Overview
Français
ABSTRACT
The purpose of this article is to clarify the NIS2 directive, the differences with the ISO/IEC 27001 standard and especially the need to implement proactive and reactive cyber resilience activities of information systems. It consists of concrete information on the benefits of this directive and how it will reduce threats induced by many vulnerabilities. This article is based on the requirements of the NIS2 directive, those of the ISO/IEC 27001 standard. It should help readers understand their many implications in the cyber security activities of our French companies and institutions.
Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.
Read the articleAUTHOR
-
Dany CORGIAT: President of Alliance Cyber Technologies and lecturer at major schools and professional training centers in cybersecurity, France.
INTRODUCTION
Power struggles between China and the United States, external threats of war and cyberwar linked to the Russian power grab in Ukraine, and cyberattacks by belligerent states all have a significant influence on our collective determination to strengthen our European cyberdefense.
Directive (EU) 2022/2555 of the European Parliament and of the Council of December 14, 2022 on measures to ensure a high common level of cybersecurity throughout the Union, the so-called "NIS2 Directive" (which will complement and improve the NIS Directive), is intended to be a real step forward in the way we manage our cybersecurity and cyberdefense. It has therefore been reviewed in its entirety in order to harmonize our best security practices, but also, and above all, to increase the level of cyber resilience maturity of our essential (EE) and important (EI) entities. The directive defines EEs as private or public structures with more than 250 employees and sales in excess of €50 million. These structures must operate in sectors categorized as "highly critical". It considers IEs to be private or public structures with between 50 and 250 employees and sales of between 10 and 50 million euros. They must be present in sectors that are not considered "highly critical" for our country, but which can nevertheless have a significant impact on our economy.
To face up to a range of threats linked to the intensive use of increasingly intrusive digital technologies, we needed to better protect our most strategic assets. Increasing our security requirements and the scope of cyber risk assessment is, more than ever, a reality at European level.
In this article, the European NIS2 (Network and Information Security) directive will be the guiding thread to help readers understand just how necessary it is to protect oneself from a cyberspace, an Internet, that is sometimes so hostile.
We'll see why NIS2 focuses on the ability of EU member states to ensure their cyber resilience, which is the ability of an individual, organization or system to resist, adapt and recover quickly from a disaster.
A glossary and table of abbreviations appear at the end of the article.
The Ultimate Scientific and Technical Reference
KEYWORDS
compagnies | Cyber security | cyber resilience | institutions
This article is included in
Security of information systems
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
NIS2 and ISO/IEC 27001 – Towards a cyber-resilient European Union
Complexity of IT and cyber defense systems
Bibliography
Standards and norms
- Information security, cybersecurity and privacy protection – Information security management systems – Requirements - ISO/IEC 27001 - 2022
- Information security, cybersecurity and privacy protection – Information security management systems – Requirements. Amendment 1: Action on climate change. - ISO/IEC 27001:2022/Amd 1 - 2024
- Information security, cybersecurity and privacy protection – Information security...
Regulations
(non-exhaustive list)
Directive (EU) 2022/2555 of the European Parliament and of the Council of December 14, 2022 on measures to ensure a common high level of cybersecurity throughout the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (SRI 2 Directive), OJEU L 333 of December 27, 2022.
Treaty on the Functioning of the European...
Directory
Organizations – Federations – Associations (non-exhaustive list)
ANSSI (Agence nationale de la sécurité des systèmes d'information) :
ENISA (European Union Agency for Cybersecurity) or AESRI (Agence de l'Union européenne pour la cybersécurité) :
The Ultimate Scientific and Technical Reference
