Objetivo: Este estudo visa elucidar o quadro legislativo em evolução que governa os incidentes de segurança cibernética na Jordânia, com foco nos desenvolvimentos legislativos de 2019 a 2024. Procura avaliar a adequação das leis atuais e propor melhorias para fortalecer a governança de segurança cibernética.

Métodos: Foi empregada uma metodologia comparativa juntamente com uma abordagem analítica crítica, examinando as disposições legais atuais que regulam a segurança cibernética na Jordânia e comparando-as com padrões internacionais como a Diretiva NIS2 da União Europeia e o Ato de Fortalecimento da Segurança Cibernética Americana de 2023.

Resultados: O estudo delineia desenvolvimentos legais significativos nas leis de segurança cibernética da Jordânia e destaca lacunas que podem impedir uma gestão eficaz da segurança cibernética. Propõe reformas legislativas específicas destinadas a aprimorar o quadro legal, particularmente nas áreas de relatórios de incidentes e resposta a ameaças impulsionadas por IA.

Conclusão: O estudo conclui que a Jordânia precisa implementar reformas legislativas abrangentes para alinhar suas políticas de segurança cibernética com as normas internacionais para aprimorar efetivamente sua resiliência cibernética nacional.

CISA National Cyber Incident Scoring System (https://www.cisa.gov/uscert/CISA-National-Cyber-Incident-Scoring-System#accordion-section-baseline).

Cyber Security Breaches Survey 2021. (2021). Department for Digital, Culture, Media & Sport. Retrieved from https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2021

Cybersecurity and Infrastructure Security Agency (CISA). (2023). Strengthening American Cybersecurity Act of 2023. Retrieved from https://www.cisa.gov

Cybersecurity and Infrastructure Security Agency (CISA). (n.d.). Cybersecurity incident. https://www.cisa.gov/cybersecurity-incident

Cybersecurity Incident Taxonomy - July 2018, CG Publication 04/2018, NIS Cooperation Group (http://ec.europa.eu/information_society/newsroom/image/document/2018-30/cybersecurity_incident_taxonomy_00CD828C-F851-AFC4-0B1B416696B5F710_53646.pdf)

EU CSIRTs network SOPs – Situation report Technical, Situation report Operational (US-CERT Cyber incident scoring system - https://www.us-cert.gov/NCCIC-Cyber-IncidentScoring-System)

European Union Agency for Cybersecurity (ENISA). (2022). NIS2 Directive: Strengthening Cybersecurity in the EU. Retrieved from https://www.enisa.europa.eu

Glover, C. (n.d.). The Difference Between Threat, Vulnerability, and Risk, and Why You Need to Know. Retrieved from https://www.travasecurity.com/resources/the-difference-between-threat-vulnerability-and-risk-and-why-you-need-to-know

Hathaway, O. A., & Crootof, R. (2021). The law of cyber-attack. Faculty Scholarship Series, Paper 3852. Retrieved from http://digitalcommons.law.yale.edu/fss_papers/3852

Hathaway, O. A., & Crootof, R. (2022). The Legal Evolution of Cybersecurity Regulations: A Comparative Analysis. Yale Law Review, 131(4), 987-1023.

Incident Notification for operators of essential services (https://ec.europa.eu/digital-single-market/en/nis-cooperation-group)

Karataş, A. (2020). “The Comparative Analysis of National Cyber Security Policies: United States, United Kingdom and Turkey Examples”, Academic Social Resources Journal, (e-ISSN: 2636-7637), Vol:5, Issue:19; pp:737-751 Brustolin, V. (2019). Comparative analysis of regulations for cybersecurity and cyber defence in the United States and Brazil. Rev. Bras. Est. Def., 6(2), 93-123. https://doi:10.26792/RBED.v6n2.2019.75149

Koczerginski, M., Wasser, L. A., & Lyons, C. (2017). Cybersecurity – The Legal Landscape in Canada. Retrieved from https://mcmillan.ca/insights/publications/cybersecurity-the-legal-landscape-in-canada/

KPMG Advisory (China) Limited. (2017). Overview of China’s Cybersecurity Law. Retrieved from https://assets.kpmg/content/dam/kpmg/cn/pdf/en/2017/02/overview-of-cybersecurity-law.pdf

Malgieri, G., & Comandé, G. (2017). Why a right to legibility of automated decision-making exists in the General Data Protection Regulation. International Data Privacy Law, 7(4), 243-265. https://doi.org/10.1093/idpl/ipx019

Malgieri, G., & Comandé, G. (2023). AI and Cybersecurity: The Intersection of Law and Technology. International Data Privacy Law, 9(2), 301-317.

Marotta, A., & Madnick, S. (2024). Perspectives on Compliance and Cybersecurity Regulation: An International Approach. Journal of Law & Cyber Governance, 18(1), 44-61.

Marotta, A., & Madnick, S. (2024). Perspectives on the relationship between compliance and cybersecurity. Journal of Information System Security, 16(3).

National Cyber Security Centre (NCSC). (2023). Cyber Incident Response Framework. Retrieved from https://www.ncsc.gov.uk

National Cyber Security Centre (NCSC). (n.d.). Cyber incident response plan. Retrieved from https://www.ncsc.gov.uk/collection/cyber-incident-response-plan

National Cyber Security Centre (NCSC). (n.d.). Cyber threats. https://www.ncsc.gov.uk/information/cyber-threats

National Cyber Security Centre. (n.d.). Cybersecurity assessment. Retrieved from https://www.ncsc.gov.uk/cybersecurity-assessment

National Institute of Standards and Technology. (2017). Cybersecurity Framework (CSF). Retrieved from https://www.nist.gov/cybersecurity-framework

National Institute of Standards and Technology. (2020). Cybersecurity audit. Retrieved from https://www.nist.gov/cyber

Reference Incident Classification Taxonomy (Task Force Status and Way Forward), the European Union Agency for Network and Information Security (ENISA) in JANUARY 2018 (https://www.enisa.europa.eu/publications/reference-incident-classification-taxonomy/)

Tarala, J., & Tarala, K. K. (n.d.). Open Threat Taxonomy. Retrieved from https://www.auditscripts.com/resources/open_threat_taxonomy_v1.1a.pdf

Techopedia. (n.d.). Cyberspace. Retrieved from https://www.techopedia.com/definition/2493/cyberspace

United Kingdom Parliament. (2022). Cyber Resilience Act: Regulatory Framework for Smart Devices Security. Retrieved from https://www.gov.uk.

Urgessa, W. G. (2019). Multilateral cybersecurity governance: Divergent conceptualizations and its origin. Computer Law & Security Review: The International Journal of Technology Law and Practice. https://doi.org/10.1016/j.clsr.2019.105368

US Cyber Incident Severity Schema https://obamawhitehouse.archives.gov/sites/whitehouse.gov/files/documents/Cyber%2BIncident%2BSeverity%2BSchema.pdf.

The comprehensive dictionary of meanings.

Children's Online Privacy Protection Act (COPPA).

Computer Fraud and Abuse Act (CFAA), United States, 1984.

Computer Fraud and Abuse Act (CFAA). (1986). Electronic Frontier Foundation.

Cybersecurity Act, United Kingdom, 2010.

Cybersecurity Enhancement Act of 2014, Pub. L. No. 113-274, 128 Stat. 3042 (codified at 42 U.S.C. § 5195c).

Cybersecurity Law of Jordan, 2019.

Directive (EU) 2016/1148 OF THE EUROPEAN PARLIAMENT AND THE COUNCIL, concerning measures for a high common level of security of network and information systems across the Union.

Directive 2002/21/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 7 March 2002, on a common regulatory framework for electronic communications networks and services, (Framework Directive), (OJ L 108, 24.4.2002, p. 33).

General Data Protection Regulation (GDPR).

Strengthening American Cybersecurity Act of 2022.

UK's Data Protection Act.