Thinking About : digital service providers should prepare for the NIS Directive

, , 8 comments
Thinking About : digital service providers should prepare for the NIS Directive
Many organisations are focused on the EU General Data Protection Regulation(GDPR), but this May sees another EU legislation coming into effect: the Directive on security of network and information systems (NIS Directive).
In the UK, the NIS Directive applies to operators of essential services (OES) and digital service providers (DSPs) involved in:
  • Drinking water supply and distribution;
  • Energy;
  • Digital infrastructure;
  • The health sector; and
  • Transport.
There are slight differences in the way OES and DSPs need to prepare for the Directive, but guidance is coming thick and fast.
Last year, the European Commission published a draft implementation regulationfor DSPs, which Elizabeth Denham, the UK’s information commissioner, commented on. She criticised “the overly rigid parameters” of the regulation, which “may be undesirable and may lead to a failure to report incidents which nevertheless have a substantial impact on the users of the service and which should, by the nature of the impact, be considered for regulatory action”.
The European Commission has since approved the final draft, and the UK government has released the findings of a public consultation on how it should implement and regulate the NIS Directive. IT Governance has also published a compliance guide.
Each of these documents will help you understand where the NIS Directive fits into the cyber security landscape. DSPs will have to be particularly organised, as they are expected to define their own information security measures proportionate and appropriate to the potential risks they face. These measures must address:

Information security

  • The systematic management of network and information systems, which will require organisations to map their information systems and set up appropriate policies, covering risk analysis, human resources, security of operations, security architecture, system lifecycle management and, where applicable, encryption.
  • Physical and environmental security, protecting against environmental damage and accidental or malicious actors.
  • Security policies to ensure that service functionality supplies are accessible.
  • Access control measures to ensure that physical and logical access is “authorised and restricted based on business and security requirements”.

Incident management

  • Detection processes and procedures, which should be regularly monitored to ensure that they are up to data and effective.
  • Processes and policies for reporting vulnerabilities and security incidents.
  • Procedures for documenting the response to cyber security incidents.
  • Incident analyses to assess an incident’s severity and collect information for the organisation’s continual improvement process.

Business continuity

  • Contingency plans based on a business impact analysis, ensuring the continuity of services.
  • Disaster recovery plans appropriate to the potential risks.

Monitoring, auditing and testing

  • Planned monitoring to assess whether information systems are working as they should.
  • Auditing and measurements to monitor whether the organisation is complying with relevant standards or guidelines.
  • Processes aimed at revealing flaws in security systems, covering both technology and the people involved in the security system.

Get started with the NIS Directive

Those who want help preparing for the NIS Directive should consider our cyber resilience solutions. An effective cyber resilience strategy can mitigate the risk of cyber incidents and enables you to respond to attacks, containing any damage and allowing you to promptly return to ‘business as usual’.

8 comments:

  1. That is really fascinating, You're a very skilled blogger.
    I've joined your rss feed and stay up for in search
    of more of your excellent post. Additionally, I've shared your site
    in my social networks 바카라사이트

    ReplyDelete
  2. 카지노사이트 I'm not positive the place you're getting your info, however good topic.

    I needs to spend a while learning much more or understanding more.
    Thank you for magnificent info I used to be looking for this info for my mission.

    ReplyDelete
  3. Wonderful article! We are linking to this particularly great content on our
    website. 토토사이트
    Keep up the great writing.

    ReplyDelete
  4. 스포츠토토 Hi there, You have done a great job. I will definitely digg it and
    personally recommend to my friends. I am confident they will be benefited from this web site.

    ReplyDelete
  5. While looking for articles on these topics, I came across this article on the site here. As I read your article, I felt like an expert in this field. I have several articles on these topics posted on my site. Could you please visit my homepage? 메이저놀이터순위

    ReplyDelete
  6. In the 21st century, if anyone has a security risk from anyone, it is only from cyber attacks. I am the owner of a firm and I really want to protect my clients' data from cyber attacks. So, I have decided to use NIS Directive. Coursework Writing Service

    ReplyDelete