Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Implications of new EU cyber security legislation

LogRhythm : 23 January, 2013  (Technical Article)
LogRhythm comments on the duties placed on large internet companies by the latest cyber security legislation to come from the European Union
Implications of new EU cyber security legislation

Last week, the European Commission proposed new legislation to require major tech firms like Google and Facebook to report any security breaches to local cyber crime authorities or risk sanctions like fines.

The bill, which is currently being finalised, will force EU member states to establish local cybersecurity agencies to which tech companies, such as social networks, e-commerce firms and online platforms which have access to users' data, as well as infrastructure and energy groups, will have to report any server issues and security breaches to.

Ross Brewer, vice president and managing director for international markets, LogRhythm, has made the following comments: “Legislation enforcing the disclosure of any IT security breaches is now long overdue. Our recent research shows that 80 percent of the UK public implicitly do not trust organisations to keep their data safe – so this new law will hopefully serve to rebuild public confidence in cyber security.

“Once this law is enforced, any organisations holding user data will need much deeper insight into the activity taking place across their networks, as they will be required to provide accurate details of any security breaches. It will therefore be necessary for organisations to improve the use of the data generated by their IT systems, in order for any abnormal activity to be more quickly and effectively identified. Unfortunately, all too often this information is managed in an inefficient and disparate manner, which can lead to inaccurate breach details being reported.  This ‘over-disclosure’ has already become an issue in the US, where breach notification laws are in place – with organisations being unable to accurately identify exactly what the security breach entailed due to a lack of visibility within their IT systems, many are overstating the severity of the incident.

“With cyber attacks becoming increasingly sophisticated and frequent – and with IT data volumes growing at unprecedented rates – data breaches have become inevitable. It is therefore in every organisation’s best interest to baseline normal, day-to-day activity across all dimensions of IT infrastructures, in order to recognise true weaknesses and identify anomalies in real time. This will also allow for a deep forensic analysis of growing amounts of data. In doing so, organisations can proactively secure both data and infrastructure, while avoiding disclosing inaccurate information and unintentionally escalating the magnitude of a breach. As such, only a cyber security strategy focusing on the continuous monitoring of IT networks will provide the network visibility and intelligent insight to future-proof against increasingly stringent legislations on IT security.”

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo