Seguridad de redes y sistemas de información en la Unión Europea: ¿un enfoque integral?

  1. Margarita Robles Carrillo
Journal:
Revista de Derecho Comunitario Europeo

ISSN: 1138-4026

Year of publication: 2018

Year: 22

Issue: 60

Pages: 563-600

Type: Article

DOI: 10.18042/CEPC/RDCE.60.03 DIALNET GOOGLE SCHOLAR lock_openDialnet editor

More publications in: Revista de Derecho Comunitario Europeo

Abstract

The security of networks and information systems is a serious and general concern in the international and national framework. Within the scope of the European Union, it has led to various acts of a sectoral nature and to the adoption of Directive 2016/1148, called the NIS directive. The analysis of its material, functional and subjective scope of application shows that it does not respond to the initial purpose of assuming an integral approach. The normative regime established in terms of security requirements, notification and standardization and the mechanisms for guaranteeing the effectiveness of its provisions are also not adjusted to that objective. The problem is that it sanctifies a sectoral treatment of the security of networks and information systems that can hardly serve to confront the challenge of guaranteeing the security of networks and information systems.

Bibliographic References

  • Agustinoy Guilayn, A. (2016). Aspectos legales de las redes sociales. Barcelona: Bosch.
  • Bangemann. (1994). Europa y la sociedad global de la información: Informe Bangemann. Disponible en: https://bit.ly/2HZGRcy.
  • Barrio Andrés, M. (2017). Fundamentos de Derecho de Internet. Madrid: Centro de Estudios Políticos y Constitucionales.
  • CISCO (2018). Annual Cybersecurity Report. Disponible en: https://bit.ly/2KISsNS.
  • Comisión Europea (2015). ePrivacy Directive: assessment of transposition, effectiveness and compatibility with proposed Data Protection Regulation. Brussels: European Union.
  • Department for Business, Innovation and Skills (BIS) (2010). Implementing the Revised EU Electronic Communications Framework. Impact Assessment. London: BIS.
  • Díaz Orueta, G., Alzórriz Armendáriz, I., Sancristóbal Ruíz, E. y Castro Gil, M. A. (2014). Procesos y herramientas para la seguridad de las redes. Madrid: UNED.
  • ENISA (2013a). Security framework for Article 4 and 13a. Heraklion: ENISA Publications.
  • ENISA (2013b). Cloud security incident reporting. Framework for reporting about major cloud security incidents. Heraklion: ENISA Publications.
  • ENISA (2014a). Network and Information Security in the Finance Sector. Heraklion: ENISA Publications.
  • ENISA (2014b). Technical Guideline on Incident Reporting. Heraklion: ENISA Publications.
  • ENISA (2015a). Proposal for Article 19 Incident Reporting. Heraklion: ENISA Publications.
  • ENISA (2015c). Definition of cybersecurity. Gaps and overlops in standarisation. Heraklion: ENISA Publications.
  • ENISA (2015d). Security framework for Goverment clouds. Heraklion: ENISA Publications.
  • ENISA (2016a). NCCS Good Practice Guide. Designing and Implementing National Cyber Security Strategies. Heraklion: ENISA Publications.
  • ENISA (2016b). Technical Guidelines for the implementation of minimum security measures for Digital Service Providers. Heraklion: ENISA Publications
  • ENISA (2017). Incident Notification for DSPs in the context of the NIS Directive. Heraklion: ENISA Publications.
  • ENISA (2018a). Building a common language to face future incidents. Heraklion: ENISA Publications.
  • ENISA (2018b). Looking into the crystal ball. A report of emerging technologies and security challenges. Heraklion: ENISA Publications.
  • EPRS (2017). Cybersecurity in the EU Common Security and Defence Policy. Challenges and Risks. Brussels: European Union.
  • Gross, O. (2015). Legal Obligations of States Directly Affected by Cyber-Incidents. Legal Studies Research Paper Series, 15-03, 48, 1-38.
  • Herbst, N. R., Kounev, S. y Reussner, R. (2013). Elasticity in Cloud Computing: What It Is, and What It Is Not. Disponible en: https://bit.ly/2IDa7tV.
  • Jasmontaite, L. (2008). Building a Cybersecurity Culture in the EU Through Mandatory Notification of Data Breaches and Incidents: Differences and Similarities of Data Vulnerability Reporting Tools. En Managing Risk in the Digital Society (pp. 129-142). Barcelona: Universitá Oberta de Catalunya.
  • Martínez López-Sáez, M. (2018). Una revisión del derecho fundamental a la protección de datos de carácter personal. Un reto en clave de diálogo judicial y constitucionalismo multinivel en la Unión Europea. Valencia: Tirant Lo Blanch.
  • Menges, F. y Pernul, G. (2008). A comparative analysis of incident reporting formats. Computer and Security, 73, 1-24.
  • Musiani, F. (2016). Alternative Technologies as Alternative Institutions: The Case of the Domain Name System. En F. Musiani, D. L. Cogburn, L. DeNardis, N. S. Levinson (eds.). The Turn to Infrastructure in Internet Governance (pp. 72-86). London: Palgrave Macmillan.
  • OCDE (2002). Directrices de la OCDE para la seguridad de sistemas y redes de información: hacia una cultura de seguridad. Paris: OECD.
  • Piñar Mañas, J. L. (2016). Reglamento general de protección de datos. Hacia un nuevo modelo europeo de privacidad. Madrid: Reus.
  • Robles Carrillo, M. (2016). El proceso de reforma de la ICANN. Objetivos, régimen jurídico y estructura orgánica. Revista de Privacidad y Derecho Digital, 7, 25-65.
  • Robles Carrillo, M. (2018a). Medidas de aplicación de la Directiva NIS: alcance y limitaciones. En Actas de las IV Jornadas Nacionales de Investigación en Ciberseguridad. San Sebastián: Mondragon Unibertsitatea.
  • Robles Carrillo, M. (2018b). El proceso de transposición de la directiva sobre seguridad de redes y sistemas en el derecho español. IEEE, 78/201, 1-21.
  • Troncoso Reigada, A. (2008). La administración electrónica y la protección de datos personales. Revista Jurídica de Castilla y León, 16, 31-111.
  • UIT (2006). La seguridad de las telecomunicaciones y las tecnologías de la información. Ginebra: Oficina de Normalización de las Telecomunicaciones.
  • World Economic Forum (2018). The Global Risks Report. Geneva: WEF.
  • Bannelier, K. y Christakis, T. (2017). Cyber-Attacks. Prevention-Reactions: The Role of States and Private Actors. Paris: Les Cahiers de la Revue Défense Nationale.
  • ENISA (2015b). Security incidents indicators. Measuring the impact of incidents affecting electronic communications. Heraklion: ENISA Publications.
  • ENISA (2014c). Technical Guideline on Security Matters. Heraklion: ENISA Publications.
Data source: Dialnet