Using the NIS Directive to heighten your cybersecurity posture

June 25, 2020

The NIS Directive is now two years old – so it’s a good time to check in with your organisation to ensure compliance and to revisit your organisation’s current cybersecurity measures. Like GDPR, the NIS Directive is an EU regulation that was implemented in UK law, and is also governed by the Information Commissioner’s Office. Ultimately, the aim of the NIS Directive was to raise the EU’s cyber resilience by heightening the cyber security measures that critical organisations, such as national infrastructure, were implementing. Therefore, though NIS might seem like just another regulation to comply with, it can have a vastly positive effect on your organisation’s cybersecurity posture.

The NIS Directive has four main segments that it addresses within an organisation’s security processes:

  1. Security of systems and facilities: an organisation must ensure that there are procedures, such as access controls, to ensures that their systems and facilities are protected, both digitally and physically.
  2. Incident handling: there must be a policy in place to handle an incident or breach which includes mitigation or management steps, and, if necessary, a report to the ICO.
  3. Business continuity management: in case of an incident, an organisation must have a continuity plan in place to ensure that critical services are not brought offline for a significant amount of time or that other data protection considerations can be ensured.
  4. Continuous monitoring: an organisation must regularly check their systems for vulnerabilities, correcting them as necessary to protect the organisation’s work and capabilities.

Of course, these policies and procedures must be documented within your organisation. Like GDPR, there can be severe fines up to £17 million if an essential organisation is not compliant with the NIS Directive. Even without the threat of fines, creating comprehensive cybersecurity policies can go a long way to warding off disruptive breaches.

If you are a critical organisation, take the time to review your cybersecurity policies to ensure that your organisation is maintaining compliance – and that your cybersecurity is as strong as it can be.

More guidance on this can be found at the UK’s National Cyber Security Centre’s website, which provides organisations with a Cyber Assessment Framework.

Related Articles

Securing Smart Cities

Securing Smart Cities

Smart Cities are a growing phenomenon – harnessing technology to optimise urban functions. According to the IDC, by 2023 cities will have spent $189 billion on smart technologies for these purposes. Smart City initiatives hold a lot of potential for improving much of...

5G to have a massive impact on autonomous vehicles

5G to have a massive impact on autonomous vehicles

As 5G networks continue to be rolled out worldwide, the impact of increased connectivity will be huge. ABI Research predicts that there will be 41 million 5G-connected cars by 2030, equipped with cellular vehicle-to-everything (C-V2X) communication capabilities. Some...

Cyber in CAV Panel – Highlights

Cyber in CAV Panel – Highlights

Our CTO, Shadi A. Razak, recently participated in techUK’s Cyber in Connected Autonomous Vehicles event, bringing his wealth of expertise in cyber security and CAVs to an exciting and informative panel. The panel included Patricia La Torre (Humanising Autonomy), Nick...

Translate »