ISF Podcast

S23 Ep2: NIS2: Decoding EU's cyber security game plan

Nov 7, 2023

Steve and Tavia discuss the implications of NIS2 compliance in the EU, including fines for noncompliance. They highlight the importance of training, incident reporting, and supply chain security. Concerns about the burden of compliance and regulations are raised, emphasizing the need for effective security measures. ISF's readiness assessment is mentioned as a tool to help organizations comply with NIS2.

11:36

Creator website

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

NIST2 imposes stricter cybersecurity obligations on critical infrastructure sectors in the EU, with fines for non-compliance reaching up to 10 million euros or a percentage of annual turnover.

NIST2 emphasizes the importance of core cybersecurity measures, including training, incident reporting, risk analysis, and encryption, for covered organizations to strengthen their security requirements.

Deep dives

Overview of NIST2 Legislation

NIST2 is a piece of European legislation that imposes stricter cybersecurity obligations on entities operating in critical infrastructure sectors. It complements and extends the Network and Information Security (NIST) directive introduced in 2016, expanding the coverage to more companies. It applies to organizations providing essential services like internet providers, energy suppliers, banking institutions, healthcare institutions, and food and household item factories. However, there are exceptions based on size, with small companies below certain thresholds being exempt. Non-compliance with NIST2 can result in fines of up to 10 million euros or a percentage of the company's annual global turnover. Individuals with relevant cybersecurity authority or management roles may also be held personally responsible for noncompliance.

Introduction

4min

Understanding the Response to NIST2 Legislation

2min

Discussion on NISTU and Concerns about Compliance and Regulations

2min

ISF's Support for NISTU Compliance

3min

Steve and Tavia discuss NIS2 compliance, and what this new piece of legislation in the EU will mean for organisations doing business in Europe.

Mentioned in this episode:

ISF Analyst Insight Podcast

Read the transcript of this episode
Subscribe to the ISF Podcast wherever you listen to podcasts
Connect with us on LinkedIn and Twitter

From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

ISF Podcast

S23 Ep2: NIS2: Decoding EU's cyber security game plan

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Overview of NIST2 Legislation

Goals of NIST2

Concerns and ISF Support

Remember Everything You Learn from Podcasts