FileCap: more than software

What is NIS2?

‍NISis the abbreviation for Network & Information Systems. Also called the NIB guideline in the Netherlands and stands for Network and Information Security. It has emerged that the current NIS guideline is no longer sufficient, this given the increasing threats and the high degree of dependence on the digitization of society and therefore it is being replaced by the new NIS: NIS2.
‍

Why is NIS2 important?

‍Thearrival of NIS2 directive is an important step forward in increasing Europe's cyber resilience. Organizations that are already preparing for the arrival of the directive, for example, by obtaining ISO 27001 certification, are well on their way to becoming compliant for NIS2.

‍
What does NIS2 entail?

‍Thegoal of the NIS is to raise the level of cyber resilience in the European Union. Thus, this new directive imposes stricter rules on organizations providing essential services in sectors such as energy, transportation, banking, digital infrastructure and healthcare. NIS2 goes a step further and its measures include:

Conducting risk assessments.
Implementing security measures based on risk assessments.
Streamline incident management.
Monitoring compliance.

‍
】Impacton businesses

‍NIS2has a significant impact on companies covered by this directive. Compliance requires a proactive approach to cybersecurity, with concrete steps such as:

Conduct risk assessments and implement appropriate technical and organizational security measures.
Establish incident response plan and train employees in cyber awareness.
Reporting serious cyber incidents to the supervisory authorities.
‍

‍Implementation deadlineNIS2

‍Memberstates have until October 2024 to transpose the NIS2 Directive into national law. Organizations covered by the directive should inform themselves of the compliance obligations in a timely manner and take proactive steps to strengthen their cyber security posture.

‍
‍Doesyour company complywith NIS2?

‍Todetermine whether your company needs to comply with NIS2, take the following steps:

Determine what industry your company operates in.
Check if your company falls under the definition of an "essential" or "important" organization in that sector.
The National Digital Infrastructure Inspectorate (RDI) has developed a questionnaire that allows organizations to self-assess whether they are covered by the NIS2 Directive. Completing the questionnaire will also reveal whether the organization is considered "essential" or "important" to the functioning of society and/or the economy according to the NIS2 guideline. Consult the RDI website to determine if NIS2 applies to your organization: RDI website

‍
‍E-mail security: critical to NIS2 and ISO 27001

‍E-mailremains one of the most widely used communication channels for organizations and is constantly subject to cyber attacks. Email security therefore plays a crucial role in both NIS2 and ISO 27001. By investing in email security measures, organizations can better guard against cyber attacks and meet the requirements of both regulations.Email services such as Outlook 365 offer a number of email security features, however, organizations may need additional measures to meet the stringent standards of NIS2. Email security solutions, such as FileCap, can add additional layers of security and also enhance existing email solutions, helping organizations meet NIS2 requirements. FileCap offers a number of additional features including encryption and authentication for Outlook 365, for example, to protect sensitive information.
‍

‍ISO27001: A proven standard for information security

ISO27001 is the internationally recognized standard in the field of information security. Organizations that are ISO 27001 certified demonstrate compliance with the highest standards of information security. More and more organizations are choosing to certify to ISO 27001, in part due to the advent of GDPR and the increasing focus on cybersecurity. Organizations preparing for the arrival of NIS2 by obtaining ISO 27001 certification already meet many of the new requirements in NIS2.

‍
‍NIS2and ISO 27001: The main differences

‍TheNIS2 directive and ISO 27001 both focus on information security risk management and require the implementation of appropriate security measures. However, there are some important differences:

NIS2 is legislation, ISO 27001 a standard. This means that compliance with NIS2 is mandatory.
Organizations covered by NIS2 are supervised by a competent authority, which can impose enforcement measures for non-compliance.
NIS2 focuses on sectors that are critical to society, such as energy and healthcare. ISO 27001 is relevant to all organizations that handle sensitive information.
NIS2 emphasizes technical and organizational measures, while ISO 27001 also provides a broader framework for information security, including processes and management.
For many organizations, NIS2 brings with it a new way of working in terms of risk management, security incident reporting, information sharing and auditing, as well as new requirements for information security policies and risk analysis.
ISO 27001 enables organizations not directly covered by NIS2 to prepare for future legislative and regulatory requirements and customer and partner expectations.

‍
‍NIS2chain security

‍Anotherimportant aspect of NIS2 is chain security. If you as an organization fully comply with all applicable security standards, however a supplier or partner in your chain does not, this can still make your organization vulnerable. Chain security obliges organizations not only to secure their own IT systems, but also to assess and ensure the security of suppliers and partners in the chain.
Does your organization not fall under NIS2? Then keep in mind if you might be part of a chain and could still be confronted with NIS2.
‍