NIS2 Now Official - How We Help You Comply
In December, the new EU Directive NIS2 published in the EU Official Journal, and it will come into force on January 16, 2023. There is a lot of information, concrete requirements and some room for interpretation. One thing is certain, a number of new cybersecurity obligations apply to organizations of importance to business and society. In addition to the 24-hour reporting deadline after attacks or data breaches, these include IT risk management measures. With automated vulnerability analyses and continuous supplier monitoring, we support you in meeting the requirements and save you time and personnel costs.
EU NIS2 Cyber Security - Are you affected?
The scope of NIS2 is significantly extended compared to the original NIS directive.
Still valid are the Essential Sectors: Energy, Transportation & Traffic, Banking & Financial Markets, Health, Water Supply, Digital Infrastructure.
New additions are the Important Sectors: Wastewater, ICT service management B2B, public administration, postal and courier services, waste management, chemicals, food, industry/manufacturing, space, research, and digital services (search engines, social networks).
All large and medium-sized organizations that belong to the listed sectors are affected. The only exceptions are small companies with fewer than 50 employees and less than EUR 10 million in sales/balance sheet.
Regardless of size, the following are regulated: Digital Infrastructure of Essential Sectors, Organizations of Particular National and Cross-Border Importance, and Public Administration.
EU NIS2 - These are the most important requirements
The EU directive requires member states to enact appropriate legal and administrative provisions to ensure a minimum level of network and information security. In the future, operators in the EU will have to implement the following security measures:
- Policies: Guidelines for risks and information security
- Incident Management: Prevention, Detection and Management of Security Incidents
- Continuity: Business continuity management and crisis management
- Supply chain: security in the supply chain to secure development at suppliers
- Test and audit: methods for measuring the effectiveness of information security
- Cryptography: appropriate use of encryption
How LocateRisk facilitates the implementation of NIS2
LocateRisk's vulnerability assessments make it easier for your organization to comply with "test and audit" and "supply chain" requirements. Thanks to the automated collection and evaluation of the IT security situation in real time, you can objectively prove the IT security status without any additional resources or effort. You don't need to create elaborate reports, but can share them quickly and easily, directly through the solution, with management or IT managers. With continuous monitoring, progress over time is visible at a glance.
Supplier monitoring checks the adherence of business partners and suppliers to your IT and compliance requirements. Monthly, weekly or even daily. You can compare the results and derive decisions. The partner companies can view the respective weak point details and optimize accordingly. Each analysis, each monitoring avoids costly analysis work in the security process and ensures that you do not lose time for evaluations or reporting, but can focus entirely on improvement.
Would you like to learn more about vulnerability assessments?
Simply request a free IT security assessment for your organization and we will discuss the result with you in a 30-minute online meeting. This will also give you insight into the five most critical vulnerabilities identified in the analysis.