Litcius/Paper detail

The outcome efficacy of the entity risk management requirements of the NIS 2 Directive

Donald David Stewart Ferguson

2023International Cybersecurity Law Review10 citationsDOIOpen Access PDF

Abstract

Abstract The NIS 2 Directive (2022/2555) of the European Union (EU) identifies the cybersecurity risk management requirements for essential and important entities in EU member states. The principal question we address is, how effective are the cybersecurity risk management measures of the NIS 2 Directive against cyberattacks on essential and important entities in EU member states? It was observed, through statutory interpretation and cyber kill chain model analysis, that the cybersecurity risk management measures of the NIS 2 Directive may be significantly limited in their effectiveness against cyberattacks on essential and important entities in EU member states. The limited effectiveness is primarily due to the narrow scope of the cybersecurity risk management measures, including the lack of specific measures focused on the reconnaissance phase of a cyberattack.

Topics & Concepts

DirectiveRisk managementBusinessScope (computer science)Principal (computer security)European unionRisk analysis (engineering)Member statesComputer securityDirective on Privacy and Electronic CommunicationsProcess managementData Protection DirectiveComputer scienceInternational tradeFinanceEuropean integrationProgramming languageInformation and Cyber SecurityCybersecurity and Cyber Warfare StudiesWar, Law, and Justice
The outcome efficacy of the entity risk management requirements of the NIS 2 Directive | Litcius