Article | REF: H5345 V1

NIS2 and ISO/IEC 27001 - Towards a cyber resilience of the European Union

Author: Dany CORGIAT

Publication date: July 10, 2024

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!


Overview

Français

ABSTRACT

The purpose of this article is to clarify the NIS2 directive, the differences with the ISO/IEC 27001 standard and especially the need to implement proactive and reactive cyber resilience activities of information systems. It consists of concrete information on the benefits of this directive and how it will reduce threats induced by many vulnerabilities. This article is based on the requirements of the NIS2 directive, those of the ISO/IEC 27001 standard. It should help readers understand their many implications in the cyber security activities of our French companies and institutions.

Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.

Read the article

AUTHOR

  • Dany CORGIAT: President of Alliance Cyber Technologies and lecturer at major schools and professional training centers in cybersecurity, France.

 INTRODUCTION

Power struggles between China and the United States, external threats of war and cyberwar linked to the Russian power grab in Ukraine, and cyberattacks by belligerent states all have a significant influence on our collective determination to strengthen our European cyberdefense.

Directive (EU) 2022/2555 of the European Parliament and of the Council of December 14, 2022 on measures to ensure a high common level of cybersecurity throughout the Union, the so-called "NIS2 Directive" (which will complement and improve the NIS Directive), is intended to be a real step forward in the way we manage our cybersecurity and cyberdefense. It has therefore been reviewed in its entirety in order to harmonize our best security practices, but also, and above all, to increase the level of cyber resilience maturity of our essential (EE) and important (EI) entities. The directive defines EEs as private or public structures with more than 250 employees and sales in excess of €50 million. These structures must operate in sectors categorized as "highly critical". It considers IEs to be private or public structures with between 50 and 250 employees and sales of between 10 and 50 million euros. They must be present in sectors that are not considered "highly critical" for our country, but which can nevertheless have a significant impact on our economy.

To face up to a range of threats linked to the intensive use of increasingly intrusive digital technologies, we needed to better protect our most strategic assets. Increasing our security requirements and the scope of cyber risk assessment is, more than ever, a reality at European level.

In this article, the European NIS2 (Network and Information Security) directive will be the guiding thread to help readers understand just how necessary it is to protect oneself from a cyberspace, an Internet, that is sometimes so hostile.

We'll see why NIS2 focuses on the ability of EU member states to ensure their cyber resilience, which is the ability of an individual, organization or system to resist, adapt and recover quickly from a disaster.

Note :

A glossary and table of abbreviations appear at the end of the article.

You do not have access to this resource.

Exclusive to subscribers. 97% yet to be discovered!

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!


The Ultimate Scientific and Technical Reference

A Comprehensive Knowledge Base, with over 1,200 authors and 100 scientific advisors
+ More than 10,000 articles and 1,000 how-to sheets, over 800 new or updated articles every year
From design to prototyping, right through to industrialization, the reference for securing the development of your industrial projects

This article is included in

Environment

This offer includes:

Knowledge Base

Updated and enriched with articles validated by our scientific committees

Services

A set of exclusive tools to complement the resources

Practical Path

Operational and didactic, to guarantee the acquisition of transversal skills

Doc & Quiz

Interactive articles with quizzes, for constructive reading

Subscribe now!

Ongoing reading
NIS2 and ISO/IEC 27001 – Towards a cyber-resilient European Union