The NIS directive: Yet another expensive legality or an opportunity to improve security?

•

0 j'aime•410 vues

Slides from my keynote at the Luxembourg Internet Days 2018. The presentation aims at briefly introducing a wider audience to the NIS directive, the 'cybersecurity arm' of the Digital Single Market.

Technologie

The NIS
Directive
Yet another expensive
legality or an
opportunity to
improve security?

Welcome
Rayna Stamboliyska
Security and Compliance
(risk & crisis management)
Author, “La face cachée d’Internet”
(Prix du livre cyber “Grand public”,
FIC 2018)
rayna@rs-strategy.consulting
@MaliciaRogue

What is the NIS Directive?
The Network and Information Security Directive aims to:
◉ Ensure strong common security standards across the EU;
◉ Improve IS and network governance & security;
◉ Strengthen defense and resilience.
=> the cybersecurity arm of the Digital Single Market

What must Member States do?
Create institutions
dedicated to
cybersecurity
Develop inter-CSIRT
collaboration
Identify and lead
concerned orgs to
compliance with NIS
Ensure organisations
remain compliant with
NIS
NB: Some orgs are excluded (unnecessary to cumulate legal obligations),
e.g. electronic comms, eIDAS-concerned, French “OIV”, etc.

Is my organisation concerned?
YES if you are in one of those industries:
Essential Services Digital Services

The road to compliance
Albeit vague, the NIS Directive insists on:
◉ Identify and master: risk management;
◉ Map, audit and get official approval: implement security;
◉ Compartiment, filter, implement IAM: consolidate architecture;
◉ Monitor, detect and fix: maintain security;
=> all that’s common sense… or is it a necessary evil?

Some lessons learnt
Finding forerunners where you’d expect them the least

State of cybersecurity at many vital service providers
Allegory.

“Loi de Programmation militaire” (since 2013)
◉ Legislative vehicle for security at vital services providers
◉ Articulated in 20 rules with varying compliance timelines;
◉ Defines “SIIV”: declaration-based perimeters;
◉ Governance, audit & official approval are a thing;
◉ Incident management becomes of vital importance (PDIS, PRIS);
◉ Parallelise & build upon existing expertise despite office politics.
=> ROI & all-encompassing compliance approach

Remember: Security is a risky business
◉ Timelines may exert pressure;
◉ What if legislation is slow to come by?
◉ Adjusting expectations might cost you
greatly;
◉ Harmony is real hard: a unique EU-wide
reference institution? Critical & sensitive
intel sharing?

Threat modelling is the new black
The intimate knowledge of your systems, tools and their
becoming, both technical and functional, is crucial:
Weigh in and structure your strategy.

Thanks!
Rayna Stamboliyska
Security and Compliance
(risk & crisis management)
Author, “La face cachée d’Internet”
(Prix du livre cyber “Grand public”,
FIC 2018)
rayna@rs-strategy.consulting
@MaliciaRogue

Contenu connexe

Tendances

Crypto Valley at the OECD Workshop on Digital Financial Assets

OECD Directorate for Financial and Enterprise Affairs

Etherisc at Ethereum London meetup

Stephan Karpischek

Witt O Briens: A route through the Panama Panal

bcilondonforum

BizDay: LenderComm: Collaborative Innovation & DLT in Syndicated Lending, Hel...

Indjic Fintech Module 7

Drago Indjic

DWI Mobile Financial Solutions

Daniel Wamara

In this talk, Philip will be drawing from his experiences to cover the common legal and regulatory pain points that distributed ledger technology projects and token generating events (also known as ICOs) face in Europe and around the world. He will also discuss how investment funds are being structured to invest in DLT projects and tokenised economies, and trends that are starting to emerge in such investments. Philip will also discuss how digital assets and the results of a tokenised economy will require us as individuals, businesses and lawyers to manage and enforce rights over digital assets in different ways.

Where are we going? DLT & Blockchain Legal

Philip Vasquez

Risk and Insurance Management Society

Alan Reisch

Avida International, Who We Are

JeroenSch

Etherisc Ethereum DEV NL meetup

Stephan Karpischek

Asia 2017 Conference Reviews - The Digital Insurance Customer

The Digital Insurer

EXECInsurtech Review

The Digital Insurer

Getting value out of the blockchain by Olivier Roucloux - FinTech Belgium Sum...

FinTech Belgium

Federated Futures (Nicole Harris)

JISC.AM

Investment promotion and access to markets: new opportunity?

OECDglobal

KiidLine: Distribute Your Funds and Gain Visibility

Arnaud

Using intellectual property in forming strategic global alliances

Global Outsourcing Association of Lawyers (GOAL)

MRHB DeFi Launches IDO, Followed by Listing of $MRHB on PancakeSwap and DODO

associate14

- Millions can be raised in matter of hours or even minutes. Brave Browser raised $35M in less than 1 min.; - If people around the world are willing to cooperate, no Government or regulator can stop it; - Collective wisdom is maturing pretty fast and outpacing any official regulations; - People may want to re-evaluate personal risks and give up low interest options (savings accounts, mutual funds, etc.) - There is a growing interest from non-blockchain startups.

ICO: doing it right

Mukhtar Mussabetov

Tendances (19)

Crypto Valley at the OECD Workshop on Digital Financial Assets

Etherisc at Ethereum London meetup

Witt O Briens: A route through the Panama Panal

BizDay: LenderComm: Collaborative Innovation & DLT in Syndicated Lending, Hel...

Indjic Fintech Module 7

DWI Mobile Financial Solutions

Where are we going? DLT & Blockchain Legal

Risk and Insurance Management Society

Avida International, Who We Are

Etherisc Ethereum DEV NL meetup

Asia 2017 Conference Reviews - The Digital Insurance Customer

EXECInsurtech Review

Getting value out of the blockchain by Olivier Roucloux - FinTech Belgium Sum...

Federated Futures (Nicole Harris)

Investment promotion and access to markets: new opportunity?

KiidLine: Distribute Your Funds and Gain Visibility

Using intellectual property in forming strategic global alliances

MRHB DeFi Launches IDO, Followed by Listing of $MRHB on PancakeSwap and DODO

ICO: doing it right

Similaire à The NIS directive: Yet another expensive legality or an opportunity to improve security?

Biznesa infrastruktūras un datu drošības juridiskie aspekti

ebuc

The Security Circle- Services Offered

Rachel Anne Carter

European Cyber Security Perspectives 2016

Omer Coskun

Cybersecurity Threats - NI Business Continuity Forum

David Crozier

Understanding Cyber Security Risks in Asia

Team Finland Future Watch

Get Ahead of Cyber Security by Tiffy Issac, Partner EY India

Rahul Neel Mani

PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...

Nicolas Beyer

In a changing world of threads and thread actors we find ourselves bombarded with new technology hypes and toolsets. Security tooling is like emotional eating you feel good for a while but at the end you are not in a better position. This presentation addresses common questions such as how to differentiate between hype and reality, how to keep up with a limited budget, what is your security maturity level and how to fit this in a regulatory and compliance context. In the board room these questions pop up on a regular basis lets bring you through the journey of how to answer and make it work presenting a customer success story.

Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...

NRBsanv

The Stockholm School of Economics and PA Consulting present The Next wave of Fintech, a sequel to the 2015 Stockholm Fintech Report, focusing on the new InsurTech and RegTech segments. The report, which describes and quantifies the Swedish market for these segments, contains valuable insights and recommendations for decision makers at banks, incubators, startup companies, public authorities and investors.

Next Wave of Fintech: Redefining Financial Services through Technology

Robin Teigland

dcb1203CyberNDI

Paul Elliott

Delivering operational efficiency and lower costs through an integrated approach to network security management Q1 Labs is a global provider of high-value, cost-effective network security management products. The company's next-generation security information and event management (SIEM) offering, QRadar, integrates functions typically segmented by first generation solutions - including log management, SIEM and network activity monitoring - into a total security intelligence solution. QRadar provides users with crucial visibility into what is occurring with their networks, data centers, and applications to better protect IT assets and meet regulatory requirements. By deploying QRadar, organizations greatly enhance their IT security programs and meet the following specific security requirements.

Qradar Business Case

Enterprise Technology Management (ETM)

Achieving Caribbean Cybersecuirty

Shiva Bissessar

This new edition of the Cyber Risk Governance Report includes a case study that illustrates how our cyber risk governance model works in practice. FERMA has made the ongoing digital transformation a priority for our advocacy work for several years now.This is why, in 2017, we launched one of the first European cyber risk governance models jointly with our European colleagues and internal auditors from the ECIIA. Events since then have only strengthened our view that corporate governance models will quickly become obsolete if they do not embed governance for cyber risks under the leadership of a risk and insurance professional.

Ferma perspectives #2 - Cyber Risk Governance 09.10.2018

FERMA

AGEOS Infrastructure Cyber Security White Paper

Mestizo Enterprises

With the advent of modern technologies such as IoT, artificial intelligence, and cloud computing, there is a rapid increase in the number of interconnected devices globally. It has also increased the number of cyber-attacks and data breaches. As a result, cybercrime is a global concern, and appropriate solutions are essential if proper responses are to be found. The Global Cybersecurity Index (GCI) is one such instrument to control cybercrime and provide feedback. https://www.infosectrain.com/blog/the-importance-of-understanding-the-global-cybersecurity-index/

The importance of understanding the global cybersecurity index

ShivamSharma909

biid - NOAH17 London

NOAH Advisors

How Technology Impacts the Insurance Sector - Raymond Kairouz

sigortatatbikatcilari

CRI-Corporate-Profile (1)

OCTF Industry Engagement

Top Cyber News Magazine - Oct 2022

Matthew Rosenquist

eCrime-report-2011-accessible

Charmaine Servado

Similaire à The NIS directive: Yet another expensive legality or an opportunity to improve security? (20)

Biznesa infrastruktūras un datu drošības juridiskie aspekti

The Security Circle- Services Offered

European Cyber Security Perspectives 2016

Cybersecurity Threats - NI Business Continuity Forum

Understanding Cyber Security Risks in Asia

Get Ahead of Cyber Security by Tiffy Issac, Partner EY India

PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...

Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...

Next Wave of Fintech: Redefining Financial Services through Technology

dcb1203CyberNDI

Qradar Business Case

Achieving Caribbean Cybersecuirty

Ferma perspectives #2 - Cyber Risk Governance 09.10.2018

AGEOS Infrastructure Cyber Security White Paper

The importance of understanding the global cybersecurity index

biid - NOAH17 London

How Technology Impacts the Insurance Sector - Raymond Kairouz

CRI-Corporate-Profile (1)

Top Cyber News Magazine - Oct 2022

eCrime-report-2011-accessible

Plus de Rayna Stamboliyska

#CoRIIN2018 : Comment ne pas communiquer en temps de crise

Rayna Stamboliyska

Références bibliographiques "La face cachée d'Internet"

Rayna Stamboliyska

La question de mémoire collective post-conflictuelle : une comparaison des di...

Rayna Stamboliyska

The role of data for economic prosperity in the Middle East and North Africa

Rayna Stamboliyska

ОТВОРЕНИ ДАННИ ЗА ДОБРО УПРАВЛЕНИЕ (Open Data for Good Governance)

Rayna Stamboliyska

Let's talk about policy! Politiques publiques pour l’ouverture des données sc...

Rayna Stamboliyska

The Open Data Barometer aims to uncover the true prevalence and impact of open data initiatives around the world. It analyses global trends, and provides comparative data on countries and regions via an in-depth methodology combining contextual data, technical assessments and secondary indicators to explore multiple dimensions of open data readiness, implementation and impact. This is the second edition of the Open Data Barometer, completing a two-year pilot of the Barometer methodology and providing data for comparative research. This report is just one expression of the Barometer, for which full data is also available, supporting secondary research into the progression of open data policies and practices across the world. The Open Data Barometer forms part of the World Wide Web Foundation’s work on common assessment methods for open data.

Open Data Barometer, 2nd edition

Rayna Stamboliyska

Egypt: News Websites and Alternative Voices

Rayna Stamboliyska

Pour la cinquième séance du séminaire EHESS "Étudier les cultures du numérique : approches théoriques et empiriques", Antonio Casilli m'a invitée à parler des usages militants (et militaires) des technologies internet et mobiles dans le RuNet, la Toile russophone. J'ai eu le plaisir de partage ces 3 heures (qui se sont transformées en 4 !) avec Ksenia Ermoshina (Centre de Sociologie de l’Innovation, Mines ParisTech). Les slides ci-dessus sont celles de ma présentation. Voir davantage de détails ici : http://www.bodyspacesociety.eu/2015/03/01/seminaire-ehess-runet-la-place-de-la-russie-dans-les-interwebs-16-mars-2015-17h-ecnehess/

Contes et légendes du RuNet : séminaire EHESS du 16 mars 2015

Rayna Stamboliyska

Corruption risk management

Rayna Stamboliyska

Открытые данные для социально- экономического развития: Роль гражданского общ...

Rayna Stamboliyska

#OpenDataKG: Open Data and the role of civil society

Rayna Stamboliyska

Programme BIL:OpenGov Tunisie (21 juin 2014)

Rayna Stamboliyska

Cours pour la Licence "Sciences et Ingéniérie" ENSTA

Rayna Stamboliyska

Gendered Quantified Self: my talk at FLOSSIE 2013

Rayna Stamboliyska

Big data, bad data -- Closing keynote at the Open World Forum 2013

Rayna Stamboliyska

Abstract: Despite the dazzling development of the open access movement, open data initiatives in science and research are still trailing in involvement. Additionally, disparities in research data sharing and openness are huge across scientific communities and domains. Last but not least, formats and licensing terms greatly vary even within specific field. This talk will wrap-up current initiatives and achievements prior to highlighting the challenges ahead in front of a wide number of stakeholders. The middle-term goal is to bootstrap connections converging to a true institutional change that leads to more participative, shareable and transparent science: the science of tomorrow. Original link to the event: http://www.openworldforum.org/fr/tracks/17#talk_113

Open Data in Science & Research -- Open World Forum 2013, Public Policies track

Rayna Stamboliyska

Knowledge Adventures for Kids: Masterclass presentation during the Social Med...

Rayna Stamboliyska

NASA SpaceApps challenges: Paris Off-the-Grid restitution

Rayna Stamboliyska

Free software community functioning

Rayna Stamboliyska

Plus de Rayna Stamboliyska (20)

#CoRIIN2018 : Comment ne pas communiquer en temps de crise

Références bibliographiques "La face cachée d'Internet"

La question de mémoire collective post-conflictuelle : une comparaison des di...

The role of data for economic prosperity in the Middle East and North Africa

ОТВОРЕНИ ДАННИ ЗА ДОБРО УПРАВЛЕНИЕ (Open Data for Good Governance)

Let's talk about policy! Politiques publiques pour l’ouverture des données sc...

Open Data Barometer, 2nd edition

Egypt: News Websites and Alternative Voices

Contes et légendes du RuNet : séminaire EHESS du 16 mars 2015

Corruption risk management

Открытые данные для социально- экономического развития: Роль гражданского общ...

#OpenDataKG: Open Data and the role of civil society

Programme BIL:OpenGov Tunisie (21 juin 2014)

Cours pour la Licence "Sciences et Ingéniérie" ENSTA

Gendered Quantified Self: my talk at FLOSSIE 2013

Big data, bad data -- Closing keynote at the Open World Forum 2013

Open Data in Science & Research -- Open World Forum 2013, Public Policies track

Knowledge Adventures for Kids: Masterclass presentation during the Social Med...

NASA SpaceApps challenges: Paris Off-the-Grid restitution

Free software community functioning

Dernier

Partners Life - Insurer Innovation Award 2024

The Digital Insurer

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia

A Year of the Servo Reboot: Where Are We Now?

Igalia

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

Dernier (20)

Partners Life - Insurer Innovation Award 2024

Powerful Google developer tools for immediate impact! (2023-24 C)

Tata AIG General Insurance Company - Insurer Innovation Award 2024

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Apidays New York 2024 - The value of a flexible API Management solution for O...

🐬 The future of MySQL is Postgres 🐘

Strategies for Landing an Oracle DBA Job as a Fresher

Automating Google Workspace (GWS) & more with Apps Script

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Boost PC performance: How more available memory can improve productivity

A Year of the Servo Reboot: Where Are We Now?

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

How to Troubleshoot Apps for the Modern Connected Worker

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Artificial Intelligence Chap.5 : Uncertainty

The 7 Things I Know About Cyber Security After 25 Years | April 2024

The NIS directive: Yet another expensive legality or an opportunity to improve security?

1. The NIS Directive Yet another expensive legality or an opportunity to improve security?

2. Welcome Rayna Stamboliyska Security and Compliance (risk & crisis management) Author, “La face cachée d’Internet” (Prix du livre cyber “Grand public”, FIC 2018) rayna@rs-strategy.consulting @MaliciaRogue

3. What is the NIS Directive? The Network and Information Security Directive aims to: ◉ Ensure strong common security standards across the EU; ◉ Improve IS and network governance & security; ◉ Strengthen defense and resilience. => the cybersecurity arm of the Digital Single Market

4. What must Member States do? Create institutions dedicated to cybersecurity Develop inter-CSIRT collaboration Identify and lead concerned orgs to compliance with NIS Ensure organisations remain compliant with NIS NB: Some orgs are excluded (unnecessary to cumulate legal obligations), e.g. electronic comms, eIDAS-concerned, French “OIV”, etc.

5. Is my organisation concerned? YES if you are in one of those industries: Essential Services Digital Services

6. The road to compliance Albeit vague, the NIS Directive insists on: ◉ Identify and master: risk management; ◉ Map, audit and get official approval: implement security; ◉ Compartiment, filter, implement IAM: consolidate architecture; ◉ Monitor, detect and fix: maintain security; => all that’s common sense… or is it a necessary evil?

7. Some lessons learnt Finding forerunners where you’d expect them the least

8. State of cybersecurity at many vital service providers Allegory.

9. “Loi de Programmation militaire” (since 2013) ◉ Legislative vehicle for security at vital services providers ◉ Articulated in 20 rules with varying compliance timelines; ◉ Defines “SIIV”: declaration-based perimeters; ◉ Governance, audit & official approval are a thing; ◉ Incident management becomes of vital importance (PDIS, PRIS); ◉ Parallelise & build upon existing expertise despite office politics. => ROI & all-encompassing compliance approach

10. Remember: Security is a risky business ◉ Timelines may exert pressure; ◉ What if legislation is slow to come by? ◉ Adjusting expectations might cost you greatly; ◉ Harmony is real hard: a unique EU-wide reference institution? Critical & sensitive intel sharing?

11. Threat modelling is the new black The intimate knowledge of your systems, tools and their becoming, both technical and functional, is crucial: Weigh in and structure your strategy.

12. Thanks! Rayna Stamboliyska Security and Compliance (risk & crisis management) Author, “La face cachée d’Internet” (Prix du livre cyber “Grand public”, FIC 2018) rayna@rs-strategy.consulting @MaliciaRogue

Notes de l'éditeur

Add icons

The NIS directive: Yet another expensive legality or an opportunity to improve security?

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (19)

Similaire à The NIS directive: Yet another expensive legality or an opportunity to improve security?

Similaire à The NIS directive: Yet another expensive legality or an opportunity to improve security? (20)

Plus de Rayna Stamboliyska

Plus de Rayna Stamboliyska (20)

Dernier

Dernier (20)

The NIS directive: Yet another expensive legality or an opportunity to improve security?

Notes de l'éditeur