Safetech Webinar: NIS2 Directive – Purpose, Requirements and Solutions to Achieve Compliance
Only a few weeks separate us from the deadline for the transposition into national legislation and application of the NIS2 Directive at European level, set for October 17, 2024. Many organizations still have questions about new network and information security requirements. To support them, Safetech Innovations organized, in August and September, a series of three webinars dedicated to the NIS 2 Directive. The events provided clarity on the most pressing questions regarding NIS 2, through the interventions of Safetech specialists: Cătălin Gherghiceanu (cybersecurity presales manager), Gheorghe Mărăcine (coordinator of the audit team) and Paul George Căta (lawyer).
General NIS 2 Benchmarks. Standardising cybersecurity across the EU
Lawyer Paul George Căta summarized the most important elements of the NIS 2 Directive. According to him, it expands the scope of the original NIS 1 Directive, includes more critical sectors, imposes stricter security requirements and comes up with an approach to standardize cybersecurity requirements at European level, while increasing cooperation between member states and introducing tougher penalties for non-compliance.
Paul George Căta clarified that small and micro enterprises are currently not covered by the NIS 2 Directive, except for SMEs active in the electronic communications sectors. The main targets are therefore large companies, with over 250 employees, and medium-sized companies, with at least 50 employees. Among the most important changes that entities operating in areas considered “essential” and “important” will be obliged to make, the lawyer recalled: defining internal security policies, conducting internal analyses to identify vulnerabilities in organizations, reporting them (in Romania, to the DNSC), preventing, detecting, responding and reporting incidents, including with the help of Artificial Intelligence technologies.
Find out more about the NIS 2 provisions by accessing the article “Safetech solutions and services for compliance with the NIS2 Directive”.
Gheorghe Mărăcine offered organizations a practical, easy-to-follow guide, which includes the most important milestones in compliance with NIS 2. These are as follows:
- Implementation of an Information Security Management System (ISMS) framework, which concretizes the strategic security objectives and provides part of the governance framework;
- Increasing the level of awareness among employees of the existing risks;
- Create an inventory of your organization’s assets;
- Carrying out a risk analysis;
- Implementation of technical controls, based on the results of the risk analysis;
- Conducting periodic trainings on cybersecurity and company policies, to create a culture of security;
- Implementation of indicators to measure the effectiveness of the applied controls;
- Accountability of senior management;
- Continuous monitoring of the security level and review of controls.
How can companies prepare? Safetech expertise
Cătălin Gherghiceanu announced that, in order to help organizations that want to assess whether or not they fall under NIS 2, Safetech has created questionnaires to verify the classification of an organization for the purposes of NIS 2, verifying the belonging to the sectors and subsectors of the Directive, the location and size of the organization, as well as to determine the level of compliance of an organization with the requirements of NIS 2. In a meeting with the beneficiary, Safetech consultants use these tools to carry out a quick assessment of the current situation.
For the targeted organizations, according to Cătălin Gherghiceanu, the ISO 27001/2:2022 and CIS CSC v8.1 standards are good sources of inspiration and main benchmarks in compliance with NIS 2. Safetech estimates that companies that are already ISO 27001/2:2022 certified will have to cover very small differences to adapt to the requirements of the Directive. In addition, these organizations can also draw inspiration from the standards specific to the areas of cybersecurity: risk management (ISO 31000, ISO 27005, CIS RAM), business continuity management system (ISO 22301), business impact analysis (ISO 22317), supply chain security (ISO 28000).
The Safetech manager also made a thorough analysis of the measures provided for in NIS 2, reviewing the complex portfolio made available by Safetech to support companies, for each level of the Directive. Thus, Safetech Innovations offers network, email, cloud, and API security solutions, solutions for detecting and responding to security incidents, managing security events and incidents, providing threat and cyber breach intelligence, securing privileges and identity, asset management and security.
In addition, the company also offers consulting and implementation services (Governance, Risk and Compliance, training services, etc.) and outsourcing services for security operations, (onboarding and integration, planning and prevention, monitoring, detection, investigation and response to cybersecurity incidents), through its own CERT center, accredited by Trusted Introducer.
The subject of NIS 2 is a major priority for Safetech Innovations. For more information about Safetech’s NIS 2 compliance solutions and services, including details on assessment questionnaires, please contact us by email at [email protected] or by phone at +40 21 316 0565.