Job Offers
NIS2 training at ABC-Groep: Ready for the future
Liesje Van Ginhoven 13/02/2025

NIS2 training at ABC-Groep: Ready for the future

NIS2 training at ABC-Groep: Ready for the future 

Recently, a training session on the NIS2 legislation was held at ABC Group’s offices, aimed at management. The training, provided by Brand Compliance, offered insights into the necessity of information security and how organizations can prepare for the stringent requirements of the NIS2 directive. After the session, 13 participants received their certificates, officially enabling them to tackle the challenges of the future. 

What is NIS2? 

NIS2, a directive from the European Union, aims to improve network and information security within the EU. It is the successor to the NIS directive from 2016, which established cybersecurity requirements for the most critical sectors. NIS2 extends this to a broader range of sectors, including companies essential to the economy, such as IT providers, healthcare, and other critical infrastructures. 

Why is NIS2 important? 

The digital world is inseparably linked to cyber threats. Businesses are increasingly confronted with attacks such as ransomware, DDoS attacks, and data breaches. Looking at the figures, the impact of such attacks cannot be underestimated: the costs of a ransomware attack can be exponentially higher than the ransom demanded. As a result, it is crucial for organizations to secure their networks and systems properly. 

The NIS2 legislation emphasizes strengthening the digital resilience of businesses. It is a response to the growing vulnerabilities in the digital world and the increasingly sophisticated cyber threat landscape. 

What should businesses know? 

As an organization, you must prepare for the NIS2 legislation. The directive includes mandatory measures, such as: 

  • Governance and risk management: As a director, you may be personally liable if your organization does not meet the NIS2 requirements. The law stipulates that businesses must have an effective risk management policy. 

  • Measures and reporting: NIS2 requires organizations to proactively take measures to ensure the security of their systems and report incidents in a timely manner. 

  • Liability and certification: Businesses may be required to undergo external audits or certifications to demonstrate compliance with the NIS2 directive. 

The CIA triangle 

During the training, the "CIA" model (Confidentiality, Integrity, Availability) was discussed. This model provides a framework for developing an effective information security policy: 

  • Confidentiality: Protecting sensitive information from unauthorized access. 

  • Integrity: Ensuring the accuracy and reliability of data. 

  • Availability: Ensuring that information is accessible to authorized users when needed. 

These basic principles must be applied to comply with NIS2 requirements, but they are also essential for protecting business data from threats such as hackers and cyberattacks. 

NIS2 measures 

To comply with NIS2, businesses must implement various measures specifically aimed at strengthening their information security. These measures must be suitable to reduce risks and proportional to the size of the business and the nature of the risks. The 10 measures businesses must take, according to Article 21 of NIS2, are as follows: 

  1. Risk assessment and treatment policy 

Businesses must develop a policy for conducting risk assessments and taking the necessary actions to address these risks. 

  1. Incident handling 

Organizations must have procedures in place for reporting incidents to the relevant authorities (e.g., CCB) and providing detailed descriptions of these incidents. The goal is to respond quickly to threats and attacks. 

  1. Business continuity 

Companies must implement measures to ensure the continuity of their services, such as having backups and recovery plans for critical data and systems. 

  1. Supply chain and vendor management 

A key aspect of NIS2 is the responsibility of vendors. If a client is required to comply with NIS2, the entire supply chain must also meet the directive’s standards. This means companies must check their suppliers and ensure they meet necessary security standards. 

  1. Security by design 

Security must be considered from the design and development stage of systems and applications. This means "security-first," or making security a foundational principle. 

  1. Evaluating the effectiveness of cybersecurity measures 

Organizations must regularly check the effectiveness of their cybersecurity measures and adjust them as necessary to ensure they provide the desired protection. 

  1. Security awareness program 

Employees must be trained in cybersecurity. This includes raising awareness of potential threats and knowing how to report and handle incidents. 

  1. Cryptography and encryption 

Using encryption is essential for protecting the confidentiality of data. Businesses must implement encryption for sensitive data whenever possible. 

  1. HR security 

Policies must ensure employees work securely, including implementing access control and asset management procedures. 

  1. Multi-Factor Authentication (MFA) 

Organizations must implement multi-factor authentication to ensure that only authorized individuals have access to critical systems and data. This adds extra layers of security beyond passwords. 

Steps to compliance 

When choosing certification, businesses can opt for different frameworks, such as ISO27001, CyFun (a Belgian framework), or NIS2 itself. Each approach has its advantages, depending on the company’s needs and the scope of the regulations. CyFun is relatively new and specifically targets Belgian companies, while ISO27001 is internationally recognized. The path to NIS2 certification is a process of continuous improvement and compliance. The key steps include: 

  • Team and budget: Assemble a team, set a budget, and create a clear action plan. 

  • Business impact analysis: Identify your organization's critical processes and systems. 

  • Gap assessment: Compare your current situation with NIS2 requirements and identify necessary improvements. 

  • Implementation of measures: Carry out the improvements and implement the required security measures. 

  • Certification and verification: After implementation, an external certified body (such as Brand Compliance) can verify your company’s NIS2 compliance. 

Conclusion 

It is clear that NIS2 legislation plays an important role in ensuring cybersecurity in Europe. For businesses, this means not only implementing IT security but also involving the entire management in the process. Thanks to the training at ABC Group, participants are now better prepared to help their organizations comply with NIS2 requirements and defend against future cyber threats. 

 

IMG 7850

IMG 7858

IMG 7855

IMG 7843

IMG 7844

Search

Recent blog posts

Quantum computing for businesses: What’s possible in 2025?
17/02/2025

Quantum computing for businesses: What’s possible in 2025?

NIS2 training at ABC-Groep: Ready for the future
13/02/2025

NIS2 training at ABC-Groep: Ready for the future

ABC-Groep Customer event 2025 
10/02/2025

ABC-Groep Customer event 2025 

Tags

All Security .NET Network management Managed Services Fortinet It Management Infra Sharepoint Growth Techorama AI