Cybersecurity Regulations for Protection and Safeguarding Digital Assets (Data) in Today’s Worlds
DOI:
https://doi.org/10.15294/lslr.v8i1.2081Keywords:
Cybersecurity, Digital Assets, Privacy, Data Protection, Legal Framework, International StandardsAbstract
This paper examines cybersecurity regulations and practices for safeguarding digital assets like data in today's interconnected landscape. As cyber risks flourish, comprehensive frameworks outlining technical, administrative, and legal protocols are vital for securing critical systems and sensitive information. The paper's background emphasizes rising digitization, surging threat sophistication, and necessitating diligent governance. Its objectives include analyzing prominent regulations and highlighting principles around confidentiality, integrity, and availability. The qualitative study adopts a doctrinal approach and grounded theory analysis to methodically assess prominent legislation. The paper discusses legislative developments in domains like breach disclosure, identity authentication, and encryption methodologies that strengthen cyber resilience. It suggests reconciling compliance complexity through oversight alignment. The paper concludes by underscoring the need for positive incentives and public-private partnerships that collectively enhance cyber hygiene. It recommends consistent interpretation and proactive investments in capacity building to secure our deepening digital economy against exponentially evolving threats.
References
Abohatem, A. Y., Ba-Alwi, F. M., & Al-Khulaidi, A. A. "Suggestion Cybersecurity Framework (CSF) for Reducing Cyber-Attacks on Information Systems." Sana’a University Journal of Applied Sciences and Technology 1, no. 3 (2023). https://doi.org/10.59628/jast.v1i3.248
AllahRakha, N. "Cybercrime and the Law: Addressing the Challenges of Digital Forensics in Criminal Investigations." Mexican Law Review 16, no. 2 (2024): 23-54
AllahRakha, N. "Demystifying the Network and Cloud Forensics’ Legal, Ethical, and Practical Considerations." Pakistan Journal of Criminology 16, no. 2 (2024): 119-132. https://doi.org/10.62271/pjc.16.2.119.132
AllahRakha, Naeem. "Modernizing Criminal and Evidence Laws to Facilitate Tourism in Pakistan." SSRN. Accessed May 27, 2024. https://ssrn.com/abstract=4707544
Allen, Brian, Brandon Bapst, and Terry Allan Hicks. Building a Cyber Risk Management Program. "O'Reilly Media, Inc.", 2023, pp. 20-21
Bateman, R. "6 Privacy Principles of the GDPR." 2023. Retrieved from https://www.termsfeed.com/blog/gdpr-privacy-principles/
Center for Internet Security. CIS Controls. (2021). Retrieved from https://www.cisecurity.org/controls
Center for Internet Security. Elections Infrastructure Information Sharing & Analysis Center. (2020). https://www.cisecurity.org/elections-isac/
Chaisse, Julien, and Christian Bauer. "Cybersecurity and the Protection of Digital Assets: Assessing the Role of International Investment Law and Arbitration." Vanderbilt Journal of Entertainment & Technology Law 21, no. 3 (2019): 549-589.
Chun Tie, Y., Birks, M., and Francis, K. "Grounded Theory Research: A Design Framework for Novice Researchers." SAGE Open Medicine 7 (2019): 2050312118822927. https://doi.org/10.1177/2050312118822927
Court of Justice of the European Union. "Case C 340/21: Natsionalna agentsia za prihodite." European Case Law Identifier: ECLI:EU:C:2023:986. Accessed December 14, 2023. https://gdprhub.eu/index.php?title=CJEU_-_C%E2%80%91340/21_-_Natsionalna_agentsia_za_prihodite
Court of Justice of the European Union. "Case C-154/21: RW v Österreichische Post." 2023. Accessed May 27, 2024. https://gdprhub.eu/index.php?title=CJEU_-_C-154/21_-_RW_v_%C3%96sterreichische_Post#:~:text=The%20CJEU%20held%20that%20Article,categories%20of%20recipients%20is%20sufficient
Cremer, Frank, Barry Sheehan, Michael Fortmann, Arash N. Kia, Martin Mullins, Finbarr Murphy, and Stefan Materne. "Cyber Risk and Cybersecurity: A Systematic Review of Data Availability." Geneva Papers on Risk and Insurance: Issues and Practice 47, no. 3 (2022): 698–736. Accessed May 27, 2024. doi:10.1057/s41288-022-00266-6
Daigle, B., & Khan, M. The EU General Data Protection Regulation: An Analysis of Enforcement Trends by EU Data Protection Authorities. Journal of International Commerce and Economics. (2020). Retrieved from https://www.usitc.gov/journals
Ducato, Rossana. "Data Protection, Scientific Research, and the Role of Information." Computer Law & Security Review 37 (July 2020): 105412. https://doi.org/10.1016/j.clsr.2020.105412
Dunn Cavelty, Myriam, and Andreas Wenger, eds. Cyber Security Politics: Socio-Technological Transformations and Political Fragmentation. London: Routledge, 2022. https://doi.org/10.4324/9781003110224
EDPB. "1.2 Billion Euro Fine for Facebook as a Result of EDPB Binding Decision." Press release, May 22, 2023. Accessed from https://edpb.europa.eu/news/news/2023/12-billion-euro-fine-facebook-result-edpb-binding-decision_en
European Parliament, & Council of the European Union. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). EUR-Lex. Retrieved from https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32016R0679
European Union. Directive (EU) 2022/2555 of the European Parliament and of the Council. "On measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive)." EUR-Lex. Accessed December 14, 2022. https://eur-lex.europa.eu/eli/dir/2022/2555
European Union. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation). GDPR-info.eu. Accessed May 27, 2024. https://gdpr-info.eu/art-5-gdpr/
Garrido, José M. Digital Tokens: A Legal Perspective. IMF Working Paper WP/23/151, 2023.
Gliklich, R. E., Dreyer, N. A., & Leavy, M. B., eds. Registries for Evaluating Patient Outcomes: A User's Guide. 3rd ed. Agency for Healthcare Research and Quality (US), 2014. https://www.ncbi.nlm.nih.gov/books/NBK208615/
Haganta, Raphael. “Legal Protection of Personal Data as Privacy Rights of E-Commerce Consumers Amid the Covid-19 Pandemic”. Lex Scientia Law Review 4, no. 2 (2020): 77-90. https://doi.org/10.15294/lesrev.v4i2.40904
Hamilton, A. B., & Finley, E. P. "Qualitative Methods in Implementation Research: An Introduction." Psychiatry Research 280 (2019): 112516. https://doi.org/10.1016/j.psychres.2019.112516
Harris, Mark A., and Ronald Martin. "Promoting Cybersecurity Compliance." In Research Anthology on Privatizing and Securing Data, edited by Information Resources Management Association, 1990-2007. Hershey, PA: IGI Global, 2021. https://doi.org/10.4018/978-1-7998-8954-0.ch097
Inggarwati, Melodia Puji, Olivia Celia, and Berliana Dwi Arthanti. “Online Single Submission for Cyber Defense and Security in Indonesia”. Lex Scientia Law Review 4, no. 1 (2020): 83-95. https://doi.org/10.15294/lesrev.v4i1.37709
International Conference on Engineering and Computer Science. 2022. "The Use of Innovative Technology in Accelerating Problems Sustainable Development." AIP Conference Proceedings 3109, no. 1 (April 9, 2024): 030007. https://doi.org/10.1063/5.0204895
International Institute for the Unification of Private Law (UNIDROIT). UNIDROIT Principles on Digital Assets and Private Law. 2023. Accessed May 27, 2024. https://www.unidroit.org/wp-content/uploads/2024/01/Principles-on-Digital-Assets-and-Private-Law-linked.pdf.
ISO. Information security management. (ISO/IEC 27000 family). Retrieved from https://www.iso.org/standard/iso-iec-27000-family
ISO. Information security, cybersecurity and privacy protection. (ISO/IEC 27002:2022). Accessed May 27, 2024. https://www.iso.org/standard/75652.html
ISO/IEC. "Information security, cybersecurity and privacy protection (ISO/IEC 27001:2022)." Accessed May 27, 2024. https://www.iso.org/standard/27001
Javaid, M., Haleem, A., Singh, R. P., & Suman, R. "Towards insighting cybersecurity for healthcare domains: A comprehensive review of recent practices and trends." Cyber Security and Applications 1 (2023): 100016. https://doi.org/10.1016/j.csa.2023.100016
Koos, Stefan.. “Digital Globalization and Law”. Lex Scientia Law Review 6, no. 1 (2022): 33-68. https://doi.org/10.15294/lesrev.v6i1.55092
Kostadinova, Z. R. "Purpose Limitation under the GDPR: Can Article 6(4) Be Automated?" Tilburg University, 2019. https://arno.uvt.nl/show.cgi?fid=146471
Lee, I. "What Is COBIT (Control Objectives for Information Technology)? 5 Main Principles." Wallarm Learning Center, 2023. Accessed May 27, 2024. https://www.wallarm.com/what/what-is-cobit-control-objectives-for-information-technology
Marotta, Anthony, and Stuart Madnick. "Analyzing the Interplay between Regulatory Compliance and Cybersecurity." Working Paper CISL# 2020-06. Massachusetts Institute of Technology, Cambridge, 2020. Accessed May 28, 2024. https://web.mit.edu/smadnick/www/wp/2020-06.pdf
Marquenie, T., & Quezada, K. "Operationalization of Information Security through Compliance with Directive 2016/680 in Law Enforcement Technology and Practice." In Security and Law: Legal and Ethical Aspects of Public Security, Cyber Security and Critical Infrastructure Security, edited by A. Vedder, J. Schroers, C. Ducuing, & P. Valcke, 97–128. Intersentia, 2019
Molnár-Gábor, Fruzsina, Julian Sellner, Sophia Pagil, Santa Slokenberga, Olga Tzortzatou-Nanopoulou, and Katarina Nyström. "Harmonization after the GDPR? Divergences in the rules for genetic and health data sharing in four member states and ways to overcome them by EU measures: Insights from Germany, Greece, Latvia and Sweden." Seminars in Cancer Biology 84 (September 2022): 271-283. https://doi.org/10.1016/j.semcancer.2021.12.001
National Institute of Standards and Technology. "NIST Releases Version 2.0 of Landmark Cybersecurity Framework." Published February 26, 2024. Accessed May 27, 2024. https://www.nist.gov/cyberframework
NIST. "Cybersecurity Framework Profile for Genomic Data (NIST IR 8467, Initial Public Draft)." June 15, 2023. https://csrc.nist.gov/pubs/ir/8467/ipd
Papathanasiou, A., Liontos, G., Liagkou, V., & Glavas, E. "Business Email Compromise (BEC) Attacks: Threats, Vulnerabilities and Countermeasures. A Perspective on the Greek Landscape." Journal of Cybersecurity and Privacy 3, no. 3 (2023): 610-637. https://doi.org/10.3390/jcp3030029
PCI Security Standards Council. Payment Card Industry (PCI) Data Security Standard (2023). Retrieved from https://otm.finance.harvard.edu/files/otm/files/pci_security_standards.pdf
Polanco, Rodrigo. “The Impact of Digitalization on International Investment Law: Are Investment Treaties Analogue or Digital?” German Law Journal 24, no. 3 (2023): 574–88. https://doi.org/10.1017/glj.2023.30.
Purtova, Nadezhda. "From Knowing by Name to Targeting: The Meaning of Identification under the GDPR." International Data Privacy Law 12, no. 3 (August 2022): 163–183. https://doi.org/10.1093/idpl/ipac013
Quach, S., Thaichon, P., Martin, K. D., Weaven, S., & Palmatier, R. W. "Digital Technologies: Tensions in Privacy and Data." Journal of the Academy of Marketing Science 50, no. 5 (2022): 1299–1323. https://doi.org/10.1007/s11747-022-00845-y
QUELLE, Claudia. "Enhancing Compliance under the General Data Protection Regulation: The Risky Upshot of the Accountability- and Risk-Based Approach." European Journal of Risk Regulation 9, no. 3 (2018): 502–26. https://doi.org/10.1017/err.2018.47
Reed, Christopher. “Legally Binding Electronic Documents: Digital Signatures and Authentication.” The International Lawyer 35, no. 1 (2001): 89–106. http://www.jstor.org/stable/40707597
Republic of Uzbekistan. Law of April 15, 2022 No. ZRU-764: About Cyber Security. April 15, 2022. Accessed May 27, 2024. https://cis-legislation.com/document.fwx?rgn=139485
Republic of Uzbekistan. Law on Personal Data (No. LRU-547, 02.07.2019). Retrieved from https://lex.uz/docs/4831939
Republic of Uzbekistan. The Code of the Republic of Uzbekistan about the Administrative Responsibility (No. 2015-XII, September 22, 1994) (as amended on 15-11-2023). CIS Legislation. Retrieved from https://cis-legislation.com/document.fwx?rgn=751
Ronit, Karsten. "The Governance of Global Industry Associations: The Role of Micro-Politics." In Elgar Politics and Business series, 200-204. Edward Elgar Publishing, 2022
Saeed, Saqib, Neda Azizi, Shahzaib Tahir, Munir Ahmad, and Abdullah M. Almuhaideb. Strengthening Industrial Cybersecurity to Protect Business Intelligence. IGI Global, February 14, 2024
Sergiienko, Nataliia, Volodymyr V. Prylovskyi, Mykhailo Burdin, Maryna O. Dei, and Hanna Z. Ostapenko. “Enforcement Actions and Their Suspension: The Concept and Legal Regulation in Ukraine, Georgia, Kazakhstan, Armenia”. Lex Scientia Law Review 6, no. 2 (2022): 299-326. https://doi.org/10.15294/lesrev.v6i2.55974
Sharif, A., Ranzi, M., Carbone, R., Sciarretta, G., Marino, F. A., & Ranise, S. "The eIDAS Regulation: A Survey of Technological Trends for European Electronic Identity Schemes." Applied Sciences 12, no. 24 (2022): 12679. https://doi.org/10.3390/app122412679
Shead, Sam. "Amazon Hit with $887 Million Fine by European Privacy Watchdog." CNBC, July 30, 2021. https://www.cnbc.com/2021/07/30/amazon-hit-with-fine-by-eu-privacy-watchdog-.html
Tariq, U., Ahmed, I., Bashir, A. K., and Shaukat, K. "A Critical Cybersecurity Analysis and Future Research Directions for the Internet of Things: A Comprehensive Review." Sensors 23, no. 8 (2023): 4117. https://doi.org/10.3390/s23084117
Tzavara, V., and S. Vassiliadis. "Tracing the Evolution of Cyber Resilience: A Historical and Conceptual Review." International Journal of Information Security, 2024. Advance online publication. https://doi.org/10.1007/s10207-023-00811-x
WATKINS, STEVE G. ISO/IEC 27001:2022: An Introduction to Information Security and the ISMS Standard. IT Governance Publishing, 2022. https://doi.org/10.2307/j.ctv30qq13d
Weckler, Adrian. "TikTok to learn whether sanctions will be imposed by Irish regulator on use of kids’ data." Irish Independent, August 3, 2023. https://www.independent.ie/business/tiktok-to-learn-whether-sanctions-will-be-imposed-by-irish-regulator-on-use-of-kids-data/a1303646791.html
Wicaksono, Raden Mas Try Ananto. “Reviewing Legal Justice, Certainty, and Legal Expediency in Government Regulation Number 24 of 2018 Concerning Electronically Integrated Business Services”. Lex Scientia Law Review 5, no. 1 (2021): 1-24. https://doi.org/10.15294/lesrev.v5i1.44905
Downloads
Article ID
Published
Issue
Section
License
Copyright (c) 2024 Naeem AllahRakha (Author)
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
All writings published in this journal are personal views of the authors and do not represent the view of this journal and the author's affiliated institutions. Authors retain the copyrights under this license, see our copyrights notice.