Introduction to NIS2
The NIS2 Directive (Network and Information Security Directive 2) is the new European regulation to strengthen cyber security in critical infrastructures relevant to public life. The directive is being introduced as a further development of the original NIS1 directive in order to prevent the increased threats in the digital world. NIS2 significantly expands the scope of the companies affected: It no longer only affects operators of critical infrastructure, but also a large number of companies that provide services or offer products that are essential to the functioning of the internal market – ergo: suppliers that serve critical infrastructure or companies that manufacture products that are important to public life.
Challenges regarding NIS2
Germany must transpose the NIS2 Directive into national law by October 2024, which means that affected companies must now deal intensively with the new organizational and technical requirements.
The directive requires companies to take extensive measures to secure their IT systems, infrastructure and networks. These measures include not only technical solutions, but also organizational and procedural changes (status: German draft bill dated 23.07.2024).
We have shown a practical implementation of the NIS2 requirements for a company as an example – we have divided them into the areas of risk management, prevention, 24×7 detection and response and disaster recovery. What quickly becomes clear: The NIS2 requirements are very complex and encompass a company’s entire cybersecurity process. As a whole, they provide a kind of basic protection for companies.
In practice, however, the complexity of the NIS2 requirements poses one of the biggest challenges for users. There is no single tool or software that fully covers all NIS2 requirements. Instead, companies must combine a variety of solutions, each of which addresses specific aspects of cyber security.
The correct selection and integration of these tools into the existing IT landscape poses major challenges for many companies, especially when it comes to maintaining an overview and ensuring that all legal requirements are met.
This is where we at CyberCompare come in with the “NIS2 for practice” series of articles to make it easier for you to implement the NIS2 requirements in practice. In this series, we will analyze specific requirements of the NIS2 directive and translate them into practical tool landscapes. In addition, we will introduce you to various tools that can make a significant contribution to compliance with the NIS2 directive. The aim is to provide you with sound guidance so that you can efficiently select and implement the right solutions for your company. And if you already want to dig deeper, we can fully recommend our NIS2 CyberInsights magazine or NIS2 diagnostic service.
