Ready for NIS.2?

The 2016 NIS directive only concerns a limited number of crucial organizations, so your company shouldn’t bother? Ooooops, with NIS.2 you might be very, very wrong! So check out this presentation.

Though the initial NIS directive (on Security of Network and Information Systems) has not yet run its first full cycle (with the first external audits not until 2023), its limitations are already clear: too limited in scope; too many differences in national approaches and variations in resources; and not enough information sharing. So a NIS.2 proposal has been introduced.

Though still very much a work in progress, with no enforcement expected before 2024, organizations would do well to start evaluating its impact on their security posture today. And no better place to start than the presentation “NIS2: NIS with teeth? Or biting off more than we can chew?” by Pieter Byttebier of the Center for Cybersecurity Belgium (CCB). As International Relations Officer, he is deeply involved in the discussions around the NIS.2 proposal.

The proposal rests on three pillars: member state capabilities; risk management; and cooperation and information exchange. In his presentation, Pieter Byttebier touches upon five key questions, with ‘will NIS.2 apply to my organization’ foremost among them. And let’s be clear, an overview of ‘essential’ and ‘important’ entities as listed in the Annexes of the NIS.2 proposal illustrates the much broader scope of this directive. As an example, take ‘important entities, sector manufacturing, subsector manufacture of machinery and equipment n.e.c.’ as referred to in ‘section C division 28 of NACE Rev.2’: not many companies in this subsector will evade NIS.2… Micro companies with fewer than 50 personnel and less than 10 million euro annual turnover will be exempted, but national authorities could even include them selectively.

One other question refers to the ‘teeth’ of NIS.2. Indeed, entities will run not only a gamut of e.g. warnings and administrative fines. Management must sign off on cyber security measures, and in ‘essential’ entities, management will be held liable, including temporary bans against managers.

Again, this NIS.2 proposal is still very much a work in progress. So Pieter Byttebier is inviting input from organizations on all aspects of this proposal. Start with his presentation, and do contact him. And find out whether NIS.2 ‘as is today’ applies to your organization, so you can start to prepare. That is not wasted effort, as any measures you take, make your company more secure and act as business enablers.

Useful links: 

NIS.2 proposal

Annexes

NACE Rev.2

 



Nos autres articles

30 November: Computer Security Day: Ada Lovelace

On computer security day we pay tribute to Ada Lovelace, the forgotten mother of the computer. Often described as the first computer programmer — before computers were even invented — Ada was a real visionary. Imagine what she might have achieved had Babbage actually built his “computer” and she hadn’t died at the age of 36.

Privacy Focus Group: AI and Data Protection

The second webinar of the Privacy Focus Group on the subject of ‘Artificial Intelligence’ (AI) tackles a major challenge: how to reconcile the use of AI with the demands of GDPR, particularly regarding data protection? It is still very much unknown territory for developers, users and privacy protection officers. This webinar helps you find your way!

API Security

API’s (Application Programming Interfaces) are ubiquitous and used to interconnect all our popular web applications. Without API’s, applications cannot communicate and we would simply not be able to use the majority of the current cloud and web applications. But at the same time, because of these API’s, security threats are greater than ever. API attacks are different compared to traditional attacks: they target vulnerabilities in the business logic, and hackers exploit these zero-day vulnerabilities.

Privacy Focus Group: AI : Basic concepts and regulatory trends

This webinar organized by the Privacy Focus Group in cooperation with KU Leuven helps you gain a much-needed insight in the hot topic of Artificial Intelligence (AI). It gives an overview of the different types of AI applications and points to the ethical and societal implications of the use of such applications. It is a splendid starting point to delve deeper into the fascinating world of AI.


Partagez ce contenu avec votre réseau :