Regulating Information Security: A Matter of Principle?

  • Andreas Mitrakas
  • Silvia Portesi


The widespread use of information technology in daily transactions has exacerbated the role of information security to protect information assets. Regulating network and information security has taken place through instruments and instantiations used for most of the time for different purposes than those strictly needed by information security itself. If information security is the answer to such requirements as confidentiality, integrity and availability of resources, setting up appropriate regulation is the means to set up binding frameworks. Regulation in this respect takes into account the requirements for a soft law approach that encompasses self regulatory frameworks and standards. A set of regulatory principles addressing the content and form of regulation in network and information security is an additional means to further enhance the impact of legislation and serve stakeholders.


Information Security Information Society Regulatory Principle European Telecommunication Standard Institute European Telecommunication Standard Institute 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [Aust1832]
    Austin, John: The province of jurisprudence determined, London, 1832.Google Scholar
  2. [Boas6l]
    Boas, George: Rationalism in Greek philosophy, The John Hopkins Press, Baltimore, 1961, p. 162–163.Google Scholar
  3. [Boss00]
    Boss, Amelia: Searching for Security in the Law of Electronic Commerce, Nova Law Review, Vol. 23, 2000.Google Scholar
  4. [Buel06]
    Alfred Buellesbach: Chapter IV, Transfer of personal data to third countries. In Alfred Buellesbach, Yves Poullet, Corien Prins, Concise European IT Law, Kluwer Law International, 2006, p.102–108.Google Scholar
  5. [Cast04]
    Castells, Manuel: The Rise of the Network Society, Blackwell, UK, 2004, p. 28ss.Google Scholar
  6. [COM94]
    Recommendations to the European Council Europe and the global information society, European Commission, Brussels 1994.Google Scholar
  7. [COM02]
    Communication from the Commission to the Council, the European Parliament, the Economic and Social Committee and the Committee of the Regions — eEurope 2005: An information society for all An Action Plan to be presented in view of the Sevilla European Council, 21/22 June 2002, COM(2002) 263 final, Brussels, 2002.Google Scholar
  8. [Dwor77]
    Dworkin, Ronald: Taking rights seriously, Duckworth, London, 1977, p. 17, 22, 72.Google Scholar
  9. [ETSI06]
    ETSI (European Telecommunications Standards Institute): White Paper on “Achieving Technical Interoperability”, Sophia-Antipolis, October 2006, p. 6.Google Scholar
  10. [FoBaOl]
    Ford, W., Baum, M.: Secure Electronic Commerce, (2nd edition) Prentice-Hall, 2001.Google Scholar
  11. [Hart6l]
    Hart, H.L.A.: The concept of Law, Clarendon Press, Oxford, 1961.Google Scholar
  12. [Hix99]
    Hix, Simon: The political system of the European Union, Palgrave, London, 1999.Google Scholar
  13. [KLP+06]
    Koops, B-J., Lips, M., Prins, C, Schellekens, M. et al.: Starting Points for ICT Regulation, Information Technology and Law Series, The Hague 2006, p. 7, 44, 48, 49ss.Google Scholar
  14. [Lessi04]
    Lessig, Lawrence: Free Culture, Penguin, NY, 2004.Google Scholar
  15. [Lessi06]
    Lawrence Lessig: Code, Basic Books, NY, 2006, p. 61.Google Scholar
  16. [Levitt06]
    Levitt, Steven D.: An economist sells bagels: A case study on profit maximisation, National bureau of economic research working paper, Cambridge, MA, 2006.Google Scholar
  17. [Luhm95]
    Luhman, Niklas: Social systems, Stanford University Press, Stanford, CA, 1995.Google Scholar
  18. [Mats02]
    Matsuura, J.H.: Security, rights, and liabilities in e-commerce, Artech House, US, (2002), p. 3ss.Google Scholar
  19. [MHPG07]
    Mitrakas, Andreas, Hengenveld, Pim, Polemi, Despina, Gamper, Johann: Towards secure eGovernment, in Mitrakas, Andreas Pim Hengenveld, Despina Polemi, Johann Gamper, Secure eGovernment web services, IGI Publishing, Hershey, 2007.Google Scholar
  20. [Mitr06]
    Mitrakas, Andreas: Article 9 [Committee]. In Alfred Buellesbach, Yves Poullet, Corien Prins, Concise European IT Law, Kluwer Law International, 2006, p. 387–389.Google Scholar
  21. [Mitr07]
    Mitrakas, Andreas: Annex II, Overview of Current Legal and Policy issues, in Christos Douligeris, Dimitris Seripanos (eds.), Network Security: Current status and future directions, John Wiley & Sons (IEEE Publication), Hoboken, NJ, 2007, p 481–506.Google Scholar
  22. [Mitn80]
    Mitnick, B.M.: The political economy of regulation: creating, designing and removing regulatory forms, Columbia University Press, NY, 1980.Google Scholar
  23. [PfleOO]
    Pfleeger, C: Security in Computing, Prentice Hall, 2000.Google Scholar
  24. [Poli89]
    Mitchell Polinsky, A.: An introduction to law and economics, (2nd edition), Little, Brown & Co., Boston, 1989, pp. 11–14.Google Scholar
  25. [RANIS06]
    WG-RANIS: Inventory and assessment of EU regulatory activity on network and information security, (NIS), ENISA Working Group Report, 2006.Google Scholar
  26. [Send04]
    Senden, Linda: Soft law in the European Community Law, Hart Publishing, Oxford, 2004.Google Scholar
  27. [Send05]
    Senden, Linda: Soft law, self regulation and co-regulation in European Law: Where do they meet? In Electronic Journal of Comparative Law, Vol., 9.1, January 2005, www.ejcl.orgGoogle Scholar
  28. [Ters06]
    Terstegge, Jeroen: Article 17 [Security of processing]. In Alfred Buellesbach, Yves Poullet, Corien Prins, Concise European IT Law, Kluwer Law International, 2006, p. 76–79.Google Scholar
  29. [Weil91]
    Weiler, J.H.H.: The Transformation of Europe, 100 Yale lawjournal 2403 1991, p. 2461.Google Scholar
  30. [Wil105]
    Williamson, Oliver E.: Transaction Cost Economics and Business Administration, Scandinavian Journal of Management, 21(1), March 2005, p. 19–40.Google Scholar

Copyright information

© Friedr. Vieweg & Sohn Verlag | GWV Fachverlage GmbH, Wiesbaden 2007

Authors and Affiliations

  • Andreas Mitrakas
    • 1
  • Silvia Portesi
    • 1
  1. 1.European Network and Information Security Agency (ENISA)USSR

Personalised recommendations