What are the implications of the NIS (Network and Information Security) 2 Directive for my organisation in terms of cyber security? Is my organisation ready for NIS2? What steps does my organisation need to take to comply with NIS2? Not surprisingly, these questions are frequently asked. Our NIS2 baseline measurement provides insight into where your organisation stands and any areas for improvement.
With the NIS2 Directive, the European Union (EU) is seeking to increase the cyber resilience of organisations that are critical to the functioning of our society. NIS stands for Network and Information Security. NIS2 is a successor to NIS1. It covers more sectors, tightens up cyber security measures, includes a reporting obligation for cyber incidents, applies stricter enforcement and penalties and makes a distinction between ‘essential’ and ‘important’ organisations.
The Directive affects a wide range of businesses and organisations, and in particular essential service providers such as energy companies, water suppliers, transport businesses, financial institutions and digital infrastructure providers. Digital service providers such as online market places, search engines and cloud service providers are also subject to the Directive. In short, any organisation that is considered essential for the continuity of vital services or that offers digital services must comply with the requirements of NIS2.
The NIS2 Directive gives your organisation’s cyber resilience a boost. This is important in view of increasing digitisation and the high frequency of cyber attacks. Our measurement gives immediate insight into your current level of NIS2 preparedness. We give you concrete advice to ensure that your organisation is ready for NIS2.
During the planning phase, you determine with us what we are going to measure and how much we are allowed to measure. The information needed for the measurement is then gathered. When these results have been delivered, the baseline measurement can be carried out.
Our NIS2 baseline measurement provides insight into your organisation’s digital security. We carry out the measurement on the basis of our cyber resilience model, partly by means of interviews.
We then supplement the top-down insights from the previous phase with a bottom-up investigation of the measures and vulnerabilities in applications, systems, networks and end-user equipment. There are three ways to conduct this investigation; which of these is suitable or applicable depends on the client:
The results from the cyber resilience model are then reviewed in light of the NIS2 Directive.
After the analysis and evaluation, we present our findings in the NIS2 baseline measurement and measures report. This contains a description of the method used, a management summary, an overview of the vulnerabilities in your cyber security, an assessment of the cyber security risks and recommendations on compliance with NIS2. Our recommendations fall into three categories: quick wins, must-haves and road map. After the report has been received, we make an appointment in order to present and discuss the results. We also give some pointers on how to resolve the reported vulnerabilities.
This measurement is the first step in increasing your cyber resilience. If you decide to take things further, we will be happy to visit you in order to draw up a road map. Our ‘small steps, big impact’ approach is central to the services we provide. We understand that every organisation is unique, with different needs and challenges in the area of cyber security, which is why we always look in our approach, recommendations and advice at what is right for your organisation and what you need. In this way, we move steadily and effectively in the right direction.
