IS YOUR IT SECURE?, ARE YOU NIS2 READY?

EU Directive NIS2

A few months before NIS2 comes into force, there is still a lot of uncertainty in many companies: is the new EU directive binding for your company or will you be left out in the cold? In our workshop, we will advise you on how to clarify the situation and, if necessary, take specific measures. So that you don't have to buy a pig in a poke, we offer you a free initial consultation to clarify whether you have a need or not.

Now to the key facts:

 

What is NIS2?

NIS2 (Network and Information Systems Directive) is an updated EU directive that aims to strengthen security in certain sectors and protect digital infrastructure from increasing threats. From October 2024, affected organizations will need to be NIS2-compliant. The new NIS2 directive will require many more companies than before to demonstrably improve their IT security. Implementation must then take place no later than October 18, 2024.

 

 

Who is affected?

The NIS2 directive goes beyond the previous definition of critical infrastructures under the KRITIS legislation and affects a wider range of companies. Affected organizations are defined based on two main criteria:

Company size

and

Sector affiliation

In addition, companies that provide services to affected organizations may also be affected by the directive.

Free quick check

Is your organization affected by NIS2?

What must be implemented?

The directive requires affected companies to take appropriate, proportionate and effective measures to protect themselves against attacks. This includes

• Implementing risk management:
  Identifying, assessing and managing cyber risks
• Implement technical and organizational measures:
  Protect networks and information systems
• Develop incident response plans:
  Prepare for and respond to cyber security incidents
• Comply with reporting requirements:
  Timely reporting of security incidents and risks to relevant authorities
• Manage supply chain risk:
  Assess and manage supply chain cyber security risks
• Raise staff awareness through training:
  Embed the importance of cyber security throughout the organization
• Regularly review and test:
  Ensure the effectiveness of security measures

 

 

Reduce liability risks:

Timely implementation of the NIS2 Directive reduces security and legal risks for organizations and management. Failure to comply can have serious consequences, including personal liability for the management. The directive expressly prohibits the company from waiving its personal liability or entering into agreements to limit such liability.

Our recommendation:

Free Pre-Assessment

Take advantage of our free pre-assessment. In an approximately one-hour assessment, we will work with you to determine whether your organization needs to implement the EU directives, what is likely to be required, and what risks can be reduced by timely implementation.

• Scope of application: Clarify if your organization is affected by NIS2.
• Requirements and importance of NIS2: What needs to be implemented?
• Benefits of NIS2: What are the positive aspects for your organization?
• Recommendations for action: How should you proceed?

NIS2 Readiness Workshops

Clarify with us whether your company is affected by NIS2 and which specific measures need to be implemented in your company in order to be optimally prepared for the requirements of NIS2. We will be happy to assist you in an individual workshop:

• Determining the extent to which your company is affected by the NIS2 directive
• Analysis of the current status of your company in relation to the requirements of the NIS2 directive
• Develop and present recommendations for action to achieve NIS2 compliance

 

Our workshops:

 

NIS2 Readiness Assessment

Objective: To provide customers with an overview of the NIS2 requirements and an initial assessment of their current cyber security situation compared to the NIS2 standards

Content: Introduction to NIS2, conducting an initial GAP analysis, identifying relevant areas for more in-depth workshops

 

ISMS and Compliance Workshop

Objective: To assist customers in developing and implementing an ISMS that meets the requirements of NIS2

Content: ISMS basics, best practices, implementation steps, compliance review

 

Risk Management Workshop

Objective: To enable customers to effectively identify, assess and manage cyber risks

Content: Risk assessment processes, risk mitigation strategies, continuous risk management

 

Technical IT Security Concept

Objective: Develop technical security concepts specifically tailored to NIS2 requirements

Content: Development of security architectures, selection of appropriate security technologies, implementation guidelines

 

Business Continuity Management

Objective: To prepare organizations for the continuation of critical business processes in the event of a cyber security incident

Content: Development of business continuity plans, test and exercise procedures, resilience strategies

 

Supply Chain Risk Management

Objective: Manage cyber security risks in the supply chain

Content: Identify supply chain risks, develop risk management strategies, implement security controls

 

Incident Response Planning

Objective: Develop and improve plans for responding to cyber security incidents

Content: Create incident response plans, establish response teams, conduct response exercises

Take the free pre-assessment check with us:

Dieter Lunz