One more month before NIS2 goes into effect

On Oct. 17, new legislation on network and information security will take effect. It concerns the European directive NIS2, which will be transposed into Dutch law from that date. Is your organization ready? Come for the answer to Cybersec Netherlands on Nov. 6 and 7.

In the Netherlands, the NIS2 directive will be incorporated into the Cyber Security Act, which will replace the current Network and Information Systems Security Act (Wbni). The NIS2 Directive lays down the minimum standards that organizations must meet in the area of information and network security. Previously this directive (NIS1) only applied to vital companies but it is now being extended to a larger group. These are organizations with a turnover of 10 million euros or more than 50 employees.

Obligations consist of a ‘duty of care’ in which companies make a detailed risk assessment and establish procedures for reporting security incidents. There is also the “duty to report,” which requires that disruptions be reported to a computer security incident response team (csirt). There are also deadlines for reporting incidents and preparing a final report. In addition, supervision is being tightened, with executives to be held jointly and severally liable; fines follow for violations.

People, processes and technology

‘This has a big impact on risk management. Cisos will have to support the right and effective investments in people, processes and technology,’ says Taco Mulder, ciso at Federal Public Service (FPS) Bosa, the Belgian government’s ict service provider. He was involved in the implementation of NIS2 within several Belgian federal entities and is sharing his knowledge and experience during the Cybersec Netherlands event. Mulder: “To meet the requirements for security at the government level, the Belgian federal authorities have started to deploy a focus on people, processes and technology. In a presentation, Mulder will shed light on the approach, practical steps taken and planning to comply with the NIS2 directive.

He shares a few tips in advance: “Avoid vendors who promise compliance, find those who come with the ethics, solutions and knowledge to secure your environment. He also emphasizes that the NIS2 directive does not just create stress and problems. “Understand that you can and will have fun in the role of ciso. According to Mulder, working on NIS2 provides an opportunity to find like-minded people and achieve a common goal of improving cyber resilience. According to Mulder, this is not about “security through compliance,” but “compliance through security.

Taco Mulder, ciso at FPS Bosa, shares lessons about NIS2.

Source: Pim van der Beek for Computable.nl