Security Strategies Laws and Implementation
VerifiedAdded on 2023/01/07
|7
|2076
|68
AI Summary
This document discusses the importance of cyber security in today's digital world and how the legal and political environment can impact cyber security functions within a business operating environment. It also explores the laws, regulations, and standards that are significant for cyber security policies and operations in a business.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
1 | P a g e
SECURITY
STRATEGIES LAWS
AND
IMPLEMENTATION
SECURITY
STRATEGIES LAWS
AND
IMPLEMENTATION
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
2 | P a g e
TABLE OF CONTENTS
1. Introduction……………………………………………………………….03
2. How The Legal And Political Environment Can Impact The Cyber
Security Functions Within Your Business Operating Environment……
04
3. What Laws Regulations And Standards Could Be Of Particular
Significance To Your Cyber Security Policies And Operations In Your
Business……………………………………………………………………05
4. Conclusion…………………………………………………………………06
5. References…………………………………………………………………07
TABLE OF CONTENTS
1. Introduction……………………………………………………………….03
2. How The Legal And Political Environment Can Impact The Cyber
Security Functions Within Your Business Operating Environment……
04
3. What Laws Regulations And Standards Could Be Of Particular
Significance To Your Cyber Security Policies And Operations In Your
Business……………………………………………………………………05
4. Conclusion…………………………………………………………………06
5. References…………………………………………………………………07
3 | P a g e
INTRODUCTION
Cyber Security can be defined as set of various technologies and processes which are
developed in order to protect the networks, devices and data of a company or an organization. It
can also be defined that all the methods which are required to protect the information technology
of a company.
Nowadays everything is going digital. All the important data are also stored on the online
platform only. As various organizations either they are governmental or private corporations
collect and store all their confidential data on the personal computer systems and other online
devices. It is highly possible that all these stored data consist of various personal information
which can be sensitive in nature and if any unauthorized access will be there on these sensitive
data it can cause various negative results.
Majorly the business organizations store these data for doing various activities related to
the business whereas the cyber security ensures that all these data must be protected in a
systematic manner. Nowadays the cases of cyberattack are also growing and when any
organization is keeping any data related to its customers or any other confidential data, these
business organizations must take proper steps to ensure the security of those data. Taking these
steps in protecting the data not only benefit the people whose data has been stored but also the
organization itself too.
MAIN BODY
How The Legal And Political Environment Can Impact The Cyber Security Functions
Within Your Business Operating Environment
Nowadays every business organization is dependent on information technology due to
development in the field of technology. Because of this ensuring cybersecurity becomes the
priority of each business organization in United Kingdom. It has seen that since few years many
data were hacked by the hackers due to which various important and confidential information
were leaked. All the business organizations know the negative effects of this hacking of their
data but then also they does not have sufficient measures to protect themselves against this
threat. The main reason because of which the business organizations are not making this cyber
security as their priority because it is an expensive affair (Kim, 2017).
It is also a proven fact through various studies that due to data breach, the customers of a
particular organization whose data has been leaked, are reducing as they feels that it is risky to
do business with such company. It is also the general perception of the people that their leaked
data can affect their life in various terms. So if a company faces this issue of hacking or leaking
of data from their software, it will definitely cause them the financial loss as the share of
customers would be reduced due to this act.
The law here in this matter is concerned majorly with two aspects that are to enhance the
cyber security initiatives and to protect the consumers whose data has been at risk of leaking. It
is recommended that there must be minimum standard of security so that the business
INTRODUCTION
Cyber Security can be defined as set of various technologies and processes which are
developed in order to protect the networks, devices and data of a company or an organization. It
can also be defined that all the methods which are required to protect the information technology
of a company.
Nowadays everything is going digital. All the important data are also stored on the online
platform only. As various organizations either they are governmental or private corporations
collect and store all their confidential data on the personal computer systems and other online
devices. It is highly possible that all these stored data consist of various personal information
which can be sensitive in nature and if any unauthorized access will be there on these sensitive
data it can cause various negative results.
Majorly the business organizations store these data for doing various activities related to
the business whereas the cyber security ensures that all these data must be protected in a
systematic manner. Nowadays the cases of cyberattack are also growing and when any
organization is keeping any data related to its customers or any other confidential data, these
business organizations must take proper steps to ensure the security of those data. Taking these
steps in protecting the data not only benefit the people whose data has been stored but also the
organization itself too.
MAIN BODY
How The Legal And Political Environment Can Impact The Cyber Security Functions
Within Your Business Operating Environment
Nowadays every business organization is dependent on information technology due to
development in the field of technology. Because of this ensuring cybersecurity becomes the
priority of each business organization in United Kingdom. It has seen that since few years many
data were hacked by the hackers due to which various important and confidential information
were leaked. All the business organizations know the negative effects of this hacking of their
data but then also they does not have sufficient measures to protect themselves against this
threat. The main reason because of which the business organizations are not making this cyber
security as their priority because it is an expensive affair (Kim, 2017).
It is also a proven fact through various studies that due to data breach, the customers of a
particular organization whose data has been leaked, are reducing as they feels that it is risky to
do business with such company. It is also the general perception of the people that their leaked
data can affect their life in various terms. So if a company faces this issue of hacking or leaking
of data from their software, it will definitely cause them the financial loss as the share of
customers would be reduced due to this act.
The law here in this matter is concerned majorly with two aspects that are to enhance the
cyber security initiatives and to protect the consumers whose data has been at risk of leaking. It
is recommended that there must be minimum standard of security so that the business
4 | P a g e
organizations can defend these types of cyber-attacks. Ensuring these standards will also increase
the trust of other business organizations and customers with whom the company is doing
business. By implementing the proper standards, the trust of customers will increase as they feel
that proper measures have been taken by the company in protecting their data(Osborn and
Simpson, 2017).
The legal mechanism of United Kingdom can ensure that the government authorities
should take necessary steps to protect the data from the cyber-attacks.
Also the political environment of the country also impact upon the cyber security
functions in the country. It is the duty of the government to implement proper laws and
guidelines which are necessary for the protection of the data of general public. The governmental
organizations must ensure that their mechanism related to the protection of data from the cyber-
attack is strong enough. They must also see that all the companies are following those laws and
standards. For this it is also the responsibility of the government of United Kingdom to provide
these cyber security software in a cost efficient manner because the main reason due to which
these cyber-crimes happens is that preventive measures are too costly(Ruiz, 2019).
What laws regulations and standards could be of particular significance to
your cyber security policies and operations in your business
There are various laws, regulations and standards which are significant in protecting the
cyber-attacks in the business. Some of them are discussed as following:
“GDPR Obligations: The processing of "personal data" in the European Economic Area
("EEA") is governed by the General Data Protection Regulation ("GDPR"). In the UK,
businesses must also comply with the Data Protection Act 2018 (the "2018 Act") which gives
effect to the GDPR. The introduction of the GDPR and the 2018 Act materially altered the risk
landscape for all entities involved in the processing of personal data. Both the GDPR and the
2018 Act require businesses to implement security measures to safeguard the personal data that
they process.
The GDPR and the 2018 Act require that businesses keep personal data secure and only
permit third parties access to the personal data subject to sufficient guarantees regarding the
security of the processing services. Businesses must implement measures that are both technical
(e.g., firewalls, anti-virus programs, perimeter scanning tools) and organisational (e.g., policies
and procedures that must be followed by personnel regarding cybersecurity) to safeguard
personal data. Businesses are required to protect against unauthorised or unlawful use of the
personal data and against, loss, destruction and damage of the same(Shafqat and Masood, 2016).
Businesses must take account of a number of factors when determining what security
measures to implement. Factors such as: (i) the state of the art; (ii) the cost of implementation;
(iii) the nature, purposes, scope and context of the processing of the personal data; and (iv) the
risks to individuals associated with the processing, must be considered. Clearly, the more
sensitive the personal data that is being processed (e.g., health data), the more robust the
associated security measures should be.
organizations can defend these types of cyber-attacks. Ensuring these standards will also increase
the trust of other business organizations and customers with whom the company is doing
business. By implementing the proper standards, the trust of customers will increase as they feel
that proper measures have been taken by the company in protecting their data(Osborn and
Simpson, 2017).
The legal mechanism of United Kingdom can ensure that the government authorities
should take necessary steps to protect the data from the cyber-attacks.
Also the political environment of the country also impact upon the cyber security
functions in the country. It is the duty of the government to implement proper laws and
guidelines which are necessary for the protection of the data of general public. The governmental
organizations must ensure that their mechanism related to the protection of data from the cyber-
attack is strong enough. They must also see that all the companies are following those laws and
standards. For this it is also the responsibility of the government of United Kingdom to provide
these cyber security software in a cost efficient manner because the main reason due to which
these cyber-crimes happens is that preventive measures are too costly(Ruiz, 2019).
What laws regulations and standards could be of particular significance to
your cyber security policies and operations in your business
There are various laws, regulations and standards which are significant in protecting the
cyber-attacks in the business. Some of them are discussed as following:
“GDPR Obligations: The processing of "personal data" in the European Economic Area
("EEA") is governed by the General Data Protection Regulation ("GDPR"). In the UK,
businesses must also comply with the Data Protection Act 2018 (the "2018 Act") which gives
effect to the GDPR. The introduction of the GDPR and the 2018 Act materially altered the risk
landscape for all entities involved in the processing of personal data. Both the GDPR and the
2018 Act require businesses to implement security measures to safeguard the personal data that
they process.
The GDPR and the 2018 Act require that businesses keep personal data secure and only
permit third parties access to the personal data subject to sufficient guarantees regarding the
security of the processing services. Businesses must implement measures that are both technical
(e.g., firewalls, anti-virus programs, perimeter scanning tools) and organisational (e.g., policies
and procedures that must be followed by personnel regarding cybersecurity) to safeguard
personal data. Businesses are required to protect against unauthorised or unlawful use of the
personal data and against, loss, destruction and damage of the same(Shafqat and Masood, 2016).
Businesses must take account of a number of factors when determining what security
measures to implement. Factors such as: (i) the state of the art; (ii) the cost of implementation;
(iii) the nature, purposes, scope and context of the processing of the personal data; and (iv) the
risks to individuals associated with the processing, must be considered. Clearly, the more
sensitive the personal data that is being processed (e.g., health data), the more robust the
associated security measures should be.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
5 | P a g e
The UK Information Commissioner's Office (the "ICO") also provides some specific
recommendations for businesses regarding other factors that should be considered when
determining what security measure to implement. The ICO recommends considering factors such
as the nature and extent of a business's premises and computer systems, the number of staff and
the extent of their access to personal data, and any personal data held or used by a data processor
acting on the business's behalf” (Taeihagh and Lim, 2019).
Failing to implement appropriate security measures to safeguard personal data can result
in enforcement action, including the imposition of significant fines (up to the greater of €20
million or 4% of annual global turnover). Enforcement action can be taken even in the absence
of cyber-attack or data breach.
NIS Regulations: “Whereas the GDPR is concerned with the security of personal data,
the NIS Regulations are concerned with the security of information systems. The NIS
Regulations impose cybersecurity-related obligations on operators of "essential services" (such
as businesses in the energy, transport and/or health sector) established in the European Union
(the "EU") and "digital service providers" (such as cloud service providers and providers of
online marketplaces) that offer services to individuals within the UK.
Businesses subject to the NIS Regulations are required to implement appropriate and
proportionate measures to manage risks posed to network and information systems and to
prevent, and minimise the impact of, incidents affecting the security of the network and
information systems.
As with the obligations in the GDPR and 2018 Act, businesses subject to the obligations
in the NIS Regulations have freedom to determine what measures are appropriate and
proportionate. In order to satisfy this obligation, an organisation must understand the risks posed
to its network and information systems(Thames and Schaefer,2017).
Businesses subject to the NIS Regulations should be familiar with the work of the
National Cyber Security Centre ("NCSC") in the UK and the guidance it publishes with respect
to complying with the NIS Regulations. The NCSC also oversees the "cyber essentials"
certification scheme. This is a government-backed and industry supported scheme that provides
self-assessment certification to help organisations protect themselves against common cyber-
attacks and aids compliance with the NIS Regulations. It includes a security questionnaire and
external vulnerability testing to assist businesses in assessing their cybersecurity.
A failure to meet the requirements of the NIS Regulations can result in enforcement
action, including the imposition of significant fines up to a maximum of £17 million”.
Other Legal Requirements: “In addition to the GDPR, the 2018 Act and the NIS
Regulations, businesses operating in the UK may be subject to other laws, regulations, industry
rules and the common law. For example, businesses providing electronic communications
networks and services have specific obligations to implement technical and organizational
measures to appropriately manage risks to the network and services, to prevent or minimize the
impact of security incidents on end-users and to protect data in transmission. Similarly,
The UK Information Commissioner's Office (the "ICO") also provides some specific
recommendations for businesses regarding other factors that should be considered when
determining what security measure to implement. The ICO recommends considering factors such
as the nature and extent of a business's premises and computer systems, the number of staff and
the extent of their access to personal data, and any personal data held or used by a data processor
acting on the business's behalf” (Taeihagh and Lim, 2019).
Failing to implement appropriate security measures to safeguard personal data can result
in enforcement action, including the imposition of significant fines (up to the greater of €20
million or 4% of annual global turnover). Enforcement action can be taken even in the absence
of cyber-attack or data breach.
NIS Regulations: “Whereas the GDPR is concerned with the security of personal data,
the NIS Regulations are concerned with the security of information systems. The NIS
Regulations impose cybersecurity-related obligations on operators of "essential services" (such
as businesses in the energy, transport and/or health sector) established in the European Union
(the "EU") and "digital service providers" (such as cloud service providers and providers of
online marketplaces) that offer services to individuals within the UK.
Businesses subject to the NIS Regulations are required to implement appropriate and
proportionate measures to manage risks posed to network and information systems and to
prevent, and minimise the impact of, incidents affecting the security of the network and
information systems.
As with the obligations in the GDPR and 2018 Act, businesses subject to the obligations
in the NIS Regulations have freedom to determine what measures are appropriate and
proportionate. In order to satisfy this obligation, an organisation must understand the risks posed
to its network and information systems(Thames and Schaefer,2017).
Businesses subject to the NIS Regulations should be familiar with the work of the
National Cyber Security Centre ("NCSC") in the UK and the guidance it publishes with respect
to complying with the NIS Regulations. The NCSC also oversees the "cyber essentials"
certification scheme. This is a government-backed and industry supported scheme that provides
self-assessment certification to help organisations protect themselves against common cyber-
attacks and aids compliance with the NIS Regulations. It includes a security questionnaire and
external vulnerability testing to assist businesses in assessing their cybersecurity.
A failure to meet the requirements of the NIS Regulations can result in enforcement
action, including the imposition of significant fines up to a maximum of £17 million”.
Other Legal Requirements: “In addition to the GDPR, the 2018 Act and the NIS
Regulations, businesses operating in the UK may be subject to other laws, regulations, industry
rules and the common law. For example, businesses providing electronic communications
networks and services have specific obligations to implement technical and organizational
measures to appropriately manage risks to the network and services, to prevent or minimize the
impact of security incidents on end-users and to protect data in transmission. Similarly,
6 | P a g e
businesses in the financial services sector must establish and maintain appropriate systems and
controls for managing operational risks that can arise from inadequacies or failures in its
processes and systems” (Vogel, 2016).
Also, foreign businesses in the UK will also have to consider the requirements of the law
in their own jurisdiction.
CONCLUSION
By the above study it can be concluded that cyber-attacks are happening very rapidly in
the present era. There is a need of strong legal as well as political environment so that these
crimes can be restricted. The companies who are keeping the data of the customers must ensure
that they are following the various regulations which have been discussed above.
businesses in the financial services sector must establish and maintain appropriate systems and
controls for managing operational risks that can arise from inadequacies or failures in its
processes and systems” (Vogel, 2016).
Also, foreign businesses in the UK will also have to consider the requirements of the law
in their own jurisdiction.
CONCLUSION
By the above study it can be concluded that cyber-attacks are happening very rapidly in
the present era. There is a need of strong legal as well as political environment so that these
crimes can be restricted. The companies who are keeping the data of the customers must ensure
that they are following the various regulations which have been discussed above.
7 | P a g e
REFERENCES
Books & Journals
Kim, J., 2017. Cyber-security in government: reducing the risk. Computer Fraud &
Security, 2017(7), pp.8-11.
Osborn, E. and Simpson, A., 2017. On small-scale IT users' system architectures and cyber
security: A UK case study. Computers & Security, 70, pp.27-50.
Ruiz, R., 2019, January. A Study of the UK Undergraduate Computer Science Curriculum: A
Vision of Cybersecurity. In 2019 IEEE 12th International Conference on Global Security, Safety
and Sustainability (ICGS3) (pp. 1-8). IEEE.
Shafqat, N. and Masood, A., 2016. Comparative analysis of various national cyber security
strategies. International Journal of Computer Science and Information Security, 14(1), p.129.
Taeihagh, A. and Lim, H.S.M., 2019. Governing autonomous vehicles: emerging responses for
safety, liability, privacy, cybersecurity, and industry risks. Transport Reviews, 39(1), pp.103-
128.
Thames, L. and Schaefer, D., 2017. Cybersecurity for industry 4.0. Heidelberg: Springer.
Vogel, R., 2016. Closing the cybersecurity skills gap.
REFERENCES
Books & Journals
Kim, J., 2017. Cyber-security in government: reducing the risk. Computer Fraud &
Security, 2017(7), pp.8-11.
Osborn, E. and Simpson, A., 2017. On small-scale IT users' system architectures and cyber
security: A UK case study. Computers & Security, 70, pp.27-50.
Ruiz, R., 2019, January. A Study of the UK Undergraduate Computer Science Curriculum: A
Vision of Cybersecurity. In 2019 IEEE 12th International Conference on Global Security, Safety
and Sustainability (ICGS3) (pp. 1-8). IEEE.
Shafqat, N. and Masood, A., 2016. Comparative analysis of various national cyber security
strategies. International Journal of Computer Science and Information Security, 14(1), p.129.
Taeihagh, A. and Lim, H.S.M., 2019. Governing autonomous vehicles: emerging responses for
safety, liability, privacy, cybersecurity, and industry risks. Transport Reviews, 39(1), pp.103-
128.
Thames, L. and Schaefer, D., 2017. Cybersecurity for industry 4.0. Heidelberg: Springer.
Vogel, R., 2016. Closing the cybersecurity skills gap.
1 out of 7
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.