Systematization of IT security law - ITSRsys
|Subproject:||Classification of systems and inclusion of the current state of the art|
|Funding type:||Research Framework Programme of the German Federal Government on IT Security Self-Determined and Secure in the Digital World|
|Team at ESMT:||Martin Schallbruch (DSI), Henning Christian Lahmann (DSI)|
|Cooperating institutions:||Karlsruher Institut für Technologie (KIT), Institut für Informations- und Wirtschaftsrecht (IIWR)|
IT security requirements are part of a growing number of regulations. In addition to "general" regulations, there is also "sector-specific" IT security law, for example in the telecommunications or financial sectors. In addition, there are "primary" IT security regulations which address the traditional goals of confidentiality, integrity and availability of IT systems, as well as "secondary" regulations in which the IT security goals are a means to achieve particular subject-specific goals, such as tax secrecy or the integrity of business transactions. IT security provisions are also included in data protection law. Up to now, general and specific law are systematically related to each other only in a limited way. The rapid development of IT security law has led to inconsistencies and contradictions. This makes it more difficult to implement IT security measures and to supply compliant IT security services and IT security products. The "ITSR.sys" project will develop an approach to systematize the entire legal field of IT security.
The aim is to develop a model of a "General IT Security Law" that spans all areas, sectors and policy fields and can serve as a basis for the systematic distinction between general and sector-specific regulations, thus contributing to the consistency and coherence of this developing field of law. The project will be carried out in close cooperation with the stakeholders of IT security law in business, government and academia.