Network and Information Security Directive v2 (NIS2)
The objective of the revised Network and Information Security Directive v2 (NIS2) is to achieve a high level of network and information system security within the EU through the following means:
- Improved cybersecurity capabilities at national level
What will member states do to increase their national cybersecurity capabilities? Each member state will adopt a national strategy for the security of network and information systems, which will define the strategic objectives and appropriate policy and regulatory measures.
- Increased EU-level cooperation
How will member states cooperate? The NIS2 Directive will establish a ‘cooperation group’ to support and facilitate strategic cooperation and the exchange of information among member states, and to develop trust and confidence. It will also establish a network of national cybersecurity incident response teams (CSIRTs) to promote swift and effective operational cooperation between member states.
- Risk management and incident reporting obligations for operators of essential services and digital service providers
What are “operators of essential services” and what will they be required to do? Operators of essential services are private businesses or public entities with an important role for society and the economy. Under the NIS2 Directive, identified operators of essential services will have to take appropriate security measures and notify the relevant national authority of all serious incidents. Security measures include:
Preventing risks: technical and organisational measures that are appropriate and proportionate to the risk.
Ensuring the security of network and information systems: the measures should ensure a level of network and information system security appropriate to the risks.
Handling incidents: the measures should prevent and minimise the impact of incidents on the IT systems used to provide the services.
There are actions that an organisation can take to prepare for NIS2, including
- Centralise cybersecurity Governance
To prepare for the NIS2 Directive, a singular, centralised governance structure should be established for your firm’s security. This will enable quick responses to compliance requests. Defined ownership of security controls is also important in understanding governance.
- Perform a security health check
A cybersecurity health check will provide an up-to-date picture of where your organisation stands. An audit can be the first step on the road to compliance, highlighting potential gaps and creating plans to remediate them.
- Contact your security partners
Contact your trusted cybersecurity advisers for the most up-to-date advice and guidance. Also, leverage what you already have by integrating the NIS2 Directive with existing compliance efforts or initiatives. And finally, build IT and cybersecurity international standards and frameworks into your regulatory compliance framework for easy implementation, testing and monitoring, and to ensure that maximum benefit is derived from existing IT and cybersecurity control programmes.
The NIS2 Directive will affect organisations designated as operators of essential services and digital service providers within the European Union. As a result, it will directly impact the cybersecurity space in Ireland. Now is the time to prepare before the end of implementation period.
Author: Neil Redmond, Director of Cyber Security, PWC
Graduate of DCU Executive MBA
SOCIAL CHANNELS
LATEST NEWS
Career Piece – Jacqui Duncan – BA International Business28 September 2023 - 11:04 pm- Dublin City University Business School and UMass Boston School of Management Join Forces to Elevate Global Education27 September 2023 - 1:19 pm
- Project Management Methodology Evolution in Traditional Organisations27 September 2023 - 11:38 am
- Using ChatGPT to tailor your CV for bespoke applications27 September 2023 - 11:28 am
