Getting started with
NIS2
[Link]
�Intro
NIS2 is an EU directive adopted by the EU What if I don’t comply with NIS2?
parliament in November 2022. It aims to protect
Much like the GDPR directive that came into effect in
critical infrastructure within the EU from cyber
threats and to achieve a high level of security 2018 to safeguard personally identifiable information,
across the EU. Building upon the 2016 NIS directive, NIS2 introduces reporting obligations and
NIS2 includes stricter security requirements, administrative sanctions for non-compliance and
reporting obligations, and enforcement failure to report incidents. Sanctions under NIS2
requirements for a broader scope of organizations. include orders to implement the recommendations of a
The EU Network and Information Security (NIS) 2 security audit, orders to bring security into line with
directive aims to strengthen organizations’ security NIS requirements, and administrative fines of up to
posture to address emerging cyber threats. Logpoint €10m or 2% of the worldwide turnover of an
can help your business increase cybersecurity and organization. You can read more on NIS2 Fines here.
comply with the regulation.
When will NIS2 be in effect?
NIS2 has strengthened security
The EU parliament adopted NIS2 on November 10,
requirements, including:
2022. It is an EU directive that governments will be
Incident response and crisis managemen required to implement into national law within 21
Vulnerability handling and disclosure months, which means organizations that operate in the
Supply chain securit EU must comply with the requirements by mid-2024.
Policies and procedures to assess the effectiveness
of cybersecurity risk managemen
Basic computer hygiene practices and
cybersecurity trainin
The effective use of cryptograph
HR security, access control policies, and asset
management
NIS1 NIS2
[Link] 01
�Is NIS2 applicable to your
organization?
NIS2 will apply to many organizations operating critical infrastructure, including public authorities and private companies:
Energy (electricity, oil, gas, district heating,
Digital services (search engines, online markets,
and hydrogen social networks
Transport (air, rail, water, and road Public administratio
Banking, Financial market infrastructure Space industr
Healthcare (including labs and research on Postal and courier servic
pharmaceuticals and medical devices Waste managemen
Drinking water and wastewater processin Chemicals (production and distribution
Digital Infrastructures (Telecom, DNS, TLD, datacentres, Food (production, processing, and distribution
trust services, cloud services) Science and education
Space industry Energy
Digital Infrastructures
Drinking water and
(Electricity, oil, gas, district
(Telecom, DNS, TLD, datacentres,
wastewater processing
heating, and hydrogen) trust services, cloud services)
production Waste management Banking, financial
Healthcare
market infrastructures (including labs and research
on pharmaceuticals and
medical devices)
Transport
Public administration Postal and courier services Chemicals
(Air, rail, water, and road) (production and distribution)
research Food
Digital services
(production, processing,
(search engines, online markets,
and distribution) social networks)
[Link] 02
�How Logpoint can help with NIS2
compliance
The Logpoint Converged SIEM solution is an end-to- 2. Reporting
end security operations platform that combines SIEM, NIS2 requires that businesses submit a report within 24
SOAR, UEBA, endpoint agent monitoring and response, hours about significant incidents. Logpoint centrally
and the ability to detect and respond to threats in collects logs across your network and infrastructure.
business-critical systems. Logpoint reduces the time to With out-of-box reports and an audit record of all
detect and respond across the entire threat landscape changes to the system, it’s easy to create and share full
all from one unified interface.
incident reports.
Logpoint provides the three key components to NIS2
compliance: 3. Detection, response, and incident handling
1. Supply chain security After the initial report in 24 hours, NIS2 requires a final
report of a major incident within one month. Logpoint
NIS2 requires that companies consider cybersecurity has built-in case management that automatically
risks in the supply chain of their information and combines related incidents into a single case, helping
communication technology. Logpoint takes speed up investigation and response. Logpoint adds
cybersecurity and security of our software and relevant information from threat intelligence,
development processes very seriously which is enrichment, and other investigations to give a
reflected in our Common Criteria EAL3+ certification. complete picture of what’s going on. You can easily
EAL3+ is the highest security standard achieved by any create reports directly from each case.
SIEM vendor, which means our products are secure by
design, including how we build, evaluate and protect
our software. Logpoint also adheres to ISO 15408, and
we perform frequent third-party penetration tests and
industry security audits, such as SOC 2 Type II.
Logpoint is compliant with the strictest data privacy
regulations, including GDPR, CCPA and Schrems II,
which guarantees data residency in the EU.
[Link] 03
�Practical steps you should take
To effectively manage evolving cyber risks and adhere Implement a SIEM or cyber
to NIS2, your board and senior management should management framework
define or enhance your cybersecurity strategy using
NIS2 requires that organizations implement an
the following guide to improve cyber resiliency.
information security management system (ISMS) for
Management support is key because NIS2 holds the
cyber and information security. In addition to an ISMS,
management level directly responsible for ensuring
a SIEM, like Logpoint, provides centralized log
that NIS2 requirements are met.
management and the ability to detect and respond to
incidents, ensuring you meet the requirement Logpoint
Below there are six things you should do to prepare
adheres to information security standards, including
your organization for NIS2:
ISO27001 to ensure information assets are secure.
Perform a maturity assessment
Assess risks and implement mitigations
Assess whether NIS2 applies to your organization and
NIS2 requires a risk-based approach to cyber and
what it will take for your organization to comply, either
information security, which means your organization
in-house or through an external consultant. The
must describe a risk process, comply with it and
maturity assessment shows what your organization
identify preventative measures to reduce risks. With
needs to implement or where to improve to meet the
the help of an information management framework
requirements. The assessment also evaluates any
like ISO27001, you should risk assess all critical assets,
investments or competencies your company needs to
including your supply chain and suppliers.
succeed with compliance.
Report to CSIRT
Identify critical assets
NIS2 requires organizations to report incidents to the
NIS2 seeks to protect critical infrastructure, critical
National Centre for Cyber Security (CSIRT) within 24
infrastructure supply chains, and other societally
hours. Organizations must continuously give status
important functions. NIS2 covers the critical assets in
updates and report any compromises. The purpose of
two categories of organizations
the reporting requirement is to increase cyber
capabilities across Europe.
Essential entities: energy, transport, health, water,
space, public administration, digital infrastructure, Repeat again and again
and banking and financial marke
One of the main points of NIS2 is that organizations
Important entities: postal services, manufacturing,
must implement a risk process and continuously work
and food production, among others.
on it, similar to information management standards
like ISO27001. The cyber landscape is constantly
It’s important to identify the operationally critical assets in
changing, which means the risks are too. Organizations
your organization’s processes, people, technologies and need to assess their cybersecurity policies and
suppliers, such as suppliers subject to interference by a procedures regularly to keep their security posture
non-EU country or state- backed players. current.
[Link] 04
�How do you stack up?
Take a look at ‘Getting Started with NIS2 – The Checklist’
As you’ve read here, NIS2 is an EU directive adopted by the EU parliament in November 2022. It aims to protect critical
infrastructure within the EU from cyber threats and to achieve a high level of security across the EU. Now you can download
our checklist and ensure you have everything in place to comply with the NIS2 directive.
Simply work your way through and check off the prompts or tasks - Download it now!
About Logpoint
Logpoint is the creator of a reliable, innovative cybersecurity operations platform — empowering organizations worldwide
to thrive in a world of evolving threats.
By combining sophisticated technology and a profound understanding of customer challenges, Logpoint bolsters security
teams’ capabilities while helping them combat current and future threats.
Logpoint offers SIEM, UEBA, and SOAR technologies in a complete platform that efficiently detects threats, minimizes false
positives, autonomously prioritizes risks, responds to incidents, and much more.
Headquartered in Copenhagen, Denmark, with offices around the world, Logpoint is a multinational, multicultural, and
inclusive company.
For more information visit [Link]
[Link] 05
�[Link]
