The NIS Directive (Network and Information Security - MIS) is an EU directive that sets measures for a high level of security of networks and information systems. All organizations covered by the Directive, such as Essential Service Operators (ESSOs) and Digital Service Providers (DSPs), must regularly improve their level of information security and demonstrate compliance.
Your Security is Our Priority
The NIS Directive (NIS) is the first EU directive to increase cyber security across the EU. It sets requirements for cyber security in networks and information systems covering private and public providers of vital services – or so-called essential service operators. The basis of NIS is the growing threat to all types of organizations - not least from third parties.
Sectors covered by NIS 2
Including subsectors: electricity, oil, and gas.
Including subsectors: air transport, rail transport, shipping, and road transport.
Including subsector; healthcare environments (including hospitals and private clinics).
Including search engines, online marketplaces, and social networks.
Requirement for a systematic approach to cybersecurity
To strengthen the internal market and reduce vulnerability, NIS 2 requires essential public services to adopt a systematic and risk-based approach to security and incident reporting.
Obligations under NIS 2
According to NIS 2, organizations have several main obligations:
Conduct a systematic and risk-based approach to information security.
Annual assessment of business risks and preparation of an action plan to form the basis for selecting appropriate cyber security measures.
Appropriate and proportionate measures to address risks that threaten information security.
Prevent and minimize the consequences of security breaches affecting networks and information systems.
Reporting incidents that have a significant impact, such as information loss or workflow disruption.
How can CyPro Help?
CyPro's Audit and Business Advisory department can help organizations on their way to compliance with the NIS 2 Directive. We can determine the level of compliance and help you implement the necessary measures.
Depending on your organization's security posture, the following topics are key focal points for improvement:
Cyber Security Budgeting Plan and Program (ISO27001 Adoption)
Implement a security awareness program (employee training)
Development of policies for risk analysis and security of information systems
Improving the overall technical security of your organization (network, access control, etc.)
Develop policies and procedures regarding the use of cryptography and encryption