Many medium to large companies have obtained ISO 27001 certification. The question on most corporate management's minds: is the certificate sufficient to meet the NIS2 requirements?
CEEYU BLOGPOST
NIS2 Compliance
Be ready by October 17th 2024
The NIS (Network and Information Systems) regulation aims to combat threats to networks and information systems, thereby improving the functioning of Europe's digital economy. Networks and information systems play a vital role in society as a whole, and their reliability and security are essential to economic and social activities. By October 2024, member states must transpose the NIS 2 regulation into their national legislation, which means that from that date onwards, companies in a sector considered essential or important to society will have to meet a number of requirements for the protection of their networks and information systems.
But NIS 2 is not just about regulatory compliance. It's about doing business successfully in the future, ensuring business continuity, preventing a cybersecurity attack and minimizing its consequences should it occur.
The NIS2 Directive
NIS2, what and for whom?
NIS2 applies to medium and large enterprises in the following sectors: Healthcare, transportation, finance, water supply, waste management, energy, digital infrastructure, telecommunications, medical device and chemical manufacturing, food, aerospace, postal administration and public administration. The regulation defines ten minimum requirements with which all covered companies must comply. Essential and significant entities must comply with the same requirements. The distinction between the two types of companies is made only in terms of monitoring measures and sanctions. Read more about who NIS2 applies to in this blogpost.
While implementing cybersecurity standards such as ISO 27001/27002, SOC 2 and NIS CSF go a long way, it is not enough to comply with the regulation.
How can Ceeyu help you?
“Security measures should be put in place regarding the operations of network and information systems” - NIS2 requirement
The NIS 2 directive requires security measures to be put in place to manage and report vulnerabilities in IT systems and networks.
The Ceeyu platform constantly scans your company from the Internet from a hacker's point of view, often referred to as external attack surface management. This gives you an overview of your IT systems and networks, visible from the outside. Automated assessments in 10 different cybersecurity domains are performed on these assets to find and report vulnerabilities. Active vulnerability assessments and penetration tests can be carried out on request, in addition to the default passive vulnerability scans.
How can Ceeyu help you?
“Companies need to assess the overall level of security for all vendors.” - NIS2 requirement
NIS2 underlines the importance of Third-Party Security Risk Management (TPsRM). From October 2024, all affected companies (estimated between 100,000 and 150,000), will have to periodically assess the quality of protection of their key suppliers' networks and information systems.
Ceeyu's SaaS platform can be used to scan not only your own network, but also that of your key suppliers. Because automated scans cannot cover all aspects of security, customers can also conduct assessments of their suppliers based on a library of standards-based questionnaire templates (ISO 27001, NIST, GDPR, etc.).
How to get to NIS 2 compliance?
Our SaaS platform can alliviate your work with continous security risk identification of your network and IT systems and the ones of your critical suppliers.