ENISA is presenting a report with the first overview of legal aspects of Risk Management/ Risk Assessment (RM/RA). This report is a unique, novel compilation of normative texts, providing policy makers and business security experts with a strategic tool for identifying key legal RM/RA requirements. As such, the report is a valuable information source for these actors. The material is available online (see www.enisa.europa.eu/rmra/lr_home.html).

The presented material is charting the main normative components regarding RM/RA applicable within the European Union. Moreover, this material assesses the impact of these normative texts for both the private and public sector. This knowledge is instrumental for business, e.g. to determine to which extent these guidelines apply to risk management considerations, and how they may impact Network and Information Security (NIS) practices.

The necessity of a collection of regulations, directives, etc, with normative character has repeatedly been underlined by business and by NIS Stakeholders to ENISA. The study is a tool of reference within the initial steps in RM/RA, namely to identify the applicable legal framework. Furthermore, the Member States can track the national implementation status vis-à-vis existing international frameworks, and transposition status of EU directives and regulations.

The report is mainly focusing on normative texts, with a natural bias towards the ICT/telecommunications/data protection sectors. The study is categorised according to the horizontal applicability of normative areas, e.g: Data Protection/Privacy, National Security, Civil and Penal Law, Corporate Governance, e-business, and Risk Management/Risk Assessment Standards.

Source