The objective of this research is to understand the compendium of legal devices on Cybersecurity that the European Union has for the protection of the cybernetic ecosystem from the perspective of soft systems. Understanding cybersecurity as the interactions between people, processes, data and information and communication technologies, which configures a complex interconnected information infrastructure, where people must be the fundamental element. According to the European Union Agency For Cybersecurity in 2024, the top three cyber incidents per threat type were: the category of Denial-of-Service attacks such as DoS, DDoS (Distributed Denial of Service) and RDoS (Ransom Denial of Service) with 41.1%, Ransomware (25.79%) and Threat Data as data breaches or data leaks (19.01%). The European Union has a complex set of laws to protect activities in cyberspace, including The Cybersecurity Act, The General Data Protection Regulation, Directive (EU) 2016/1148, Digital Markets Act (DMS), Digital Services Act (DSA), Cyber Solidarity Act, among others. The Soft Systems Methodology (SSM) is a cycle of learning and reflection, which allows the transition between the observed reality (problem situation), subsequently projected as a Human Activity System (HAS) through artifacts such as root definition and conceptual model. Root definitions are descriptions that consider the notions, visions, representations of all actors and agents of the system, their worldview, environmental constraints and transformation processes. The elements of the acronym CATWOE are identified, representing the critical features of the root definition of the system of human activities, and an initial conceptual model is designed. The root definition expresses what the HAS “is”, while the conceptual model states “what the system does”. The SSM is proposed the adoption of the MSS as a framework where stakeholders actively participate in the legislative update process on cybersecurity in Europe, as required by technological developments.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Cybersecurity in European Union Regulations: A Soft Systems Approach

  • Douglas Torres

摘要

The objective of this research is to understand the compendium of legal devices on Cybersecurity that the European Union has for the protection of the cybernetic ecosystem from the perspective of soft systems. Understanding cybersecurity as the interactions between people, processes, data and information and communication technologies, which configures a complex interconnected information infrastructure, where people must be the fundamental element. According to the European Union Agency For Cybersecurity in 2024, the top three cyber incidents per threat type were: the category of Denial-of-Service attacks such as DoS, DDoS (Distributed Denial of Service) and RDoS (Ransom Denial of Service) with 41.1%, Ransomware (25.79%) and Threat Data as data breaches or data leaks (19.01%). The European Union has a complex set of laws to protect activities in cyberspace, including The Cybersecurity Act, The General Data Protection Regulation, Directive (EU) 2016/1148, Digital Markets Act (DMS), Digital Services Act (DSA), Cyber Solidarity Act, among others. The Soft Systems Methodology (SSM) is a cycle of learning and reflection, which allows the transition between the observed reality (problem situation), subsequently projected as a Human Activity System (HAS) through artifacts such as root definition and conceptual model. Root definitions are descriptions that consider the notions, visions, representations of all actors and agents of the system, their worldview, environmental constraints and transformation processes. The elements of the acronym CATWOE are identified, representing the critical features of the root definition of the system of human activities, and an initial conceptual model is designed. The root definition expresses what the HAS “is”, while the conceptual model states “what the system does”. The SSM is proposed the adoption of the MSS as a framework where stakeholders actively participate in the legislative update process on cybersecurity in Europe, as required by technological developments.