The European Parliament's approved Proposal for its Cybersecurity Act. Under the Act, the European Union Agency for Cybersecurity (“ENISA”) is granted a permanent mandate and is tasked to perform as the central provider of cybersecurity expertise and advice including the development of EU policy and law, engage in capacity building, support and cooperation on cybersecurity practices and response to the EU and its Member States, publish guidelines and best practices for cyrbersecurity and promote international cooperation as well as other duties. The Act also establishes the European cybersecurity certification framework (applicable across the EU) in an effort to create a common, certified cybersecurity approach throughout the EU which will also apply to Information and Communications Technologies (ICT) products and services (including the Internet of Things (IoT)).
A companion document to the National Institute of Standards and Technology (NIST) cybersecurity framework which sets forth the roadmap and agenda for further enhancement and revision of the framework and development, alignment and collaboration of cybersecurity related activities and responses.
The Guidelines outline the minimum requirements that PSPs shall build upon in the development
and implementation of strategies, policies, procedures and related activities aimed at mitigating
Cybersecurity and risk management framework which defines protocols and procedures for routine and emergency scenarios, delegation of responsibilities, inter- and intra-company communication and cooperation both internal and external to an organization.
The purpose of the National Institute of Standards and Technology (NIST) cybersecurity framework is to organize cybersecurity organization and set forth best practices and standards. Its five core functions are to Identify, Protect, Detect, Respond and Recover from cybersecurity attacks.
Every 'licensed undertaking' in Bermuda shall file annually a written report assessing the availability, functionality and integrity of its electronic systems which shall include identifying associated risks arising from a digital asset business and a cybersecurity policy and a detailed response plan. A quarterly penetration testing and vulnerability assessment must also take place, which includes maintaining the integrity of an adequate audit trail.
The Framework for Threat Intelligence-based Ethical Red Teaming (TIBER-EU)
enables European and national authorities to work with financial infrastructures and
institutions (hereafter referred to collectively as “entities”) to put in place a
program to test and improve their resilience against sophisticated cyber attacks.
This Guidance Note is issued under Section 33(4) of the Banking Act, which
empowers the Central Bank of Kenya (CBK) to issue Guidance Notes to be adhered to by
institutions in order to maintain a stable and efficient banking system.
Legal Disclaimer: The content appearing on this site is for general information purposes only and made available on an "AS-IS" basis. The law is subject to change and no representation or warranty is made with regard to accuracy or fitness for a particular purpose.