NIS directive
The NIS Directive entered into force in August 2018 and is intended to establish and maintain a high level of security in critical networks and information systems across the EU. The Directive requires selected operators to put security measures in place to manage risks and incidents in their IT infrastructure, and to report these to the relevant authorities.
requirements
In order to determine the processes your organisation needs to carry out, you first need to be aware of which systems, integrations and data your IT environment contains. By mapping these, you can obtain an overview of your IT environment, which lays the foundation for your further work on risk analysis.
Companies subject to the NIS Directive are obliged to carry out risk analyses. The aim of the risk analyses is to identify specific vulnerabilities that the business may have and the threats and risks that the business faces. The analysis, which must be documented and updated annually, must also include an action plan.
The NIS Directive explicitly requires all relevant organisations to have a well-developed incident management plan with clear incident and reporting procedures. It should include how an incident is assessed and classified, how it is handled and further reported.
A fundamental requirement of the NIS Directive is to establish and maintain a high level of security in both systems and physical installations. By having experts penetration test your systems, you can identify security weaknesses before someone unauthorised does so, thereby reducing the risk of incidents.
In order to manage and report incidents, you must first have the capacity to detect them. By monitoring traffic and behavioural patterns in mission-critical networks and system logs, anomalies can be identified quickly and, ideally, addressed before they become regular incidents.
By working with international standards that include required activities and processes, you can effectively ensure that large parts of your IT environment are prepared for the NIS Directive. One of the accepted frameworks is ISO 27001, which includes mapping, risk analysis, business continuity management and delivery management.
Solutions
The ISO 27001 management system is one of the frameworks accepted by the NIS Directive. At Sentor, we have extensive experience in helping companies that want to get started or are in the process of becoming certified or achieving compliance with ISO 27001.
Constant network monitoring is a prerequisite in order to comply with the level of security required by the NIS Directive. Our BlueSOC services are staffed by security analysts who monitor, analyse and manage activity on your network 24 hours a day, all year round.
Ensuringhigh security in your IT environment requires regular security testing. Acting as real attackers, our penetration testers identify flaws in your networks and systems, and then make recommendations on how best to fix them.
"Sentor performed sterling work, which made everyone in the organisation aware of GDPR and involved them in the process. Everyone was genuinely pleased when it felt like we were making progress and were on the right track."
We offer several contact routes and provide feedback as soon as possible. If you have sensitive information, we ask you to use the encrypted method.
+46 8 545 333 00
We answer 24/7
info@sentorsecurity.com
For general inquiries
soc@sentor.se
Use our PGP-key
