The NIS directive was adopted in 2016 in EU and sets a range of network and information security requirements which apply to operators of essential services and digital service providers (DSPs). Since it is an EU directive, every EU member state has to adopt national legislation, which follows or ‘transposes’ the directive. The deadline for national transposition by the EU member states was on the 9th of May 2018.
The purpose of the NIS Directive
The directive is identical across the EU, and the laws of each country based on the directive are also very similar. The aim of the directive is to achieve a high common level of security in networks and information systems for critical societal and digital services within the Union. In this way, the internal market will be strengthened, and the vulnerabilities of central social services will be reduced.
If you want to read more about the NIS directive, whom it applies for and what needs to be done, you can do this here.
What is the story behind the NIS Directive?
Digitalisation not only creates business opportunities but opens more attack vectors to systems. The number of cyberattacks has increased sharply over the recent years, not only from criminals and script kiddies but also from state-funded forces with great endurance and vast resources. Raising information security within critical infrastructure raises society’s readiness for external disturbances.
What practical effect does the NIS directive have?
The NIS Directive tightens the requirements for information security in terms of integrity and availability. It is important to take people, processes and technology into account to ensure information security in the affected organisations. Better understanding in general of information and system risk classification together with impact contingency and action plans is necessary to improve resistance to attacks. Incidents are to be reported as part of increasing knowledge and raising preparedness. Basically, focus lies on the network and information systems that are used.
Do you know how to work systematically with information security?
According to several reports and investigations, there are still many authorities that do not work in a systematic and risk-based manner with information security, which is now actually required of them.
We understand. Working with systematic information security work and choosing the right security measures can feel like a big and daunting task. In addition, enough resources are required to meet the requirements. The issue of information security therefore needs to be prioritised by management and decision makers.
At Advenica, we have extensive experience in analysing the security of solutions and products with the specific purpose of identifying the necessary countermeasures and measures to ensure stability. Therefore, we can help you ensure that the data and protection information you own and manage is well protected. In collaboration with you, our experts evaluate the requirements to ensure that the right level of security is defined based on identified challenges and a threat analysis.
Want to know how to get started with the NIS directive? Read our guide!