Information Security and Cyber Laws

In today’s inter-connected world, the security and the privacy of digital data are primary concerns for all governments and businesses. Virtually no one is protected from the cybercrime on the internet. The term cybercrime originates since the year 2000 when the book with the same name was first published (edited by Thomas and Loader). Cybercrime is defined as computer-initiated illegal activity realized over the global electronic network. Many national governments have adopted their own legislations in the areas of cybercrime and information security. These laws cover different sectors of the economy and the society, such as banking and e-commerce, telecommunications, health, transport (air, sea, rail and road), power and water supply, and education. The adopted laws and standards define different information security measures. Some of these involve security checks, physical security, data safety, security of information systems, and industrial security measures. Importantly, the adopted national information security and cyber laws make sure that all attackers (intruders) who initiate and/or realize attacks are sued and accordingly punished. There are also regional cyber laws, such as European Union’s Network and Information Security Directive (NISD), which extend national borders and apply to all the associated member states. This edition covers different topics from cyber security and anti-cybercrime laws, including cyber-criminal detection and prevention, cyber security in different society segments, cyber laws, and cyber terrorism.

Section 1 focuses on cyber-criminal detection and prevention, describing digital forensics and cybercrime data mining, time prints for identifying social media users, a framework of identity resolution, and network intrusion detection and visualization using aggregations.

Section 2 focuses on cyber security in different society segments, describing cyber-physical-social based security architecture for Internet of Things (IoT), emerging issues for education in electronic health records, analysis of causes and events on electric power infrastructure impacted by cyber attacks, quantitative methodology to assess cyber security risk of smart grid, and SCADA framework incorporating MANET and IDP.

Section 3 focuses on cyber laws, describing regimes and mobile telecoms regulation in the twenty-first century, the directive 95/46/EC and the data protection act 1998, the role of anonymization and pseudo-nymisation under the EU data privacy rules, and cyber warfare under the International Humanitarian law.

Section 4 focuses on cyber terrorism, describing the perception on the cyber...