Globeteam
NIS2
Feel free to contact me if you want to hear more
- Morten Eeg Ejrnæs Nielsen
- men@globeteam.com
- +45 2972 4610
Home » Security » Compliance » NIS2
NIS2 means increased security for key services
We have had NIS and GDPR and now it is time to get started on NIS2. For many businesses, GDPR proved to be a very long, tiresome and expensive process. One of the most important learnings from that time is that most businesses didn’t start their preparations early enough. They underestimated the extent of the task and its importance to their core business. That is why it is a good idea to start work on NIS2 now, even if you have until 18th October 2024 to ensure you’re compliant with the new legal requirements.
Globeteam helps companies and organisations get ready for NIS2. Our skillset covers strategic risk management, operational systems (the OT environment), and business support systems. We can step in as one of many suppliers, or we can run the entire project for you from start to finish.
What is NIS2 and who is covered by the NIS2 directive
NIS2 is an EU directive designed to secure key infrastructure and services against breakdowns and cyber threats via a high level of uniform cyber and information security across the EU. The adoption of the directive means increased requirements for cyber and information security within any major organisations that deliver key services to society.
The main point of difference from the NIS directive is that far more sectors are now included. The requirements are also being increased. There will be enhanced supervision, and management can now also be held directly accountable for legal infringements.
Small companies that have a revenue of less than 10 million euro or fewer than 50 employees will initially not be subject to the legislation. However, there are several exceptions. It is for this reason that companies in the relevant sectors should find out whether or not they are covered by the NIS2 directive.
The sectors covered by the NIS2 directive are:
Energy, transport, banking, financial market infrastructures, health, drinking water, wastewater, digital infrastructure, public administration, administration of information and communication technology services, space, mail, waste management, chemicals, food, digital providers, production of medical equipment, electronic products, machinery and vehicles, research.
What are the legal requirements set out by NIS2?
The NIS2 directive sets new requirements for organisations’ cyber and information security, as well as requirements regarding supervision and reporting. The requirements are:
- Policies for risk analysis and information security
- Policies and procedures to assess the efficiency of cyber security risk management measures
- Policies and procedures concerning the use of cryptography and, where relevant, encryption
- Management of incidents
- Operation continuity, such as backup management and recovery after a disaster and crisis management
- Supply chain security, including security related aspects concerning the relations between the individual unit and its direct suppliers and service providers
- Security related to purchasing, developing and maintaining the network and information systems, including management and publication of vulnerabilities
- Basic cyber hygiene practices and cyber security training
- Staff security, access control policies and administration of assets
- Use of solutions with multifactor authentication or continuous authentication, secure speech, video and text communication, and secure emergency communication systems internally in the entity, where relevant
A new element is that management will have a more direct responsibility for complying with the above mentioned rules and can therefore also be directly sanctioned.
In this video, Globeteam security advisor Morten Eeg Ejrnæs Nielsen talks about the purpose of NIS2, why the directive is sensible from society’s perspective and the increased requirements for management, risk management, and security policies, among other things.
Get off to a good start
If the NIS2 directive applies to you, we recommend that you get started on the implementation of the new legal requirements now. At Globeteam, we have specialised expertise in compliance and extensive experience with the implementation of new requirements on cyber and information security.
One of the most important elements of an effective implementation is to use the company’s specific challenges and situation as your point of departure. That way you create a holistic overview, and you can manage risks with a common understanding of the purpose and extent of the task.
More precisely, Globeteam offers several services that can be combined to fit your specific needs:
- Readiness assessment – overview of your maturity in relation with the NIS2 requirements
- Planning – strategy for your NIS2 implementation
- Implementation - practical implementation of NIS2 in your company
- Positioning - NIS2 incorporation in your overall risk management
- Development - collective, integrated, and manageable risk management model for your entire company
360 degrees around NIS2
By means of a readiness assessment that objectively measures your maturity, we create a 360 degree overview based on the NIST CSF framework tool, comprehensively covering all five of the primary functions of information security:
Identify: Organisational understanding of security risk management
Protect: Measures that ensure delivery of critical infrastructure
Detect: Tracking down security incidents
Respond: Actions when a security incident is discovered
Recover: Ability to get a service back into operation after a breakdown
This overview provides an overall indication of your general maturity level in terms of cyber and information security, including NIS2, and it also provides an overview of the various sub-categories of your information security. In this way, we get the opportunity to identify where your maturity is low, and what you should focus on to ensure NIS2 compliance.
We help ensure your company’s NIS2 compliance
At Globeteam, we are known for our skills within security and risk management. Among other things, we focus on risk assessments, emergency response plans, emergency tests and hybrid security.
Our approach ensures that you achieve compliance with the new requirements, while also focusing on those risks that are of greatest significance to your organisation as a whole. That way we create a foundation for management to prioritise risks.
At Globeteam, our team consists of more than 50 security experts that can help you achieve your NIS2 targets and ensure your continued operation in the face of breakdowns and cyber threats.