Cybersecurity Regulations for Businesses
1. Give us 5 consequences of cyber-attacks ?
Financial losses due to theft or fraud
Services disruptions and inconvenience
Lost of trust in online services
Data breaches, risking personal information
Operational disruptions and downtime
o Downtime is when a system or service stops working and cannot be used
2. What does the ENISA do?
ENISA = European Union Agency for Cybersecurity
Tasks:
o It is an EU agency focused on cybersecurity.
o It gives advices, guidance and support to EU countries and institutions
o It assists in the development of EU-wide cybersecurity policies, standards and best
practices
o It also plays a central role in supporting the implementation of EU cybersecurity
legislation, such as the NIS Directive and Cybersecurity Act
o It organizes events like ECSM to raise awareness about cybersecurity
ECSM = European Cybersecurity Month
Annual campaign for the entire month of October
3. What is eIDAS and give me an example?
eIDAS = Electronic Identification Authentication and trust Services
What?
o It is an European system that ensures safe online transactions across the EU
o It allows secure electronic exchanges, legally binding digital signatures, and reliable
digital identity verification.
Example
o Someone in Spain can sign a contract online with a company in Italy using a trusted
digital signature, and it will be legally accepted in both countries.
, 4. Explain the purpose of the GDPR and discuss the key provisions?
Purpose
o It protects personal data and privacy of individuals in the EU.
o It ensures organizations handle data responsibly and transparently.
Key provisions
o Data protection and privacy
It ensures secure handling and processing of personal data.
It applies to any organization handling EU citizens’ data even outside the EU.
o Data minimalization
Only collect data that is strictly necessary for purpose.
o User consent (toestemming) and transparency
It requires clear, explicit user for data collection and use.
Organizations must provide detailed information on how data will be used.
o Rights of individuals
Right to access: individuals can see what data is stored.
Right to rectification: users can correct inaccurate data.
Right to erasure: users can request deletion of their data.
5. Explain the main features of the NIS2 directive. Why is this important for companies?
What?
o Law created to improve the cybersecurity in the essential sectors. It sets stricter
standards and it is important to report incidents fast.
Main features
o Expanded scope.
Covers critical sectors like water, health and energy.
Also applies on governments entities.
o Stricter risk management
Companies must implement stronger measures for risks, incidents and supply
chain security.
o Incidents report
Companies must report the incidents way faster.
Reporting is mandatory in a specific timeframe.
o Enhanced cooperation
Promotes collaboration between member states
Establishes a wider cooperation for sharing information.
Importance for companies
o Protects critical systems from cyberattacks.
o Helps businesses comply with EU-wide standards.
o Enhances trust and resilience in their operations, benefiting companies as well as clients.
1. Give us 5 consequences of cyber-attacks ?
Financial losses due to theft or fraud
Services disruptions and inconvenience
Lost of trust in online services
Data breaches, risking personal information
Operational disruptions and downtime
o Downtime is when a system or service stops working and cannot be used
2. What does the ENISA do?
ENISA = European Union Agency for Cybersecurity
Tasks:
o It is an EU agency focused on cybersecurity.
o It gives advices, guidance and support to EU countries and institutions
o It assists in the development of EU-wide cybersecurity policies, standards and best
practices
o It also plays a central role in supporting the implementation of EU cybersecurity
legislation, such as the NIS Directive and Cybersecurity Act
o It organizes events like ECSM to raise awareness about cybersecurity
ECSM = European Cybersecurity Month
Annual campaign for the entire month of October
3. What is eIDAS and give me an example?
eIDAS = Electronic Identification Authentication and trust Services
What?
o It is an European system that ensures safe online transactions across the EU
o It allows secure electronic exchanges, legally binding digital signatures, and reliable
digital identity verification.
Example
o Someone in Spain can sign a contract online with a company in Italy using a trusted
digital signature, and it will be legally accepted in both countries.
, 4. Explain the purpose of the GDPR and discuss the key provisions?
Purpose
o It protects personal data and privacy of individuals in the EU.
o It ensures organizations handle data responsibly and transparently.
Key provisions
o Data protection and privacy
It ensures secure handling and processing of personal data.
It applies to any organization handling EU citizens’ data even outside the EU.
o Data minimalization
Only collect data that is strictly necessary for purpose.
o User consent (toestemming) and transparency
It requires clear, explicit user for data collection and use.
Organizations must provide detailed information on how data will be used.
o Rights of individuals
Right to access: individuals can see what data is stored.
Right to rectification: users can correct inaccurate data.
Right to erasure: users can request deletion of their data.
5. Explain the main features of the NIS2 directive. Why is this important for companies?
What?
o Law created to improve the cybersecurity in the essential sectors. It sets stricter
standards and it is important to report incidents fast.
Main features
o Expanded scope.
Covers critical sectors like water, health and energy.
Also applies on governments entities.
o Stricter risk management
Companies must implement stronger measures for risks, incidents and supply
chain security.
o Incidents report
Companies must report the incidents way faster.
Reporting is mandatory in a specific timeframe.
o Enhanced cooperation
Promotes collaboration between member states
Establishes a wider cooperation for sharing information.
Importance for companies
o Protects critical systems from cyberattacks.
o Helps businesses comply with EU-wide standards.
o Enhances trust and resilience in their operations, benefiting companies as well as clients.
