What is cyber security?
Cyber security is concerned with both the security of cyber space and the security of entities that use or rely on cyber space such as:
– The internet and the world-wide web.
– The facilities and apparatus that underpin and connect the internet and the world-wide web (for example, telecommunications, internet access and internet service provision).
– The facilities and apparatus that support the provision of content available through the internet and the world-wide web.
– The facilities and apparatus that support data processing and data storage accessible through the internet and the world-wide web (for example, cloud computing services and the supporting infrastructure, such as data centres).
· Cyber space also includes physical places as well as purely virtual ones.
Entities that use cyber space need to be cyber secure. However, the regulatory reform process for cyber security in the EU, the US and elsewhere has been very selective about the categories of entities that should carry a statutory duty to be cyber secure.
Cyber Security: Law and Guidance provides an overview of the key legal developments for cyber security in England and Wales, focusing on the proposed NIS Directive and related legal instruments, including those for data protection and payment services. It also provides insights into how the law is developed outside of regulatory frameworks, by reference to the “consensus of professional opinion” on cyber security, case law and the role of professional and industry standards for security.
Suggestions are made on how to build a “defensive shield” to protect an organisation from regulatory actions and litigation. With cyber security law destined to become heavily contentious, legal privilege will be an advantage.
Organisations require expert assistance to operationalise these matters and Cyber Security: Law and Guidance provides this assistance.