NIS2 Directive: What does it mean and who does it apply to?
EU-wide cybersecurity legislation
The EU Network and Information Security Directive (NIS2) aims to improve the overall level of information security. Its transition period is currently underway. The directive sets requirements for a number of actors in different sectors and includes the possibility of sanctions for company senior management if the requirements are not met.
In this article, we discuss the scope of the directive, key requirements, and possible solutions for how JMJping can help with the application of the directive.
What industries are covered by the NIS2 Directive?
The NIS2 Directive applies to a wide range of companies and organizations in different industries:
Energia-ala
Transportation
Banks and other financial market infrastructure
Terveydenhuolto
Jätehuolto
Digital infrastructure
CDN, data centers, telecom operators
and IT service providers
ICT-palveluiden hallinta
Postal and courier services
Kemikaalien valmistus,
tuotanto ja jakelu
Elintarvikkeiden valmistus,
tuotanto ja jakelu
Manufacturing
including medical devices, computers, electronic
and optical devices, electrical equipment,
other machinery and equipment, and vehicles
Public administration
Who is covered by the NIS2 Directive?
1. A company or organization that is at least medium-sized and whose main activity falls within one of the specified industries and meets the definition of an operator type.
2. The organization is a critical operator as defined in the CER Directive, regardless of size.
3. A company, regardless of size, if the industry is:
• Provider of public electronic communications networks or publicly available electronic messaging services
• Trust service provider
• Domain name registry or domain name service provider
• The service provider belongs to special categories and the application of which is provided for by regulation,
regardless of size: maintaining critical functions of society, significant impact of the disruption on public order,
general security or public health, significant systemic risk of the disruption (with cross-border effects)
or particularly high importance at national or regional level.
What requirements does the directive set and how can JMJping help with their application?
The NIS2 Directive places a number of stringent requirements on companies and organizations that require careful preparation. Compliance requires a holistic approach to cybersecurity. Below, we have listed the five most important requirements, and the solutions that JMJping's services offer to manage these challenges. In-depth expertise is a crucial factor for organizations preparing to meet the requirements of the NIS2 Directive.
1
A plan and guidance on information security practices developed by an organization. It defines how information security will be managed and what the organization's goals are. Information security planning relates to the practical measures and strategies used to achieve these goals.
2
Risk management is the process of identifying, assessing and managing potential threats and risks to an organization's operations. Vulnerability management aims to identify weaknesses in information systems and fix them before potential attacks occur.
3
A plan and measures to ensure that an organization can continue its operations as uninterrupted as possible, even in exceptional situations, such as disasters or information security issues.
4
Information security monitoring is the process of continuously monitoring the operation and traffic of information systems to detect potential anomalies and threats.
5
NIS2 requires companies to submit a notification to the supervisory authority within 24 hours of data breaches or other significant events. JMJ Log Watch, a centralized log management system, collects the necessary log information from your infrastructure. Response, incident handling and investigation are accelerated.
In addition...
Invest in continuous training
Providing training and awareness-raising to staff are key measures to ensure that employees are aware of the organization's information security procedures.
Pay attention to supply
chain security
NIS2 requires companies to thoroughly understand potential risks, so suppliers and service providers must also be assessed for vulnerabilities.
Auditing and reviews
An inspection or audit by an external party is an effective way to ensure that the requirements of the NIS2 Directive are met.
The seriousness of the NIS2 Directive is highlighted if the requirements are not met. The Directive allows for administrative fines of up to 10 million euros or 2% of the company's turnover. In addition, the personal liability of senior management may arise for violations of the regulations.
At JMJping, we offer a comprehensive range of solutions to help companies meet the requirements of the NIS2 directive and improve their level of information security.
