According to the NIS Directive, Member States should adopt a common set of baseline security requirements to ensure a minimum level of harmonized security measures across EU and enhance the overall level of security of operators providing essential services (OES) and digital service providers (DSP).The NIS Directive sets three primary objectives:to improve the national information security capabilities of the Member States;to build mutual cooperation at EU level; andto promote a culture of risk management and incident reporting among actors (OES and DSP) of importance for the maintenance of key economic and societal activities in the Union.As part of the NIS series, we have already provided an overview of the Directive, and we have examined in detail the security requirements for DSPs and OES.To assist organizations in meeting compliance with the Directive, the European Union Agency for Cybersecurity (ENISA) and the UK’s National Cyber Security Center (NCSC) have developed assessment frameworks.ENISA’s Guidelines on Assessing DSP and OES ComplianceAccording to the NIS Directive Articles 14, 15 and 16, one of the key objectives is to introduce appropriate security measures for OES as well as for the DSP to achieve a common level of information security within the EU network and information systems. Information security audits and self–assessment/ management exercises are the two major enablers to achieve this objective.
Figu ..
Support the originator by clicking the read the rest link below.
