Summary of basic measures for NIS2
NIS2, through the national acts in each country, defines a number of obligations and measures that organizations must meet. The goal of NIS2 is to increase cybersecurity resilience against cyber attacks and threats across the EU. Therefore the organization must implement preventive measures as well as be able to respond to cyber attacks correctly and report them to national authorities. Basic measures concern these topics
- Cyber & Information Security Policies
- Incident Management
- Business Continuity
- Supply Chain Security
- Training
- IT Asset Management
- Reporting Obligations
Obligations and measures should be proportionate to the company's financial capabilities and the value of its data.
What you need to do to meet duties for NIS2
The measures and obligations that organizations and companies have to implement due to NIS2 can be briefly summarized in these 10 basic steps:
- make an overview of your essential and most important data and other IT assets = keep assets
- know your risks and weaknesses = make a risk assessment and implement risk management
- ensure you have access to your data under control
- educate your employees, give them basics of information security, it can save you most troubles
- have your IT processes and technologies under control, ensure the security of your IT - applications, software, hardware, and other IT equipment
- have external IT services and their suppliers, including cloud services, under control
- be able to respond to and protect against various cyber attacks
- be able to recover your data and operations after an attack or disaster
- implement information security policies
- ensure improvement of the above, be sure you are focusing on important issues
Each organization is different and so individual-specific measures. Individual-specific measures will differ in each organization because each organization is the other.
You can view a more detailed list of measures for NIS2 in the following articles.