The Directive on security of network and information systems (NIS Directive) must be transposed into national law by May 2018. The Directive requires operators of essential services (OES) and digital service providers (DSPs) to implement effective security measures appropriate to associated risks, as well as measures to minimise the impact of incidents and ensure business continuity.
In August 2017, the UK government held a public consultation on its plans for NIS Directive compliance and the sectors expected to comply. It received more than 350 responses. The government has now released the next steps for organisations that fall under the requirements of the Directive.
Cyber resilience is essential
Implementing a cyber resilience programme is the most effective way to ensure compliance with the Directive’s requirements. Cyber criminals are adapting to the rapidly changing world faster than security solutions can be developed, and the increasing threat of cyber attacks is now a business reality.
A robust cyber resilience programme is critical to ensure that your organisation can not only identify, detect and protect against potential risks, but also respond and recover should a disruptive incident occur.
All you need to know about the NIS Directive
Undertaking an NIS Directive compliance project may seem like a daunting task, especially if you’re unsure of its requirements. IT Governance has produced a green paper that provides all the essential compliance information and guidance for UK organisations, based on the government’s consultation documents.
The green paper provides expert advice on how to enhance your cyber resilience to comply with the Directive.