In December 2020 the European Commission published a proposal to repeal the current NIS Directive (European Directive on Network and Information Systems) and to replace it with a new Directive: the so-called NIS-2 Directive. This post will give an update on the status of negotiations of NIS-2, and will outline the aspects we already know and don’t know about the upcoming Directive’s final form.
GRC: Be Connected! Cybersecurity Activities & Knowledge
26 January 2021 – Cyber Security Coalition
GRC: Be Connected! – about skills, frameworks and knowledge
A new year, and a new collaborative initiative by the Coalition, ISACA Belgium and the Solvay Brussels School of Economics & Management. In a series of six webinars, several hot topics in the field of cyber security are discussed from a very practical ‘point of view’. In a first webinar, some very basic aspects of cyber security are treated: how to manage necessary skills, what about frameworks, where to find knowledge.
Karel De Kneef, CSO of Swift, points out that ‘people make the difference’, with a consequent need to optimize the talent challenge. He presents his organization’s split between ‘protect’ and ‘transform’ activities, the latter targeting improved security, with a list of specific action points. Most of his efforts are spent on ‘security assurance’ (“policies are fine, but check whether they are correctly implemented”), ‘business support’ (“risk based approach and cooperation with the business”), ‘tools’ (“60+ tools and platforms”) and ‘cyber incident detection and response’. Every single point of attention requires people with appropriate skills, with growing needs of business insight and leadership qualities. It pays not only to broaden the horizons of security experts, but also to recruit people from the business side, with attention to diversity!
As frameworks go, the NIST cyber security framework is the leading standard. Umut Inetas, Manager Security Architecture at Ahold Delhaize, offers specific pointers how to apply NIST to organizations. In particular, NIST is a ‘framework of frameworks’ supported by a multitude of ‘special publications’ (SP’s) and FIPS (US Federal guidelines) covering specific sectors and needs. He discusses the three main components of NIST, in casu ‘tiers’ (implementation), ‘profile’ (from ‘as is’ to ‘to be’) and ‘core’ (strategy and roadmap). And of course how to tackle the five pillars: identify, protect, detect, response, recover. Along with these practical aspects, Umut Inetas also provides an insight as to ‘why NIST’ and its future.
The third presentation, by Vilius Benetis, director of NRD Cyber Security, underlines the usefulness of organizations as ISACA and First.org as sources of knowledge, certifications/certificates and trust. He points out why starting a CSIRT (Cyber Incident and Response Team) is important, and how to be about it.
Other blog posts
Ransomware – today’s universal cyberworry – is but one aspect of a crime: cyber extortion. Orange Cyberdefense provides some insights into this scourge, based on its ‘Security Navigator 2022’-report.
The Cyber Security Coalition and top cybersecurity trainer SANS Institute joined forces to provide specially needed insights and recommendations on successful cloud security, as well as how to handle cyber security in these times of war.
It is easy to drown in the sea of dire warnings about the danger of AI, in particular to our privacy. The main point is that AI in good trust is possible, but requires solid, long term and well-structured approaches. This session of the Privacy focus group offers some crucial insights and welcome examples.
On computer security day we pay tribute to Ada Lovelace, the forgotten mother of the computer. Often described as the first computer programmer — before computers were even invented — Ada was a real visionary. Imagine what she might have achieved had Babbage actually built his “computer” and she hadn’t died at the age of 36.