NIS 2 - How to start
What is NIS 2?
The NIS2 directive is a comprehensive EU-wide cybersecurity law that extends its coverage beyond the original NIS directive. As a result, a more extensive array of entities and sectors will now bear the responsibility for handling cybersecurity risks and reporting incidents.
The primary objective of this directive is to prevent or minimize the impact of incidents on the recipients of their services and on interconnected services. By requiring a wider spectrum of entities and industries to adopt precautionary measures, it facilitates a gradual enhancement of Europe's cybersecurity in the long run. This is achieved through the implementation of a risk-based approach and the establishment of robust information security programs that encompass various aspects of information security.
The updated directive delineates specific obligations for Member States, including the adoption of national cybersecurity strategies and the establishment of competent bodies, crisis management authorities, focal points for cybersecurity, and teams to address computer security incidents (CSIRTs). The directive extends its reach to crucial sectors such as energy, transportation, finance, healthcare, digital infrastructure, public governance, and space, subjecting them to innovative security regulations.
To ensure consistency, the directive not only lays down fundamental regulations for a regulatory framework but also sets in motion mechanisms to facilitate effective collaboration among relevant authorities in each Member State.
NIS 2 scope
NIS2 will establish the fundamental standards for handling cybersecurity risks across the following industries and sectors:
Banking and financial market infrastructure
Public administration (both central and regional levels)
Postal and courier services
Manufacturing of medical devices
Chemical and pharmaceutical production
Digital infrastructure and providers of digital services
The scope of NIS2 encompasses all medium-sized and large organizations operating within these sectors.
Fines of €10 million or 2% of global turnover, whichever is higher for essential entities, and €7 million or 1.4% of global turnover, whichever is higher for important entities.
In some countries, such as Belgium, punishments for NIS2 can also include potential jail time.
How can Maiky help?
About Maiky Maiky is an InfoSec platform built for CISOs by CISOs. We empower individuals and organizations by providing user-friendly tools, comprehensive resources, and actionable insights to protect their digital assets.
How can we help?
Maiky can help you in multiple stages of your NIS2 compliance. When you are just getting started we can help you get going fast, but if you already have an information security program we can assist you in an efficient way.
When you are just getting started with your information security program, there are a lot of things that come your way. With Maiky we have made those steps transparent and easy to get started with.
With our Quick Start to NIS2, the platform can pre-build a set of policies and controls, a number of risks, and more importantly, a set of actions you need to take to get started on your journey towards NIS2 compliance. Using our workflow engine you can further automate the process of ensuring compliance and with our pre-build NIS2 dashboard, you get a nice overview of your current status and the most important steps still to be taken.
Once you are ready with your first steps, you can continue to use the Maiky platform to keep extending and maturing your information program without the need to increase your license.
Already have an InfoSec program in place:
If however you already have an information security program in place, Maiky can assist you in knowing & controlling the gaps you might have with NIS2 and the content of the regulation.
Our quick start feature will only complete your program with the missing controls and list the actions you need to get NIS2 compliant.
Like to learn more? Get in touch with us.