When NIS 2 becomes law and authorities will be able to carry out audits to see if organisations meet the requirements of the legislation, it is important to have good documentation of the technical solutions that safeguard your systems. Does your organisation have such clear documentation? The organisations that use data diodes to protect their sensitive information have a simple solution with a high level of security. This makes it easier to gain confidence in the security of the audited system which facilitates an audit and means, among other things, that you need less documentation. Maybe it is time to switch to data diodes?
What is new with NIS 2?
The original NIS Directive contained a process for regular review of its own content. This has led to a proposed directive for countries in the EU on measures for a high common level of cybersecurity – this is called NIS 2.
NIS 2 contains aspects that address deficiencies in the original NIS Directive. Based on these shortcomings, new additions have been made, resulting in the new proposal NIS 2. These are the most prominent additions:
- Larger scale than NIS, more sectors are considered important services
- Managers are held accountable for securing operations
- Incident reporting must now be done within 24 hours instead of 72 hours
- Higher requirements for security and reporting, where a list of minimum requirements must be met
- Security for supply chains and suppliers
- Stricter supervisory measures for national authorities
- The distinction between “operators of essential services” and “digital service providers” has been removed
- Stricter regulatory measures for national authorities, stricter compliance requirements
- Harmonised sanctioning systems between member states and enable administrative fines. The fine will be up to EUR 10 million or 2% of the company’s total turnover worldwide
- The Cooperation Group gets a bigger role, as well as increased information sharing and cooperation between the Member States’ authorities
The documentation – an important part to prepare for an audit
Something that gets a lot of focus during an audit is the documentation of your information security. You therefore need to ensure that you have solid documentation of your entire information security – both in terms of processes and the various security solutions that you use. The documentation should also describe how your organisation should react to security threats and incidents, and since the staff are often a company’s biggest source of vulnerability, there should also be documentation and processes for training of all employees. If you are working on any projects to upgrade your information security, they must also be documented.
The advantage of good documentation and functioning practiced processes is that you as an organisation can react more quickly in the event of a threat or an attack. If you follow well-documented policies, your decision-making will improve, and you can limit damage to the business. Documentation can also make it clearer to everyone in the business what has happened, why and how you can avoid similar situations in the future.
Data diodes – a security solution that is easy to document
A data diode is a security product that is placed between two networks and acts as a check valve whose function only allows data to be sent in one direction while blocking all data in the opposite direction. Since the data diode’s security features are based on hardware and optical fiber, it can be shown that it is physically impossible for data to be transported in the opposite direction.
This hardware product, with its high assurance, maintains both the integrity of the network by preventing intrusion and the confidentiality of the network by protecting the most sensitive information. Therefore, there are several Swedish authorities and organisations with knowledge in cybersecurity that recommend data diodes to secure their information:
- Svenskt Vatten
- Statens Energimyndighet
- Livsmedelsverket
- MSB
- SÄPO
Learn more about these recommendations!
Some of the strengths of data diodes are:
- Their ability to ensure security in insecure systems and to protect and preserve legacy systems. By using data diodes, older systems can be protected without having to overhaul the entire operating system.
- Its hardware aspect. There is no risk of user error or bugs because there is no software or configuration that can contain bugs or be tampered with.
- The long-term operating costs are low. After the initial investment of purchase and system integration, the savings in maintenance and administration costs make the data diode an effective long-term network security solution.
- How they reduce cyber risk. The data diode’s strict properties mean that certain types of risks can be completely ruled out if a data diode is used. For example, you know that the network cannot leak information and can therefore focus on managing only privacy and malware risks.
Read our guide where we list 14 advantages of using Advenica’s data diodes!
Another major advantage of data diodes, which is important when thinking about NIS 2 and how to prepare for an audit, is that they provide a simplicity and clarity in the technical solution. This means less documentation work for you who have data diodes as part of your information security solution. So, make it easy for you by having a data diode solution!
Read more about data diodes and what they can do to secure your information!
Do you want to use data diodes? Welcome to contact us!
