Cybersecurity

Spain: Decree amending NIS implementation law published in Official Gazette

In relation to the strategic and operational structure for the protection of networks and information systems, the decree seeks to establish the NIS Implementation Law in accordance with the security responsibilities of operators of critical services (‘OESs’) and digital service providers (‘DSPs’), in addition to handling security incidents.

https://www.boe.es/diario_boe/txt.php?id=BOE-A-2021-1192

Belgium: DPA publishes recommendations for data cleansing and record destruction

The Belgian Data Protection Authority (‘the Belgian DPA’) released recommendations for data controllers on data cleansing and the destruction of records.

The guidelines are intended, in particular, to help data controllers avoid unauthorized access to personal data stored in such records and to ensure the privacy of personal data belonging to Belgian citizens.

https://www.autoriteprotectiondonnees.be/publications/recommandation-n-03-2020-du-11-decembre-2020.pdf

EU: ENISA publishes report on CSIRT cooperation in fighting cybercrime

The European Union Agency for Cybersecurity (‘ENISA’) published a report and training manual on the cooperation of Computer Security Incident Response Teams (‘CSIRTs’), law enforcement agencies (‘LEAs’), and the judiciary in the context of combatting cybercrime.

You can read the press release here: enisa.europa.eu/…/training-together-to-fight-cybercrime-improving-cooperationdownload the report here: enisa.europa.eu/…n/at_download/fullReport and access the training here: enisa.europa.eu/…terial/legal-cooperation

Paper – Data and its (dis)contents: A survey of dataset development and use in machine learning research

Datasets have played a foundational role in the advancement of machine learning research. They form the basis for the models we design and deploy, as well as our primary medium for benchmarking and evaluation. Furthermore, the ways in which we collect, construct and share these datasets inform the kinds of problems the field pursues and the methods explored in algorithm development. However, recent work from a breadth of perspectives has revealed the limitations of predominant practices in dataset collection and use. In this paper, we survey the many concerns raised about the way we collect and use data in machine learning and advocate that a more cautious and thorough understanding of data is necessary to address several of the practical and ethical issues of the field.

https://arxiv.org/abs/2012.05345

Europe – ENISA: Cloud Security for Healthcare Services report

The European Union Agency for Cybersecurity (ENISA) published the Cloud Security for Healthcare Services report, which provides cybersecurity guidelines for healthcare organisations to help further digitalise with cloud services.

Building on ENISA’s procurement guidelines for cybersecurity in hospitals, published early last year, this new report assesses the cybersecurity risks of cloud services and offers good practices for their secure integration into the European healthcare sector.

The ENISA report comes as the European Commission is moving forward this year with the European Health Data Space initiative to promote the safe exchange of patients’ data and access to health data.

https://www.enisa.europa.eu/news/enisa-news/securing-cloud-services-for-health

International: ISO releases series of standards for biometric security

The International Organization for Standardization (‘ISO’) announced that it had released a series of new standards on biometric security.

In particular, ISO outlined that, considering the increasingly widespread use of biometrics as an effective means of verifying identification, ensuring its security is essential.

https://www.iso.org/advanced-search/x/title/status/P,U/docNumber/19989/docPartNo/docType/0/langCode/ics/currentStage/true/searchAbstract/true/stage/stageDateStart/stageDateEnd/committee/sdg