In a recent survey of information security leaders from more than 15 European countries, only 11% believe the forthcoming EU Directive on Security of Network and Information Systems (NIS Directive) will have an effect on the overall security of critical infrastructure.
Staff training and knowledge deficiencies in cyber resilience appear to be the greatest concerns for security leaders, with 39% claiming a shortage of qualified people is the main reason for the failure of security strategies. 63% said they needed more training in cyber security to complete their daily tasks.
It’s little wonder security leaders lack faith in the NIS Directive with staff training falling so short. However, the Directive aims to tackle these concerns head on by implementing measures and controls for staff training.
The impact of the NIS Directive on staff training
The NIS Directive will take effect in May 2018, and requires operators of essential services (OESs) and digital service providers (DSPs) to put in place “technical and organisational measures that are appropriate and proportionate to identified risks”. Since the guidelines will encompass staff training and awareness, it is hoped these aspects will improve as long as companies implement a robust cyber resilient programme in conjunction with the Directive.
Operators of essential services and digital service providers can demonstrate that they have applied the measures required by the Directive by implementing an organisational cyber resilience programme that combines the principles of effective information security and business continuity.
Solutions for cyber resilience training
IT Governance provides a comprehensive set of cyber resilience solutions to help you comply with the NIS Directive, while meeting all your training requirements:
- Information security management, supported by the international information security management standard, ISO 27001.
- Business continuity and incident response management, supported by the international standard for business continuity, ISO 22301.