eu

No Image

How-To: NIS2 EU Directive

The NIS2 Directive is a European Union legislative text on cybersecurity that supersedes the first NIS (Network and Information Security) Directive, adopted in July 2016. NIS vs. NIS2 While the first NIS (Network and Information Security) Directive increased the Member States’ cybersecurity capabilities, its implementation proved difficult, resulting in fragmentation at different levels across the internal market. To respond to the growing threats posed with digitalisation and the surge in cyber-attacks, the Commission has submitted a proposal to replace the NIS Directive and thereby strengthen the security requirements, address the security of supply chains, streamline reporting obligations, and introduce more stringent supervisory measures and stricter enforcement requirements, including harmonised sanctions across the EU. NIS2 strengthens security requirements in the EU by expanding the NIS scope to more sectors and entities, taking into account the security of supply chains, streamlining reporting obligations, introducing monitoring measures, introducing more stringent enforcement requirements, adding the concept of “management bodies” accountability within companies, and harmonizing and tightening sanctions in all Member States. To achieve the above mentioned goals, NIS2 requires member states to take a number of measures that forces them to work together: Establish or improve information sharing between member states and a common incident…


Executive summary: NIS2 Directive for the EU members

  The NIS 2 Directive is a set of cybersecurity guidelines and requirements established by the European Union (EU) . It replaces and repeals the NIS Directive (Directive 2016/1148/EC) . The full name of the directive is “Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive)” . The NIS 2 Directive aims to improve cybersecurity risk management and introduce reporting obligations across sectors such as energy, transport, health, and digital infrastructure . It provides legal measures to boost the overall level of cybersecurity in the EU . The directive covers a larger share of the economy and society by including more sectors, which means that more entities are obliged to take measures to increase their level of cybersecurity . The management bodies of essential and important entities must approve the cybersecurity risk-management measures taken by those entities, oversee its implementation, and can be held liable for infringements . Who is affected? The NIS 2 Directive significantly expands the sectors and type of critical entities falling under its scope….


What is Safe Harbor and what do companies have to consider

The background story The European Commission’s Directive on Data Protection went into effect in October 1998, and would prohibit the transfer of personal data to non-European Union countries that do not meet the European Union (EU) “adequacy” standard for privacy protection. While the United States and the EU share the goal of enhancing privacy protection for their citizens, the United States takes a different approach to privacy from that taken by the EU. The United States uses a sectoral approach that relies on a mix of legislation, regulation, and self-regulation. The EU, however, relies on comprehensive legislation that requires, among other things, the creation of independent government data protection agencies, registration of databases with those agencies, and in some instances prior approval before personal data processing may begin. As a result of these differences, the Directive could have significantly hampered the ability of U.S. organizations to engage in a range of trans-Atlantic transactions. In order to bridge these differences and provide a streamlined and cost-effective means for U.S. organizations to satisfy the Directive’s “adequacy” requirement, the U.S. Department of Commerce in consultation with the European Commission developed a “safe harbor” framework. The U.S.-EU Safe Harbor Framework, which was approved by…


No Image

Confiker again in the news – @Shadowserver:EU is bigger than you think guys

I have to confess, I never ever read anything on www.shadowserver.org and everything I write here is taken from this page from McAfee Avert Labs Blog Shadowserver names 183 country codes and 5994 autonomous systems with Conficker IP in their network space: * 1086 for the Russian Federation (RU) * 597 for the United States (US) * 422 for Ukraine (UA) * 271 for Romania (RO) * 244 for Brazil (BR) * 243 for Republic of Korea (KR) * 184 for Poland (PL) * 166 for Bulgaria (BG) * 147 for Europe (EU) * 129 for Indonesia (ID) * 113 for Japan (JP) * 95 for China (CN) * 94 for India (IN) I can not stop myself to notice a very stupid mistake created by ignorance. If you look at the above quotation you see: * 271 for Romania (RO) * 184 for Poland (PL) * 166 for Bulgaria (BG) * 147 for Europe (EU) Well, useless to say… I hope … that the 3 countries are already part of the European Union. Have a look here: http://europa.eu/abc/european_countries/index_en.htm



No Image

Writing my review of the EU Spam Symposium

I have started to write my review of the Symposium. Briefly, it was ok, but as any conference, there were also some negative aspects. If the review will not be published in Virus Bulletin, I will also publish it here. More details later. Until then, have a look at the presentations: http://www.spamsymposium.eu/archivewebcast.htm



%d bloggers like this: