WHAT IS IT
On 17 January 2023, the NIS 2 Directive, Network and Information Security , entered into force.This is a European Cybersecurity Directive aimed at improving the overall level of cybersecurity and standardizing cyber resilience across the EU.
The NIS 2 Directive strengthens management and cooperation in relation to cyber risk management measures and reporting obligations adopted in all regulated sectors, eliminating divergences in security requirements and in the implementation of cybersecurity measures in different Member States.
The entry into force of the LEGISLATIVE DECREE 4 September 2024, n. 138, transposing the NIS 2 directive , in order to strengthen resilience to current and future cyber threats, introduces new requirements and obligations for Italian organizations concerning:
- Identify, assess and mitigate cyber risks
- Evaluate safety posture
- Manage business continuity of services
- Take steps to protect privileged access
- Strengthen organizational and technological defenses
- Monitor the supply chain
- Formalize the incident response plan
- Train staff by creating awareness about cybersecurity
How CSQA Can Help Your Company Comply with NIS 2
RETURN PLAN: RISK ANALYSIS, POLICY AND PROCEDURES, TECHNOLOGICAL COUNTERMEASURES
-
This phase is the responsibility of the client organization.
GAP ANALYSIS FOLLOW UP
-
Once all the countermeasures have been implemented by the client organisation, CSQA carries out a Follow UP activity with respect to the GAPs highlighted in the first phase and returns a report highlighting the organisation's new Cybersecurity posture.
Deliverables: report of the state level of the level of adequacy of the implemented improvement actions.
CYBER TRAINING FOR ALL STAFF
-
If in the first phase CSQA training is aimed at Top Management and the first levels, in the second phase the training is addressed to all staff with the aim of providing participants with practical skills to evaluate and deal with cybersecurity risks in the face of threats to public and private organizations, as well as the entire supply chain in relationships with suppliers.
INTERNAL AUDIT MONITORING
-
This phase is the responsibility of the client organization.
VERIFICATION OF THE CYBER SECURITY OF THE SUPPLY CHAIN
-
The national cybersecurity strategy provides for the verification of cybersecurity along the supply chain of ICT products and services.
- comply with the cybersecurity requirements established in the contract,
- define the requirements for information security,
- ensure the protection of accessible company assets,
- formalize contractual documents in which the required safety requirements are reported.
CSQA carries out part II audits with the aim of verifying the supplier:
CSQA carries out both the verification of the existing contractual documentation, carrying out a document inspection, and an field audit at the suppliers which also includes interviews with the personnel involved with the aim of verify compliance with the cyber policies defined by the client in the contractual phase. The output of the inspection activities will highlight the supplier's level of compliance with the stipulated contract and compliance with the cyber policies and procedures shared at the signing of the contract.