Don’t Tell Them now (or at all) – Responsible Disclosure of Security Incidents under NIS Directive and GDPR

Schmitz, Sandra; Schiffner, Stefan

doi:10.1080/13600869.2021.1885103

Request a copy

Article (Scientific journals)

Don’t Tell Them now (or at all) – Responsible Disclosure of Security Incidents under NIS Directive and GDPR

Schmitz, Sandra; Schiffner, Stefan

2021 • In International Review of Law, Computers and Technology, 35 (2)

Peer Reviewed verified by ORBi

Permalink
https://hdl.handle.net/10993/46908

DOI
10.1080/13600869.2021.1885103

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

Don t tell them now or at all responsible disclosure of security incidents under NIS Directive and GDPR-1.pdf

Publisher postprint (1.36 MB)

Request a copy

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

Privacy; Cybersecurity; NIS Directive; GDPR

Disciplines :

Law, criminology & political science: Multidisciplinary, general & others

Author, co-author :

Schmitz, Sandra ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > PI Cole

Schiffner, Stefan ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > PI Engel

External co-authors :

Language :

English

Title :

Don’t Tell Them now (or at all) – Responsible Disclosure of Security Incidents under NIS Directive and GDPR

Publication date :

2021

Journal title :

International Review of Law, Computers and Technology

ISSN :

1364-6885

Publisher :

Carfax Publishing, United Kingdom

Volume :

Issue :

Peer reviewed :

Peer Reviewed verified by ORBi

Focus Area :

Law / European Law

FnR Project :

FNR12639666 - The Eu Nis Directive: Enhancing Cybersecurity Across Vital Business Sectors (Encavibs), 2018 (01/09/2019-31/08/2022) - Mark Cole

Available on ORBilu :

since 24 April 2021

Statistics

Number of views

206 (6 by Unilu)

Number of downloads

21 (5 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

Bibliography

Art. 29 Data Protection Working Party. 2017. “Guidelines on the Application and Setting of Administrative Fines for the Purposes of the Regulation 2016/679”. WP 253.
Art. 29 Data Protection Working Party. 2018. “Guidelines on Personal Data Breach Notification Under Regulation 2016/679”. WP250 rev.01.
Cichonski, P., T., Millar, T., Grance, and K., Scarfone. 2012. “NIST Special Publication 800-61 Revision 2: Computer Security Incident Handling Guide Recommendations”. NIST Special Publication. doi: 10.6028/NIST.SP.800-61r2.
ENISA. 2017. “Incident Notification for DSPs in the context of the NIS Directive”. https://www.enisa.europa.eu/publications/incident-notification-for-dsps-in-the-context-of-the-nis-directive/at_download/fullReport.
European Banking Federation. 2020. “EBF Position on Cyber Incident Reporting”. https://www.ebf.eu/wp-content/uploads/2020/06/EBF-position-paper-on-cyber-incident-reporting_annex-on-FLIIS.pdf.
European Commission. 2020. “Proposal for a Directive of the European Parliament and of the Council on Measures for a High Common Level of Cybersecurity Across the Union, Repealing Directive (EU) 2016/1148”. COM(2020) 823 Final.
Halevi, T., N., Memon, and O., Nov. 2015. “Spear-Phishing in the Wild: A Real-World Study of Personality, Phishing Self-efficacy and Vulnerability to Spear-Phishing Attacks”. doi: 10.2139/ssrn.2544742.
Hansen, M., M., Jensen, and M., Rost. 2015. “Protection Goals for Privacy Engineering”. IEEE Security and Privacy Workshops. https://ieeexplore.ieee.org/document/7163220.
Laue, P., 2019. “ Art. 34 DSGVO.” In Recht der elektronischen Medien, edited by G., Spindler and F., Schuster. München: C.H. Beck.
Martini, M., 2018. “ Art. 33 DSGVO.” In Beck’sche Kompakt-Kommentare, Datenschutz-Grundverordnung Bundesdatenschutzgesetz, edited by B., Paal and D., Pauly. München: C.H. Beck.
NIS Cooperation Group. 2018. “Reference Document on Incident Notification for Operators of Essential Services”. CG Publication 02/2018. https://ec.europa.eu/information_society/newsroom/image/document/2018-30/reference_document_incident_reporting_00A3C6D5-9BDB-23AA-240AF504DA77F0A6_53644.pdf.
Uwer, D., 2020. “ § 29 BDSG.” In Beck’scher Online-Kommentar Datenschutzrecht, edited by S., Brink and H. A., Wolff. München: C.H. Beck.
Weulen Kranenbarg, M., T. J., Holt, and J., van der Ham. 2018. “Don’t Shoot the Messenger! A Criminological and Computer Science Perspective on Coordinated Vulnerability Disclosure”. 7 Crime Science 16. doi: 10.1186/s40163-018-0090-8.