SHORT ABOUT THE NIS2 DIRECTIVE

In a time where digitalization is accelerating and cyber threats are becoming increasingly sophisticated, it is essential for companies to strengthen their cybersecurity and information security measures.

Dette bringer os til den kritiske vigtighed af NIS2-direktivet, en opdatering og udvidelse af EU’s direktiv om net- og informationssikkerhed, som har til formål at øge det digitale forsvar over hele EU. Læs mere om NIS2-direktivet here.

NIS2-direktivet udvider kravene til sikkerhedsforanstaltninger og indberetning af hændelser for en bredere vifte af sektorer og virksomheder, hvilket gør compliance ikke kun til et juridisk krav, men også en forretningsnødvendighed.

Necessary competences

An FTE competence could for example consist of a lead implementer/project manager, a governance expert, a cyber security expert and a risk expert.

Det er vores erfaring at den det nye NIS2-direktiv stiller store krav til en række kompetencer og det vil typisk ikke være tilstrækkelig med en Lead implementer/projektleder. 

Leave a Mark has all competence available in-house, which means that we can quickly put together the FTE competence you need.

Har man allerede implementeret ISO27001 kan man forholdsvis let udvide den med NIS2 kravene.

We have implemented NIS2 for companies such as Energinet, Norlys, and ProMark.
Læs deres cases here

NIS2 Implementation Process: A Step-by-Step Guide

STEP 1 - PREPARATION AND RISK ASSESSMENT

In the initial phase, we analyze the requirements of the NIS2 directive and examine how they specifically relate to your organization's context. This involves identifying the areas within your organization that fall within the scope of the directive.
 
We conduct a detailed Business Impact Analysis (BIA) aimed at identifying and assessing potential security threats to your organization's information systems. This analysis involves identifying critical assets, potential vulnerabilities, and the likelihood of various threat scenarios. Through the BIA, we gain an understanding of your organization's maturity and risk profile in cybersecurity.
 
Resultaterne fra BIA’en danner grundlaget for udviklingen af en tilpasset implementeringsplan, der adresserer specifikke trusler og sårbarheder. Denne plan omfatter klare trinvise mål, ressourceallokering og tidsrammer for implementering af nødvendige sikkerhedsforanstaltninger. Ved at basere vores indsats på denne fremgangsmåde, adresserer vi organisationens specifikke udfordringer og behov, som sikrer en målrettet og effektiv tilgang til NIS2 overholdelse.

STEP 2 - PLANNING AND DESIGN

In this phase, we utilize the results from the previously conducted Business Impact Analysis (BIA) along with your organization's current IT security to develop an implementation plan. The implementation plan is designed to address both the technical and organizational aspects of cybersecurity.

At the technical level, the plan may involve updates to existing IT infrastructure, implementation of advanced security solutions, and configuration of network protection. This could entail installing firewall systems, intrusion detection/prevention systems, antivirus software, and other tools to safeguard against cyber threats. Additionally, we will ensure that these technical measures adhere to applicable standards and guidelines.

På det organisatoriske niveau vil vi arbejde på at udvikle eller tilpasse politikker og procedurer, der er fundamentale for NIS2 overholdelse. Dette kan omfatte udvikling af klare retningslinjer for håndtering af sikkerhedshændelser, etablering af en beredskabsplan og uddannelse af medarbejdere i sikkerhedsprocedurer og bedste praksis.

STEP 3 - IMPLEMENTATION

I denne fase iværksætter vi en omfattende implementering af de nødvendige politikker, procedurer og kontroller for at sikre en konsistent IT-sikkerhed i din organisation. NIS2-direktivet definerer en række obligatoriske foranstaltninger, som vi følger:

  • Risk analysis and information system securityConducting risk assessments to identify and evaluate potential threats to your information systems and implementing appropriate security measures.
  • Incident management: Establishing robust procedures for handling security incidents, including reporting, analysis, and response to minimize damage and restore normal operations quickly.
  • Business continuity: Ensuring operational continuity through backup solutions, recovery procedures, and a well-defined emergency response plan.
  • Continuous assessment of security measuresImplementing processes to continually evaluate and update your security measures in line with developments in the threat landscape and your organization's needs.
  • Employee trainingDeveloping and delivering tailored training programs to ensure that all employees understand their responsibilities and roles in protecting the organization's systems and data.
  • EncryptionImplementing robust encryption solutions to ensure the confidentiality and integrity of your data, both during storage and transmission.
  • Personnel security and access controlImplementing strict access control and procedures to ensure personnel security and restrict access to sensitive information.

 

As an integral part of the implementation, a comprehensive contingency plan is developed to ensure crisis and disaster management to minimize damage and ensure rapid recovery. This plan includes responsibilities, communication procedures, and recovery strategies.

Vores erfaring fortæller os, at implementeringen kan variere afhængigt af virksomhedens ressourcer og tidligere indsats indenfor IT-sikkerhed. Derfor er det fundamentalt at starte implementeringen i god tid for at sikre, at alle nødvendige tiltag er på plads inden NIS2 træder i kraft den 1. januar 2025.

Med vores brede erfaring indenfor implementering af IT-standarder sikrer vi en effektiv gennemførelse, der opfylder organisationens behov og overholder lovgivningens krav

STEP 4 - Monitoring and Maintenance

We implement processes for ongoing monitoring of security measures to ensure that your organization remains protected against constant and evolving threats. As a general recommendation, we suggest evaluating the threat landscape twice a year to ensure that any new threats are identified, and appropriate measures are implemented to mitigate their impact.

Det er vigtigt at forstå, at compliance med NIS2 ikke er et engangsprojekt. Vi tilbyder derfor regelmæssige revisioner og opdateringer af sikkerhedsforanstaltninger for at sikre, at din organisation forbliver i overensstemmelse med direktivet over tid.

Our primary goal is to make the implementation process as efficient as possible, ensuring that your company not only meets the legal requirements but also strengthens cybersecurity across the organization as a whole. By choosing us as your partner, you gain access to in-depth expertise and an approach tailored to your company's unique needs and challenges.

Call and have a non-committal talk with us on +45 535 27000