Cybersecurity Regulations for Protection and Safeguarding Digital Assets (Data) in Today’s Worlds

Authors

  • Naeem AllahRakha Tashkent State University of Law Author

DOI:

https://doi.org/10.15294/lslr.v8i1.2081

Keywords:

Cybersecurity, Digital Assets, Privacy, Data Protection, Legal Framework, International Standards

Abstract

This paper examines cybersecurity regulations and practices for safeguarding digital assets like data in today's interconnected landscape. As cyber risks flourish, comprehensive frameworks outlining technical, administrative, and legal protocols are vital for securing critical systems and sensitive information. The paper's background emphasizes rising digitization, surging threat sophistication, and necessitating diligent governance. Its objectives include analyzing prominent regulations and highlighting principles around confidentiality, integrity, and availability. The qualitative study adopts a doctrinal approach and grounded theory analysis to methodically assess prominent legislation. The paper discusses legislative developments in domains like breach disclosure, identity authentication, and encryption methodologies that strengthen cyber resilience. It suggests reconciling compliance complexity through oversight alignment. The paper concludes by underscoring the need for positive incentives and public-private partnerships that collectively enhance cyber hygiene. It recommends consistent interpretation and proactive investments in capacity building to secure our deepening digital economy against exponentially evolving threats.

References

Abohatem, A. Y., Ba-Alwi, F. M., & Al-Khulaidi, A. A. "Suggestion Cybersecurity Framework (CSF) for Reducing Cyber-Attacks on Information Systems." Sana’a University Journal of Applied Sciences and Technology 1, no. 3 (2023). https://doi.org/10.59628/jast.v1i3.248

AllahRakha, N. "Cybercrime and the Law: Addressing the Challenges of Digital Forensics in Criminal Investigations." Mexican Law Review 16, no. 2 (2024): 23-54

AllahRakha, N. "Demystifying the Network and Cloud Forensics’ Legal, Ethical, and Practical Considerations." Pakistan Journal of Criminology 16, no. 2 (2024): 119-132. https://doi.org/10.62271/pjc.16.2.119.132

AllahRakha, Naeem. "Modernizing Criminal and Evidence Laws to Facilitate Tourism in Pakistan." SSRN. Accessed May 27, 2024. https://ssrn.com/abstract=4707544

Allen, Brian, Brandon Bapst, and Terry Allan Hicks. Building a Cyber Risk Management Program. "O'Reilly Media, Inc.", 2023, pp. 20-21

Bateman, R. "6 Privacy Principles of the GDPR." 2023. Retrieved from https://www.termsfeed.com/blog/gdpr-privacy-principles/

Center for Internet Security. CIS Controls. (2021). Retrieved from https://www.cisecurity.org/controls

Center for Internet Security. Elections Infrastructure Information Sharing & Analysis Center. (2020). https://www.cisecurity.org/elections-isac/

Chaisse, Julien, and Christian Bauer. "Cybersecurity and the Protection of Digital Assets: Assessing the Role of International Investment Law and Arbitration." Vanderbilt Journal of Entertainment & Technology Law 21, no. 3 (2019): 549-589.

Chun Tie, Y., Birks, M., and Francis, K. "Grounded Theory Research: A Design Framework for Novice Researchers." SAGE Open Medicine 7 (2019): 2050312118822927. https://doi.org/10.1177/2050312118822927

Court of Justice of the European Union. "Case C 340/21: Natsionalna agentsia za prihodite." European Case Law Identifier: ECLI:EU:C:2023:986. Accessed December 14, 2023. https://gdprhub.eu/index.php?title=CJEU_-_C%E2%80%91340/21_-_Natsionalna_agentsia_za_prihodite

Court of Justice of the European Union. "Case C-154/21: RW v Österreichische Post." 2023. Accessed May 27, 2024. https://gdprhub.eu/index.php?title=CJEU_-_C-154/21_-_RW_v_%C3%96sterreichische_Post#:~:text=The%20CJEU%20held%20that%20Article,categories%20of%20recipients%20is%20sufficient

Cremer, Frank, Barry Sheehan, Michael Fortmann, Arash N. Kia, Martin Mullins, Finbarr Murphy, and Stefan Materne. "Cyber Risk and Cybersecurity: A Systematic Review of Data Availability." Geneva Papers on Risk and Insurance: Issues and Practice 47, no. 3 (2022): 698–736. Accessed May 27, 2024. doi:10.1057/s41288-022-00266-6

Daigle, B., & Khan, M. The EU General Data Protection Regulation: An Analysis of Enforcement Trends by EU Data Protection Authorities. Journal of International Commerce and Economics. (2020). Retrieved from https://www.usitc.gov/journals

Ducato, Rossana. "Data Protection, Scientific Research, and the Role of Information." Computer Law & Security Review 37 (July 2020): 105412. https://doi.org/10.1016/j.clsr.2020.105412

Dunn Cavelty, Myriam, and Andreas Wenger, eds. Cyber Security Politics: Socio-Technological Transformations and Political Fragmentation. London: Routledge, 2022. https://doi.org/10.4324/9781003110224

EDPB. "1.2 Billion Euro Fine for Facebook as a Result of EDPB Binding Decision." Press release, May 22, 2023. Accessed from https://edpb.europa.eu/news/news/2023/12-billion-euro-fine-facebook-result-edpb-binding-decision_en

European Parliament, & Council of the European Union. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). EUR-Lex. Retrieved from https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32016R0679

European Union. Directive (EU) 2022/2555 of the European Parliament and of the Council. "On measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive)." EUR-Lex. Accessed December 14, 2022. https://eur-lex.europa.eu/eli/dir/2022/2555

European Union. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation). GDPR-info.eu. Accessed May 27, 2024. https://gdpr-info.eu/art-5-gdpr/

Garrido, José M. Digital Tokens: A Legal Perspective. IMF Working Paper WP/23/151, 2023.

Gliklich, R. E., Dreyer, N. A., & Leavy, M. B., eds. Registries for Evaluating Patient Outcomes: A User's Guide. 3rd ed. Agency for Healthcare Research and Quality (US), 2014. https://www.ncbi.nlm.nih.gov/books/NBK208615/

Haganta, Raphael. “Legal Protection of Personal Data as Privacy Rights of E-Commerce Consumers Amid the Covid-19 Pandemic”. Lex Scientia Law Review 4, no. 2 (2020): 77-90. https://doi.org/10.15294/lesrev.v4i2.40904

Hamilton, A. B., & Finley, E. P. "Qualitative Methods in Implementation Research: An Introduction." Psychiatry Research 280 (2019): 112516. https://doi.org/10.1016/j.psychres.2019.112516

Harris, Mark A., and Ronald Martin. "Promoting Cybersecurity Compliance." In Research Anthology on Privatizing and Securing Data, edited by Information Resources Management Association, 1990-2007. Hershey, PA: IGI Global, 2021. https://doi.org/10.4018/978-1-7998-8954-0.ch097

Inggarwati, Melodia Puji, Olivia Celia, and Berliana Dwi Arthanti. “Online Single Submission for Cyber Defense and Security in Indonesia”. Lex Scientia Law Review 4, no. 1 (2020): 83-95. https://doi.org/10.15294/lesrev.v4i1.37709

International Conference on Engineering and Computer Science. 2022. "The Use of Innovative Technology in Accelerating Problems Sustainable Development." AIP Conference Proceedings 3109, no. 1 (April 9, 2024): 030007. https://doi.org/10.1063/5.0204895

International Institute for the Unification of Private Law (UNIDROIT). UNIDROIT Principles on Digital Assets and Private Law. 2023. Accessed May 27, 2024. https://www.unidroit.org/wp-content/uploads/2024/01/Principles-on-Digital-Assets-and-Private-Law-linked.pdf.

ISO. Information security management. (ISO/IEC 27000 family). Retrieved from https://www.iso.org/standard/iso-iec-27000-family

ISO. Information security, cybersecurity and privacy protection. (ISO/IEC 27002:2022). Accessed May 27, 2024. https://www.iso.org/standard/75652.html

ISO/IEC. "Information security, cybersecurity and privacy protection (ISO/IEC 27001:2022)." Accessed May 27, 2024. https://www.iso.org/standard/27001

Javaid, M., Haleem, A., Singh, R. P., & Suman, R. "Towards insighting cybersecurity for healthcare domains: A comprehensive review of recent practices and trends." Cyber Security and Applications 1 (2023): 100016. https://doi.org/10.1016/j.csa.2023.100016

Koos, Stefan.. “Digital Globalization and Law”. Lex Scientia Law Review 6, no. 1 (2022): 33-68. https://doi.org/10.15294/lesrev.v6i1.55092

Kostadinova, Z. R. "Purpose Limitation under the GDPR: Can Article 6(4) Be Automated?" Tilburg University, 2019. https://arno.uvt.nl/show.cgi?fid=146471

Lee, I. "What Is COBIT (Control Objectives for Information Technology)? 5 Main Principles." Wallarm Learning Center, 2023. Accessed May 27, 2024. https://www.wallarm.com/what/what-is-cobit-control-objectives-for-information-technology

Marotta, Anthony, and Stuart Madnick. "Analyzing the Interplay between Regulatory Compliance and Cybersecurity." Working Paper CISL# 2020-06. Massachusetts Institute of Technology, Cambridge, 2020. Accessed May 28, 2024. https://web.mit.edu/smadnick/www/wp/2020-06.pdf

Marquenie, T., & Quezada, K. "Operationalization of Information Security through Compliance with Directive 2016/680 in Law Enforcement Technology and Practice." In Security and Law: Legal and Ethical Aspects of Public Security, Cyber Security and Critical Infrastructure Security, edited by A. Vedder, J. Schroers, C. Ducuing, & P. Valcke, 97–128. Intersentia, 2019

Molnár-Gábor, Fruzsina, Julian Sellner, Sophia Pagil, Santa Slokenberga, Olga Tzortzatou-Nanopoulou, and Katarina Nyström. "Harmonization after the GDPR? Divergences in the rules for genetic and health data sharing in four member states and ways to overcome them by EU measures: Insights from Germany, Greece, Latvia and Sweden." Seminars in Cancer Biology 84 (September 2022): 271-283. https://doi.org/10.1016/j.semcancer.2021.12.001

National Institute of Standards and Technology. "NIST Releases Version 2.0 of Landmark Cybersecurity Framework." Published February 26, 2024. Accessed May 27, 2024. https://www.nist.gov/cyberframework

NIST. "Cybersecurity Framework Profile for Genomic Data (NIST IR 8467, Initial Public Draft)." June 15, 2023. https://csrc.nist.gov/pubs/ir/8467/ipd

Papathanasiou, A., Liontos, G., Liagkou, V., & Glavas, E. "Business Email Compromise (BEC) Attacks: Threats, Vulnerabilities and Countermeasures. A Perspective on the Greek Landscape." Journal of Cybersecurity and Privacy 3, no. 3 (2023): 610-637. https://doi.org/10.3390/jcp3030029

PCI Security Standards Council. Payment Card Industry (PCI) Data Security Standard (2023). Retrieved from https://otm.finance.harvard.edu/files/otm/files/pci_security_standards.pdf

Polanco, Rodrigo. “The Impact of Digitalization on International Investment Law: Are Investment Treaties Analogue or Digital?” German Law Journal 24, no. 3 (2023): 574–88. https://doi.org/10.1017/glj.2023.30.

Purtova, Nadezhda. "From Knowing by Name to Targeting: The Meaning of Identification under the GDPR." International Data Privacy Law 12, no. 3 (August 2022): 163–183. https://doi.org/10.1093/idpl/ipac013

Quach, S., Thaichon, P., Martin, K. D., Weaven, S., & Palmatier, R. W. "Digital Technologies: Tensions in Privacy and Data." Journal of the Academy of Marketing Science 50, no. 5 (2022): 1299–1323. https://doi.org/10.1007/s11747-022-00845-y

QUELLE, Claudia. "Enhancing Compliance under the General Data Protection Regulation: The Risky Upshot of the Accountability- and Risk-Based Approach." European Journal of Risk Regulation 9, no. 3 (2018): 502–26. https://doi.org/10.1017/err.2018.47

Reed, Christopher. “Legally Binding Electronic Documents: Digital Signatures and Authentication.” The International Lawyer 35, no. 1 (2001): 89–106. http://www.jstor.org/stable/40707597

Republic of Uzbekistan. Law of April 15, 2022 No. ZRU-764: About Cyber Security. April 15, 2022. Accessed May 27, 2024. https://cis-legislation.com/document.fwx?rgn=139485

Republic of Uzbekistan. Law on Personal Data (No. LRU-547, 02.07.2019). Retrieved from https://lex.uz/docs/4831939

Republic of Uzbekistan. The Code of the Republic of Uzbekistan about the Administrative Responsibility (No. 2015-XII, September 22, 1994) (as amended on 15-11-2023). CIS Legislation. Retrieved from https://cis-legislation.com/document.fwx?rgn=751

Ronit, Karsten. "The Governance of Global Industry Associations: The Role of Micro-Politics." In Elgar Politics and Business series, 200-204. Edward Elgar Publishing, 2022

Saeed, Saqib, Neda Azizi, Shahzaib Tahir, Munir Ahmad, and Abdullah M. Almuhaideb. Strengthening Industrial Cybersecurity to Protect Business Intelligence. IGI Global, February 14, 2024

Sergiienko, Nataliia, Volodymyr V. Prylovskyi, Mykhailo Burdin, Maryna O. Dei, and Hanna Z. Ostapenko. “Enforcement Actions and Their Suspension: The Concept and Legal Regulation in Ukraine, Georgia, Kazakhstan, Armenia”. Lex Scientia Law Review 6, no. 2 (2022): 299-326. https://doi.org/10.15294/lesrev.v6i2.55974

Sharif, A., Ranzi, M., Carbone, R., Sciarretta, G., Marino, F. A., & Ranise, S. "The eIDAS Regulation: A Survey of Technological Trends for European Electronic Identity Schemes." Applied Sciences 12, no. 24 (2022): 12679. https://doi.org/10.3390/app122412679

Shead, Sam. "Amazon Hit with $887 Million Fine by European Privacy Watchdog." CNBC, July 30, 2021. https://www.cnbc.com/2021/07/30/amazon-hit-with-fine-by-eu-privacy-watchdog-.html

Tariq, U., Ahmed, I., Bashir, A. K., and Shaukat, K. "A Critical Cybersecurity Analysis and Future Research Directions for the Internet of Things: A Comprehensive Review." Sensors 23, no. 8 (2023): 4117. https://doi.org/10.3390/s23084117

Tzavara, V., and S. Vassiliadis. "Tracing the Evolution of Cyber Resilience: A Historical and Conceptual Review." International Journal of Information Security, 2024. Advance online publication. https://doi.org/10.1007/s10207-023-00811-x

WATKINS, STEVE G. ISO/IEC 27001:2022: An Introduction to Information Security and the ISMS Standard. IT Governance Publishing, 2022. https://doi.org/10.2307/j.ctv30qq13d

Weckler, Adrian. "TikTok to learn whether sanctions will be imposed by Irish regulator on use of kids’ data." Irish Independent, August 3, 2023. https://www.independent.ie/business/tiktok-to-learn-whether-sanctions-will-be-imposed-by-irish-regulator-on-use-of-kids-data/a1303646791.html

Wicaksono, Raden Mas Try Ananto. “Reviewing Legal Justice, Certainty, and Legal Expediency in Government Regulation Number 24 of 2018 Concerning Electronically Integrated Business Services”. Lex Scientia Law Review 5, no. 1 (2021): 1-24. https://doi.org/10.15294/lesrev.v5i1.44905

Downloads

Article ID

2081

Published

2024-09-22

How to Cite

Cybersecurity Regulations for Protection and Safeguarding Digital Assets (Data) in Today’s Worlds. (2024). Lex Scientia Law Review, 8(1), 405-432. https://doi.org/10.15294/lslr.v8i1.2081