eBook - ePub
A concise introduction to the NIS Directive
A pocket guide for digital service providers
Alan Calder
This is a test
Condividi libro
- 57 pagine
- English
- ePUB (disponibile sull'app)
- Disponibile su iOS e Android
eBook - ePub
A concise introduction to the NIS Directive
A pocket guide for digital service providers
Alan Calder
Dettagli del libro
Anteprima del libro
Indice dei contenuti
Citazioni
Informazioni sul libro
This pocket guide is an introduction to the EU's NIS Directive (Directive on security of network and information systems). It outlines the key requirements, details which digital service providers are within scope, and explains how the security objectives from ENISA's Technical Guidelines and international standards can help DSPs achieve compliance. This pocket guide is a primer for any DSP that needs to comply with the NIS Directive.
The pocket guide helps DSPs:
- Gain insight into the NIS Directive and who is regulating it;
- Identify if they are within the scope of the Directive;
- Understand the key requirements; and
- Understand how guidance from international standards and ENISA can help them comply.
Your essential guide to understanding the EU's NIS Directive – buy this book today and get the help and guidance you need.
Domande frequenti
Come faccio ad annullare l'abbonamento?
È semplicissimo: basta accedere alla sezione Account nelle Impostazioni e cliccare su "Annulla abbonamento". Dopo la cancellazione, l'abbonamento rimarrà attivo per il periodo rimanente già pagato. Per maggiori informazioni, clicca qui
È possibile scaricare libri? Se sì, come?
Al momento è possibile scaricare tramite l'app tutti i nostri libri ePub mobile-friendly. Anche la maggior parte dei nostri PDF è scaricabile e stiamo lavorando per rendere disponibile quanto prima il download di tutti gli altri file. Per maggiori informazioni, clicca qui
Che differenza c'è tra i piani?
Entrambi i piani ti danno accesso illimitato alla libreria e a tutte le funzionalità di Perlego. Le uniche differenze sono il prezzo e il periodo di abbonamento: con il piano annuale risparmierai circa il 30% rispetto a 12 rate con quello mensile.
Cos'è Perlego?
Perlego è un servizio di abbonamento a testi accademici, che ti permette di accedere a un'intera libreria online a un prezzo inferiore rispetto a quello che pagheresti per acquistare un singolo libro al mese. Con oltre 1 milione di testi suddivisi in più di 1.000 categorie, troverai sicuramente ciò che fa per te! Per maggiori informazioni, clicca qui.
Perlego supporta la sintesi vocale?
Cerca l'icona Sintesi vocale nel prossimo libro che leggerai per verificare se è possibile riprodurre l'audio. Questo strumento permette di leggere il testo a voce alta, evidenziandolo man mano che la lettura procede. Puoi aumentare o diminuire la velocità della sintesi vocale, oppure sospendere la riproduzione. Per maggiori informazioni, clicca qui.
A concise introduction to the NIS Directive è disponibile online in formato PDF/ePub?
Sì, puoi accedere a A concise introduction to the NIS Directive di Alan Calder in formato PDF e/o ePub, così come ad altri libri molto apprezzati nelle sezioni relative a Computer Science e Cyber Security. Scopri oltre 1 milione di libri disponibili nel nostro catalogo.
Informazioni
Argomento
Computer ScienceCategoria
Cyber SecurityCHAPTER 1: SCOPE AND APPLICABILITY
Article 4(6) of the Directive specifies that DSPs are “any legal person that provides a digital service”. A “digital service”, in turn, is defined as “any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services”.14
Unlike OES, governments aren’t expected to identify DSPs – the Directive simply applies to all that provide any of the services that are categorised and listed in Annex III of the NIS Directive. As Recital 57 explains, “Member States should not identify digital service providers, as this Directive should apply to all digital service providers within its scope. […] This should enable digital service providers to be treated in a uniform way across the Union”.
The Directive does not require Member States to explicitly identify DSPs in order to ensure that DSPs can expect equal treatment wherever they operate, streamlining business and providing a guaranteed minimum level of reliability for organisations and consumers across the EU. This is quite different from how operators of essential services (OES) are treated, for which the NIS Directive simply provides a set of parameters, letting individual Member States determine how these apply within local law.
Note that some competent authorities may require DSPs to identify themselves and self-register.
Online marketplaces
Online marketplaces provide a digital service that “allows consumers and traders to conclude online sales or service contracts with traders, and is the final destination for the conclusion of those contracts” (Recital 15).
This emphasis on being able to “conclude” their shopping is important, as the Recital goes on to explain that “It should not cover online services that serve only as an intermediary to third-party services through which a contract can ultimately be concluded. It should therefore not cover online services that compare the price of particular products or services from different traders, and then redirect the user to the preferred trader to purchase the product.”
In other words, websites that redirect users to another service to set up the final contract, such as price comparison sites, are out of scope. The same is true for classified advert sites, as they merely connect buyers and sellers who complete their trades elsewhere, and do not conclude on the website itself. Note that simple online retailers that sell directly to consumers on their own behalf are also out of scope.
Finally, the Recital explains that “Computing services provided by the online marketplace may include processing of transactions, aggregations of data or profiling of users. Application stores, which operate as online stores enabling the digital distribution of applications or software programmes from third parties, are to be understood as being a type of online marketplace.”
Online search engines
Online search engines provide a digital service that “allows the user to perform searches of, in principle, all websites on the basis of a query on any subject. It may alternatively be focused on websites in a particular language” (Recital 16).
The Recital goes on to explain that the Directive does “not cover search functions that are limited to the content of a specific website, irrespective of whether the search function is provided by an external search engine. Neither should it cover online services that compare the price of particular products or services from different traders, and then redirect the user to the preferred trader to purchase the product”. This puts sites that have a search function powered by a different organisation – an online search machine – out of scope, even if the search function indexes content across the wider Internet.
Cloud computing services
Cloud computing services provide a digital service allowing “access to a scalable and elastic pool of shareable computing resources. Those computing resources include resources such as networks, servers or other infrastructure, storage, applications and services” (Recital 17).
Recital 17 also provides the following definitions:
• Scalable: “computing resources that are flexibly allocated by the cloud service provider, irrespective of the geographical location of the resources, in order to handle fluctuations in demand”.
• Elastic pool: “those computing resources that are provisioned and released according to demand in order to rapidly increase and decrease resources available depending on workload”.
• Shareable: “those computing resources that are provided to multiple users who share a common access to the service, but where the processing is carried out separately for each user, although the service is provided from the same electronic equipment”.
Given these definitions, services likely in scope are Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS).
Some special cases
Recital 53 and Article 16(11) of the Directive specify that micro and small enterprises do not fall under the scope of the Directive. The European Commission’s definitions identify these as digital service providers that employ fewer than 50 people and whose annual turnover and/or annual balance sheet total does not exceed €10 million.15
Some organisations established outside the Union may also be designated DSPs and bound by the Directive’s requirements. In line with Recital 65, if “it is apparent that the digital service provider is offering services to persons in one or more Member States”, then the organisation should designate a representative within the Union, so it will fall under the jurisdiction of that Member State. This representative will be designated in writing to act on the DSP’s behalf in relation to the Directive, so will need to be available to any relevant CSIRTs and competent authorities. Likewise, if a DSP is based within a Member State, but offers services outside of that state, its competent authority is still responsible for overseeing those cross-border activities within the EU.
While it may be difficult to enforce the Directive on DSPs based outside the EU, it is nonetheless an important point. After all, OES will essentially be limited to using the services of DSPs that comply with the Directive. In addition, common consumers and other organisations will also want the reassurance that the services they are using and investing in are actually reliable.
Operators of essential services
While this pocket guide focuses on DSPs, the Directive also imposes requirements on OES. These are stricter than those imposed on DSPs – particularly from a supervisory point of view – due to the higher risk OES typically face. These requirements may also vary per Member State.
14 Directive (EU) 2015/1535, Article 1(b).
15 Micro and small enterprises are defined in 2003/361/EC, which states that “a small enterprise is defined as an enterprise which employs fewer than 50 persons and whose annual turnover and/or annual balance sheet total does not exceed EUR 10 million”, and that “a microenterprise is defined as an enterprise which employs fewer than 10 persons and whose annual turnover and/or annual balance sheet total does not exceed EUR 2 million”.
CHAPTER 2: AUTHORITIES AND BODIES
Alongside requiring Member States to set “security and notification requirements for operators of essential services and for digital service providers”, the NIS Directive also specifies that they must “designate national competent authorities, single points of contact and CSIRTs with tasks related to the security of network and information systems”.16 Each of these bodies will play an important role in how the Directive is applied in the Member States and across the EU.
Competent authorities
Competent authorities are the agencies or organisations that oversee compliance with laws and regulations implemented on the basis of the NIS Directive. There is no specified limit on the number of competent authorities a Member State can set; several countries have decided to assign them on a sectoral or regional basis, while others have appointed just one competent authority.
Although the competent authorities are meant to oversee compliance, the Directive states that they should have “no general obligation to supervise digital service providers” and should “only take action when provided with evidence...