The revised EU directive on the security of network and information systems (NIS2) sets baseline security risk management measures for all the entities operating across the sectors falling within its scope. The directive applies an “all-hazard” approach, thus the risk management measures should also address physical and environmental security (e.g. natural disasters, system failures).
Essential and important entities are required to take appropriate technical, operational, and organisational measures to safeguard the entity’s network and information systems against any security threats. Under the NIS2, they are expected to implement at least several security measures listed in the revised directive, for example, establishing access control policies, and setting up an incident handling procedure.
Essential and important entities must notify significant security breaches to the national computer security incident response team (CSIRT) following a multi-step process. The initial notification should be submitted within 24 hours, followed by a second one within 72 hours after having become aware of a significant incident. A final report with additional information on the breach should be submitted in one month.
Cullen International is releasing a series of reports on the different aspects of the newly revised directive on the security of network and information systems (NIS2). Our second of five reports provides an analysis of the common security risk management and reporting requirements, which apply to all essential and important entities covered by the revised directive.
See also Part 1: Scope
For more information and to access our NIS2 report series, please click on “Access the full content” - or on “Request Access”, in case you are not subscribed to our European Digital Economy service.
more news
22 April 24
Who has not transposed the European Electronic Communications Code yet?
Cullen International’s benchmark analyses the status of transposition of the European Electronic Communications Code (EECC) across the EU 27 plus UK and Norway.
18 April 24
Countries in the Americas are working towards the transparency and explainability of AI-based decisions
The latest update of Cullen International’s benchmark on AI reveals whether governments in the Americas published or proposed specific strategies to foster the adoption of AI-based services.
17 April 24
New research shows continued price increases for both letters and parcels across 17 European countries
The latest update of Cullen International's postal pricing benchmarks shows that prices increased for both letters and parcels across Europe.