Assignment on Legal and Standardisation Aspects of Cybersecurity
Added on 2022-08-30
21 Pages5706 Words16 Views
Running head: LEGAL AND STANDARDISATION ASPECTS OF CYBERSECURITY
Legal and Standardisation Aspects of Cybersecurity
Name of the Student
Name of the University
Author Note
Legal and Standardisation Aspects of Cybersecurity
Name of the Student
Name of the University
Author Note
LEGAL AND STANDARDISATION ASPECTS OF CYBERSECURITY
1
Table of Contents
Part A – Legal Aspects...............................................................................................................2
Overview of the Computer and Information Security Laws:.................................................2
Aims:......................................................................................................................................2
Selection of Key Laws:..........................................................................................................5
Gap Analysis:.........................................................................................................................7
Conclusion:............................................................................................................................7
Part B: Standardization Aspects.................................................................................................8
Overview of computer and information security standards:..................................................8
ISO/IEC 27000 family of standards:......................................................................................9
The ISO/IEC 27000:............................................................................................................10
ISO27001, the information security management system standard:....................................10
An additional standard:........................................................................................................12
Conclusion - Future Cyber Security Standards:...................................................................13
Part C: Process and Procedures................................................................................................14
The role and use of in-house security rules in meeting legal and best practise requirements:
..............................................................................................................................................14
Relevant standardisation information..................................................................................14
References:...............................................................................................................................16
1
Table of Contents
Part A – Legal Aspects...............................................................................................................2
Overview of the Computer and Information Security Laws:.................................................2
Aims:......................................................................................................................................2
Selection of Key Laws:..........................................................................................................5
Gap Analysis:.........................................................................................................................7
Conclusion:............................................................................................................................7
Part B: Standardization Aspects.................................................................................................8
Overview of computer and information security standards:..................................................8
ISO/IEC 27000 family of standards:......................................................................................9
The ISO/IEC 27000:............................................................................................................10
ISO27001, the information security management system standard:....................................10
An additional standard:........................................................................................................12
Conclusion - Future Cyber Security Standards:...................................................................13
Part C: Process and Procedures................................................................................................14
The role and use of in-house security rules in meeting legal and best practise requirements:
..............................................................................................................................................14
Relevant standardisation information..................................................................................14
References:...............................................................................................................................16
LEGAL AND STANDARDISATION ASPECTS OF CYBERSECURITY
2
Part A – Legal Aspects
Overview of the Computer and Information Security Laws:
The computer and Information Security Laws are actually some appropriate rules and
regulations which are implemented for protection of the computer and the information
systems (Kalman 2019). The main aim of implementing these laws is protection of the
important and confidential information which resides within a computer system or an
information system.
These are also known as the cybersecurity regulations with having same aim of
safeguarding computer systems and the information technologies (Bada, Sasse and Nurse
2019). By safeguarding these systems, the main purpose of these laws is forcing
organizations and companies for protection of their systems and confidential information of
them from various of cyberattacks which includes worms, viruses, phishing, Trojan horses,
unauthorised access and denial of service attacks (Layton 2016). There are various of
measures which can be implemented to provide protection against this type of attack.
These cyber security laws are actually developed in respective of some specific aims.
The primary target of the information security and computer laws are discussed below.
Aims:
One of the primaries target of information security and computer laws is prevention of
unauthorised access of the network (Kushwaha et al. 2016).
Creating awareness among the local citizens regarding the cyber security aspects is
another aim of these laws.
Providing advices to the peoples and guiding the peoples on their day to day legal
issues regarding usage of the cyberspace (Weber and Studer 2016).
2
Part A – Legal Aspects
Overview of the Computer and Information Security Laws:
The computer and Information Security Laws are actually some appropriate rules and
regulations which are implemented for protection of the computer and the information
systems (Kalman 2019). The main aim of implementing these laws is protection of the
important and confidential information which resides within a computer system or an
information system.
These are also known as the cybersecurity regulations with having same aim of
safeguarding computer systems and the information technologies (Bada, Sasse and Nurse
2019). By safeguarding these systems, the main purpose of these laws is forcing
organizations and companies for protection of their systems and confidential information of
them from various of cyberattacks which includes worms, viruses, phishing, Trojan horses,
unauthorised access and denial of service attacks (Layton 2016). There are various of
measures which can be implemented to provide protection against this type of attack.
These cyber security laws are actually developed in respective of some specific aims.
The primary target of the information security and computer laws are discussed below.
Aims:
One of the primaries target of information security and computer laws is prevention of
unauthorised access of the network (Kushwaha et al. 2016).
Creating awareness among the local citizens regarding the cyber security aspects is
another aim of these laws.
Providing advices to the peoples and guiding the peoples on their day to day legal
issues regarding usage of the cyberspace (Weber and Studer 2016).
LEGAL AND STANDARDISATION ASPECTS OF CYBERSECURITY
3
These laws also aim to coordinate with the other concerned stakeholders within the
digital environment so contribution can be done on the evolving cyberlaw
jurisprudence.
Also, to provide legal assistance and important advices to the peoples who are
already the victim of misutilization of the cyberspace applications and associated
services (Anwar, Gill and Beydoun 2018).
International Laws and Harmonization:
For protection against these cybercrimes there are several of international laws are
there. The first international law is regarding the privacy and the security of the individuals.
As per this, choice and control over the disclosure of the information is directly associated
with freedom of the individuals to identify their actions and themselves. The main thing
which is associated in this case the right to privacy (Liu and Greene 2020). This defines that
each of the individuals have their rights to protect their own privacy and it should not be
disclosed by anyone else without permissions. The right to privacy of the individuals are
associated with the international human right laws.
Proper protection of individual’s data is also very much important as it holds various
of confidential and crucial data (Carey 2018). Here, the personal data of the individuals are
protected through under the right to privacy in international human rights instruments. One
example is the European Court of Human Rights can be presented. It holds the email,
telephone and the internet utilization data and all of the data are stored within the servers
(Aletras et al. 2016). All of these data considered under protection scope of Article 8(1) of
the European Convention on Human Rights.
In this aspect another important international law is the Data Breach Notification
Law. This law requires an entity or the individuals who are affected by a data breach, to
3
These laws also aim to coordinate with the other concerned stakeholders within the
digital environment so contribution can be done on the evolving cyberlaw
jurisprudence.
Also, to provide legal assistance and important advices to the peoples who are
already the victim of misutilization of the cyberspace applications and associated
services (Anwar, Gill and Beydoun 2018).
International Laws and Harmonization:
For protection against these cybercrimes there are several of international laws are
there. The first international law is regarding the privacy and the security of the individuals.
As per this, choice and control over the disclosure of the information is directly associated
with freedom of the individuals to identify their actions and themselves. The main thing
which is associated in this case the right to privacy (Liu and Greene 2020). This defines that
each of the individuals have their rights to protect their own privacy and it should not be
disclosed by anyone else without permissions. The right to privacy of the individuals are
associated with the international human right laws.
Proper protection of individual’s data is also very much important as it holds various
of confidential and crucial data (Carey 2018). Here, the personal data of the individuals are
protected through under the right to privacy in international human rights instruments. One
example is the European Court of Human Rights can be presented. It holds the email,
telephone and the internet utilization data and all of the data are stored within the servers
(Aletras et al. 2016). All of these data considered under protection scope of Article 8(1) of
the European Convention on Human Rights.
In this aspect another important international law is the Data Breach Notification
Law. This law requires an entity or the individuals who are affected by a data breach, to
LEGAL AND STANDARDISATION ASPECTS OF CYBERSECURITY
4
notify the associated parties and customer with them. This law also instructs to take proper
steps as a remedy depending on the legislature of the state.
Harmonization of the laws is actually related with the European Union and it is the
process of creation of common standards across the internal market (Öberg 2018). The
harmonization of the laws is done with having some specific aims, which are:
Creation of consistency among the laws, standards and regulations so that same type
of rule can be applied to the business that is currently operating in more than one-
member state (Jintapitak and Liu 2017). In this way business of one specific state will
not be able to achieve some economic advantage.
Also, the regulatory burdens and the compliance will be reduced for the business
which are operational trans-nationally or nationally.
National Laws:
Currently, in the national level also there are proper legislations are available for
stopping and limiting the effect of cybercrime. In the national level one of the important laws
is the “Computer Misuse Act 1990”. This is the main UK legislation which is associated with
attacks or offences against any type of computer system (Montasari, Peltola and Carpenter
2016). Another law in UK that is designed to stop the cybercrime is the “Fraud Act 2006”.
This law is applicable for various of cyber frauds by making a focus on the underlying
deception and dishonesty. In many of the cases the cyber space is also utilized for selling
illegal items and are generally done through the Dark Web. For stopping this kind of
situation, in UK there are “Criminal Law Act 1977” is applicable. Malicious of offensive
communication is also done using the cyber space and it falls under the category of one type
of cybercrime (Cooper 2017). Thus, for protection against this type of situation “Malicious
4
notify the associated parties and customer with them. This law also instructs to take proper
steps as a remedy depending on the legislature of the state.
Harmonization of the laws is actually related with the European Union and it is the
process of creation of common standards across the internal market (Öberg 2018). The
harmonization of the laws is done with having some specific aims, which are:
Creation of consistency among the laws, standards and regulations so that same type
of rule can be applied to the business that is currently operating in more than one-
member state (Jintapitak and Liu 2017). In this way business of one specific state will
not be able to achieve some economic advantage.
Also, the regulatory burdens and the compliance will be reduced for the business
which are operational trans-nationally or nationally.
National Laws:
Currently, in the national level also there are proper legislations are available for
stopping and limiting the effect of cybercrime. In the national level one of the important laws
is the “Computer Misuse Act 1990”. This is the main UK legislation which is associated with
attacks or offences against any type of computer system (Montasari, Peltola and Carpenter
2016). Another law in UK that is designed to stop the cybercrime is the “Fraud Act 2006”.
This law is applicable for various of cyber frauds by making a focus on the underlying
deception and dishonesty. In many of the cases the cyber space is also utilized for selling
illegal items and are generally done through the Dark Web. For stopping this kind of
situation, in UK there are “Criminal Law Act 1977” is applicable. Malicious of offensive
communication is also done using the cyber space and it falls under the category of one type
of cybercrime (Cooper 2017). Thus, for protection against this type of situation “Malicious
LEGAL AND STANDARDISATION ASPECTS OF CYBERSECURITY
5
Communication Act 1988” is applicable (Rowbottom 2017). Also, there is “Serious Crime
Act 2015” which is applicable in such situations of cyber stalking and online harassment.
Selection of Key Laws:
In this aspect, three key laws are the Computer Misuse Act 1990, Fraud Act 2006 and
Criminal Law Act 1977. In the following section these legislations are described briefly.
Computer Misuse Act:
The Computer Misuse Act 1990 is mainly designed to deal with the misconduct
regarding altering and accessing stored data within a computer system without having proper
authorization (Guinchard 2017). This law has been chosen as it is directly associated with the
security of the information in computer systems.
Here, the choice is used depending on the safety provided to the computer system
which is effectively good for this particular law.
The law defines that unauthorised access to a computer system and modification or
accessing the information is a punishable offence.
This law is currently applicable to wide range of situations where unauthorised access
is gained by some attacker or hacker. By using this law, the attacker and the hackers can be
punished, which will help to reduce the overall number of these cases.
The law is currently very much effective as various of penalties are associated with
this. The minimum penalty for this crime is up to two years of imprisonment and a fine of
5,000 pounds (Karagiannopoulos 2016). In cases where extreme damage is done by the
attacker then the criminal can face lifetime imprisonment.
5
Communication Act 1988” is applicable (Rowbottom 2017). Also, there is “Serious Crime
Act 2015” which is applicable in such situations of cyber stalking and online harassment.
Selection of Key Laws:
In this aspect, three key laws are the Computer Misuse Act 1990, Fraud Act 2006 and
Criminal Law Act 1977. In the following section these legislations are described briefly.
Computer Misuse Act:
The Computer Misuse Act 1990 is mainly designed to deal with the misconduct
regarding altering and accessing stored data within a computer system without having proper
authorization (Guinchard 2017). This law has been chosen as it is directly associated with the
security of the information in computer systems.
Here, the choice is used depending on the safety provided to the computer system
which is effectively good for this particular law.
The law defines that unauthorised access to a computer system and modification or
accessing the information is a punishable offence.
This law is currently applicable to wide range of situations where unauthorised access
is gained by some attacker or hacker. By using this law, the attacker and the hackers can be
punished, which will help to reduce the overall number of these cases.
The law is currently very much effective as various of penalties are associated with
this. The minimum penalty for this crime is up to two years of imprisonment and a fine of
5,000 pounds (Karagiannopoulos 2016). In cases where extreme damage is done by the
attacker then the criminal can face lifetime imprisonment.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Risk Assessment for Cyber Security Management - Deskliblg...
|13
|3482
|205
Cybersecurity in Banks: Contemporary Issues in Businesslg...
|21
|7343
|214
Developing a security program in Banks of Americalg...
|14
|3858
|413
Cyber security Planning and Compliance (pdf)lg...
|11
|3109
|30
Cybersecurity. task. Student name. Solution: one. Cyberlg...
|3
|326
|72
INFORMATION SECURITY MANAGEMENT INFORMATION SECURITY MANAGEMENTlg...
|4
|390
|1