“Formal compliance issues and possible solutions in cybersecurity”, Nr. 09.3.3-LMT-K-712-23-0225 - MRU

“Formal compliance issues and possible solutions in cybersecurity”, Nr. 09.3.3-LMT-K-712-23-0225

Project No. 09.3.3-LMT-K-712-23-0225
Project title: Formal compliance issues and possible solutions in cybersecurity,
Project duration:  2021-06-22 to 2023-06-21
Postdoctoral trainee – dr. Inga Malinauskaitė-van de Castel
Postdoctoral supervisor – prof. dr. Darius Štitilis

Summary:  However, the number of cyber incidents is not decreasing with increased capacity and cybersecurity maturity.  This project aims to address the issue of formal compliance in the field of cyber security. The topic is innovative and new, as formal compliance issues in cybersecurity have been little addressed. The research focuses on cybersecurity requirements and their implementation. It will be limited to an examination of selected cybersecurity requirements in different countries around the world and their implementing legislation. A strong emphasis will be placed on the differences between actual and formal compliance in cybersecurity. The aim of the project is to analyse the regulation of legislation implementing cyber-security requirements, to highlight the problematic aspects of implementation and the reasons for non-implementation in this area of the law, and to propose possible solutions. The project will analyse the cybersecurity requirements and the legislation implementing them; reveal the model of implementation of cybersecurity legislation and analyse the formal compliance problems and the reasons for non-implementation in this model; and formulate proposals on how to improve the implementation of cybersecurity requirements. The research material consists of data and document analysis, reinforced by a survey of experts and cybersecurity actors.

Outcome: The project will produce two scientific articles in high-level journals, a scientific paper presented at an international conference and a popular science article. The project outputs would reveal a systematic legal analysis of cybersecurity requirements. The project analyses the legal norms of cybersecurity, the environment of their implementation, and the results obtained during the research and their generalisations would contribute to the legislative processes in the Republic of Lithuania. This analysis will provide a better understanding of the implementation of cybersecurity legal norms. In addition, the conclusions and proposals suggest concrete recommendations for the improvement of legal regulation. It is believed that the work should be useful not only for legislative entities, but also for legal practitioners advising clients in this area and drafting documents on the implementation of cyber security requirements. In addition, the study may be useful for seminars on cybersecurity legislation. It is hoped that this study will serve as a basis for further academic debate on improving the implementation of cybersecurity legal norms and achieving better compliance in practice.

The project is funded by the European Social Fund under the activity ‘Promotion of post-doctoral traineeships’ under measure No 09.3.3-LMT-K-712 ‘Development of scientific competence of scientists, other researchers and students through practical scientific activities’. Grant agreement with the Lithuanian Research Council (LMT).