Information security law in the EU and the U.S. : a risk-based assessment of regulatory policies

Security breaches affecting millions of consumers world-wide, media reports about "cyber war" and speculations about "cyber terrorism" have brought information security (often also referred to as "cyber security") to the forefront of the public debate. "Information Security Law in the EU and the U.S." provides the first comprehensive assessment of EU and U.S. information security law, covering laws and regulations that require the implementation of security measures, laws that impose or limit liability for security breaches, laws that mandate the disclosure of vulnerabilities or security breaches, and laws that deter malicious actors by providing criminal sanctions. To facilitate this comparative assessment, a risk-based assessment methodology is used. The book also contains a concluding comparative assessment that summarizes the current state of information security law. Building on this concluding assessment, policy recommendations are presented how to fundamentally improve information security.

1. Introduction .- 2. The Foundations and Challenges of Information Security .- 3. A Methodology for Assessing Regulatory Policies .- 4. Regulating Information Security by Mandating Security Controls .- 5. Regulating Information Security by Imposing or Limiting Liability .- 6. Regulating Information Security by Mandating Transparency .- 7. Regulating Information Security by Deterring Malicious Threat Agents .- 8. Concluding Comparative Assessment .- 9. Policy Recommendations .- 10. Conclusion .- References .- List of Abbreviations .- Index