Hey,
this is the final issue for this year and I want to thank you for being a part of this community. 2022 has shown once again the importance of information and cybersecurity for enterprises and society. In this issue we are going to have a brief look at relevant cybersecurity related legislation in both the U.S. and EU.
United States
Cybersecurity Act of 2015: This act established the National Cybersecurity and Communications Integration Center (NCCIC) as a central hub for sharing information about cyber threats between the government and the private sector. It also established the position of the Federal Chief Information Security Officer (CISO), who is responsible for implementing and overseeing federal cybersecurity policies and practices.
Cybersecurity and Infrastructure Security Agency Act of 2018: This act established the Cybersecurity and Infrastructure Security Agency (CISA) as a standalone agency within the Department of Homeland Security. CISA is responsible for protecting the nation's critical infrastructure from cyber threats and for coordinating cybersecurity efforts across the federal government.
Internet of Things Cybersecurity Improvement Act of 2020: This act requires the National Institute of Standards and Technology (NIST) to develop guidelines for securing the Internet of Things (IoT) in the federal government. It also requires federal agencies to implement those guidelines and to consider cybersecurity when purchasing or using IoT devices.
Health Insurance Portability and Accountability Act (HIPAA): HIPAA is a U.S. law that establishes national standards for protecting the privacy and security of personal health information. It applies to healthcare providers, healthcare clearinghouses, and health plans.
European Union
General Data Protection Regulation (GDPR): The GDPR is a comprehensive data protection law that applies to organizations that process the personal data of individuals in the EU. It sets out strict requirements for protecting the privacy and security of personal data and gives individuals the right to control how their personal data is used.
Network and Information Systems Directive (NIS Directive): The NIS Directive is an EU law that aims to improve the cybersecurity of critical infrastructure and digital service providers in the EU. It requires those organizations to implement appropriate security measures and to report certain types of cyber incidents to national authorities.
Cybersecurity Act of 2019: This act established the European Union Agency for Cybersecurity (ENISA) as a permanent body with a mandate to support EU member states in improving their cybersecurity capabilities. It also established a framework for cooperation on cybersecurity between the EU and third countries.
The NIS 2 Directive is going to replace and repeal the NIS Directive (Directive 2016/1148/EC). NIS 2 will improve cybersecurity risk management and will introduce reporting obligations across sectors such as energy, transport, health and digital infrastructure.
Let’s make Security Decrypted even better
I want to provide all of you with relevant content. Please vote below so I can tailor this newsletter to your needs.