulation (GDPR) took effect in May 2018. Under the regulation, users must be given a full, clear picture of the data collected, along with simple, specific tools for users to consent to having their personal information harnessed.
Direktiva za varnost omrežij in informacij (NIS – Network and Information Security) je poenotila uredbe o kibernetski varnosti na nivoju celotne Evropske Unije.
Veljati je začela avgusta 2016. Države članice imajo za izvajanje Direktive in vpeljevanje v nacionalno zakonodajo na voljo 21 mesecev in 5 dodatnih mesecev za identifikacijo administratorjev kritične infrastrukture.
Direktiva želi zagotoviti visoko raven varnosti omrežij in informacij v EU. Cilji Direktive so naslednji:
On April 4, 2017, the EU Article 29 Working Party has published draft Guidelines on Data Protection Impact Assessment (DPIA) with the aim of achieving common criteria, methodology, and recommendations with respect to DPIAs under the GDPR.
On Friday, 24 March 2017, the High Level Group of the Commission's Scientific Advice Mechanism (SAM) has published a new scientific opinion on cybersecurity in the Digital Single Market, following the request of the Commission Vice-President Andrus Ansip.
In this Opinion, the Group makes a number of recommendations for policy action to make it easier and safer for people and businesses to operate online in the EU.
The opinion includes recommendations:
The UK department for Business, Energy and Industrial Strategy has recently released a new document addressing cyber-attacks on critical nuclear facilities.
This strategy sets out a path to keeping the UK civil nuclear sector ahead of rapidly evolving threats to, and vulnerabilities in, software and equipment in the next five years.
The GDPR will come into force from 25 May 2018 when it will replace the existing EC Data Protection Directive, bringing new legal rights for individuals, extending the scope of responsibilities for data controllers and processors and enhancing the regime for enforcement to include the risk of fines at up to 4% of an organisation's worldwide annual turnover.
The new regulation is in fact a major change in privacy and data protection, with many areas to be affected.
Last week the Cyberspace Administration of China published its first cyberspace security strategy.
The 15 page document aims at safeguarding cyberspace sovereignty and national security, protecting information infrastructure and act against cyber crime.
The General Data Protection Regulation (GDPR) will enter into force on 25 May 2018. So what actions should InforSec Professionals already be taking to ensure compliance with the new regulation?
The GDPR will affect organisations that operate in the European Union (EU), do business with organisations in the EU, or store data in the EU. When preparing to implement the required changes to current practices, there are numerous challenges the information security professional must be ready to address.
La directive sur la sécurité des réseaux et des systèmes d’information (NIS Directive) établit les premières règles de l’Union Européenne en matière de cyber sécurité.
L’applicabilité de la directive NIS est prévue pour août 2016. Les États membres disposeront de 21 mois pour implémenter cette directive dans leurs lois nationales et six mois pour identifier les opérateurs de services essentiels.
L’objectif de la directive est d’atteindre un niveau de sécurité élevé commun sur les réseaux et les systèmes d’information au sein de l’Union, en: