
The importance of cybersecurity education for businesses: Are you prepared?
4 de October de 2024
This is how Cosmikal Endurance helps organizations comply with NIS2.
4 de October de 2024October 17, 2024, is the deadline for compliance with Directive (EU) 2022/2555 (NIS2) at the European level. This directive aims to ensure and standardize the level of cybersecurity across all EU countries. Is your company ready?
This approval and entry into force, carried out in 2023, marks a milestone in cybersecurity legislation and establishes certain obligations for EU member states.
The main objective of this regulation is to eliminate the significant differences and divergences in cybersecurity among Member States. To achieve this, it establishes:
- Cybersecurity obligations for states.
- Measures for managing cybersecurity risks for entities.
- Notification obligations for entities.
- Obligations regarding the exchange of security information.
- Supervision and enforcement obligations for states.
Who does NIS2 apply to?
Public and private entities identified as operators of essential and important services that are established in the European Union or provide services to individuals within the EU.
Some of the sectors considered essential include: water, energy, digital infrastructure, financial and banking market infrastructures, health, and transportation.
When?
It must be transposed into national law by October 17, 2024.
Obligations for Entities
- Adopt governance measures, cybersecurity risk management, and reporting.
- Implement technical and organizational measures to manage cybersecurity risks.
- Prevent and minimize the impact of potential cyber incidents.
- Notify cybersecurity incidents to the CSIRT or the relevant competent authority.
- Ensure that managers receive training on cybersecurity risks and are responsible for adopting appropriate measures.
- Utilize European certification schemes.
- Submit the required information to competent authorities and notify any changes in the information.
- Facilitate the voluntary exchange of cybersecurity information between essential and important entities and notify competent authorities of any relevant incident, cyber threat, or near-miss incident.
Relevant Points Related to NIS2
Development of Cybersecurity Strategies: Companies must develop and maintain cybersecurity strategies that align with national and European objectives.
Risk Management and Incident Reporting: Companies will be required to adopt a proactive approach to risk management and establish effective systems for reporting cyber incidents.
Designation of Competent Authorities: Companies will need to designate competent authorities for the oversight and compliance of the directive, as well as for the management of cybersecurity crises.
Cooperation and Information Sharing: There will be an emphasis on cooperation between companies and national and European authorities, as well as on the sharing of information regarding threats and vulnerabilities.
Compliance with the National Security Scheme (ENS): Companies must align their policies and procedures with the ENS, which establishes a set of security measures for the protection of information and services.
In relation to the National Security Scheme (ENS), the transposition of NIS2 implies that companies must adjust their information security management systems to comply with the specific compliance profiles of the ENS. This includes:
- Risk Analysis: Conduct a risk analysis that considers widespread vulnerabilities and threats, following established criteria.
- Security Measures: Implement appropriate security measures, such as robust authentication mechanisms and certified components, to protect against unauthorized access and other cybersecurity risks.
- Statement of Applicability: Provide a statement of applicability detailing the security measures that are applicable and how these align with the requirements of NIS2.
Cosmikal Endurance, for compliance with the regulation.
Cosmikal offers Endurance, which emerges as a unique solution to help meet the requirements of NIS2.
It not only helps companies manage and monitor privileged access to critical systems, but it also strengthens the security posture by preventing unauthorized access and mitigating the risks of internal attacks.
With this implementation, your company will not only be aligned with the new regulation but will also take a prominent position in protecting its digital assets, investing in continuity and trust. Discover how Cosmikal Endurance can be your ally in complying with NIS2 and ENS.
🔗 Discover in part 2 how Cosmikal Endurance helps you comply with NIS2.