ENISA publishes its report on “Cyber Security Information Sharing: An Overview of Regulatory and Non-regulatory Approaches”.
ENISA identified three types of approaches to share information on cyber security incidents:
1) Traditional regulation
2) Alternative forms of regulation, such as self- and co-regulation
3) Other approaches to enable information sharing, such as information and education schemes.
Some key findings are:
The prevalence of traditional regulation, alternative forms of regulation (such as self- and co-regulation) and other approaches to enable information sharing on cyber incidents, varies from country to country
The frequent use of alternative types of regulatory initiatives (co- and self-regulation) in the field of information sharing on cyber incidents
Different regulatory and non-regulatory approaches bring different challenges with them
Trust is a key element for the success of the information sharing on cyber incidents
National and governmental CSIRTs play an important role in the field
The study aims to present the regulatory and non-regulatory approaches of EU Member States as well as EEA and EFTA countries to share information on cyber incidents, the different sector regulation challenges of managing cyber security issues, and their key practices in addressing them. The primary target audience of this report are policy and law makers at EU and Member State level, the CSIRT community (in particular national and governmental CSIRTs), the law enforcement community and other operational communities.
Full report available here: Cyber Security Information Sharing: An Overview of Regulatory and Non-regulatory Approaches
For interviews and press enquiries please contact [email protected] , Tel.+30 2814 409576
Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!