NIS is a first essential step with a view to promoting a culture of risk management, by introducing security requirements as legal obligations for the key economic actors, notably;
Member States should have identified Operators of Essential Services (OES) by November 9th, 2018.
The directive considers following sectors under OESs; Energy, Transport, Banking, Financial market infrastructures, Health, Water supply and Digital infrastructure Energy, Transport, Banking, Financial market infrastructures, Health, Water supply and Digital infrastructure.
The directive considers following sectors under DSPs; Search engines, Cloud computing services and Online marketplaces.
Applicability is not the same for DSPs and OESs:
OESs are public or private entities that meet all of the following criteria:
A lot was left to be defined upon member states, incident reports (not strictly related to cybersecurity), response timeframes, etc.
NIS encourages the use of European or internationally accepted standards and specifications relevant to the security of NIS, such as:
ENISA has issued a report to assist Member States and DSPs in providing a common approach regarding the security measures for DSPs – technical Guidelines for the implementation of minimum security measures for Digital Service Providers.
Our service provides a risk based approach in order to break NIS regulations into specific requirements for your organisation’s cybersecurity program, making it easier to pinpoint which of the NIS requirements are in-place and which require remediation actions to ensure compliance against national requirements.
Our NIS services are aimed at helping you achieve compliance. As trusted advisors we shall: