Critical Infrastructure Security , Government , Industry Specific
NIS2 Directive: Focusing on Critical Infrastructure Security
Compliance Expert on Readiness, Compliance and Rapid Incident ReportingThe Network and Information Security 2 Directive focuses on addressing gaps and strengthening the security of network and information systems across the European Union. NIS2 mandates rapid incident reporting and holds senior management accountable for cybersecurity, shifting responsibilities to the board level.
See Also: Making Sense of FedRAMP and StateRAMP
Organizations may be required to comply with NIS2 by October 2024, though for the financial services sector, the regulations will be superseded by the EU's Digital Operational Resilience Act, or DORA, in January 2025.
"The most aggressive timeline that I've seen is the 24-hour incident reporting requirement," said Avani Desai, CEO of Schellman. "This places a huge burden on organizations to have robust detection and reporting mechanisms in place, especially for smaller companies in newly covered sectors."
Desai advises organizations to conduct a comprehensive risk assessment of their current cybersecurity practices and ensure their incident detection and reporting systems are prepared. "Compliance really needs to begin with doing a comprehensive assessment," she said. She also stressed the importance of integrating cybersecurity into governance structures and recommended appointing an EU representative for cross-border companies to meet regional regulations.
In this video interview with Information Security Media Group, Desai discussed:
- The major changes the NIS2 Directive will bring to the cybersecurity landscape, especially for organizations in critical sectors across the EU;
- Challenges companies face in preparing for NIS2, particularly with rapid incident detection, reporting and supply chain security;
- Essential steps E.U. and U.S. organizations must take now to ensure compliance.
Desai leads Schellman, the largest niche cybersecurity assessment firm in the world that focuses on technology assessments. She has domestic and international experience in information security, operations, P&L, oversight and marketing involving both startup and growth organizations. Desai has been featured in Forbes, CIO.com and The Wall Street Journal and speaks on a variety of emerging topics, including security, privacy, information security, future technology trends and the expansion of young women involved in technology.