COMUNICAR CIBERSEGURANÇA | Ep.8 - "Nova Diretiva da UE para a Cibersegurança" | Podcast do CNCS

Centro Nacional de Cibersegurança
27 Mar 202412:38

Summary

TLDRIn this episode of the Communicar podcast, experts discuss the new EU Cybersecurity Directive (NIS 2), which replaces the 2016 NIS Directive. The main innovations include expanding the scope to cover more sectors, emphasizing organizational responsibility for cybersecurity, and creating a European cooperation network for incident reporting. The directive requires organizations to adopt a proactive cybersecurity approach, with a focus on risk assessment and a cybersecurity culture. Experts highlight the challenges and opportunities for organizations in implementing these changes, as well as the importance of resilience and trust in the digital space.

Takeaways

  • 😀 The EU's new cybersecurity directive, NIS 2, was published on December 14, 2022, and replaces the previous directive, NIS 1 from 2016.
  • 😀 NIS 2 aims to ensure a high level of cybersecurity across the EU and ensure countries are prepared to respond to cyberattacks.
  • 😀 Portugal must transpose NIS 2 into national law by October 2024.
  • 😀 Three key innovations of NIS 2: expanding its scope to include new sectors, the principle of responsibility for cybersecurity within organizations, and the creation of a European network for incident communication and cooperation.
  • 😀 The previous NIS 1 was insufficient to address the rapid digital transformation and new cyber threats, especially accelerated by the COVID-19 pandemic.
  • 😀 NIS 2 forces organizations to adopt a proactive approach to cybersecurity, requiring risk assessments and preparation ahead of any incidents.
  • 😀 Organizations will need to create a cybersecurity culture from top management to staff, with training and internal awareness campaigns.
  • 😀 NIS 2 includes expanded responsibilities for organizations, not only for internal cybersecurity but also for assessing the cybersecurity of third-party suppliers.
  • 😀 Many organizations are already working towards NIS 2 compliance, identifying gaps, and improving their cybersecurity processes.
  • 😀 The new directive brings greater trust in digital environments, including public services, and strengthens overall cybersecurity resilience in Europe.
  • 😀 NIS 2 provides an opportunity for organizations to differentiate themselves by becoming more resilient and trustworthy, rather than viewing compliance as a cost.

Q & A

  • What is the primary goal of the EU's NIS2 Directive?

    -The primary goal of the NIS2 Directive is to ensure a high level of cybersecurity across the European Union, ensuring that member states are prepared to respond to cyberattacks effectively.

  • How does the NIS2 Directive differ from the previous NIS Directive?

    -The NIS2 Directive expands the scope of application to include additional sectors such as hydrogen, pharmaceuticals, and data centers, among others. It also introduces stronger accountability measures, requiring organizations to demonstrate compliance, and establishes a network for cooperation and communication during cybersecurity incidents.

  • What are the key innovations introduced by NIS2 compared to NIS1?

    -Key innovations of NIS2 include the broader application to more sectors, the introduction of responsibility for organizational leadership in cybersecurity, and the creation of a European network for communication and cooperation on cybersecurity incidents.

  • Why was the NIS2 Directive developed, replacing the earlier NIS Directive?

    -The NIS Directive became insufficient due to rapid digital transformation, accelerated by the COVID-19 pandemic. The EU recognized that new cybersecurity threats required stronger resilience measures, crisis management strategies, and improved communication frameworks, which NIS2 addresses.

  • What type of proactive approach will organizations have to adopt under NIS2?

    -Under NIS2, organizations will need to adopt a proactive approach to cybersecurity, which includes assessing risks, identifying essential functions, and implementing preventive measures to address potential threats before incidents occur.

  • How will NIS2 impact organizational culture regarding cybersecurity?

    -NIS2 requires a cultural shift within organizations, promoting cybersecurity awareness from the top down. It emphasizes the need for internal training, with even executives being responsible for cybersecurity implementation and ensuring compliance within their organizations.

  • Are organizations currently prepared to meet the new demands of NIS2?

    -While some organizations have already experienced cyber incidents and are proactively adapting, many still have work to do. NIS2 imposes stricter requirements, including ensuring supply chain cybersecurity, which requires thorough evaluations of third-party vendors.

  • What is the significance of the deadline of October 2024 for Portugal in relation to NIS2?

    -By October 2024, Portugal must transpose the NIS2 Directive into national law, which means that organizations must start preparing now to meet the new cybersecurity obligations outlined in the directive.

  • How will the NIS2 Directive affect the relationship between organizations and third-party vendors?

    -NIS2 extends its cybersecurity obligations to the supply chain. Organizations will need to assess and ensure that their third-party vendors adhere to appropriate security standards, even if the vendors are not directly subject to NIS2 regulations.

  • What are the potential benefits of NIS2 for organizations, despite the challenges it presents?

    -While NIS2 imposes new responsibilities, it offers organizations an opportunity to differentiate themselves by becoming more resilient, securing customer and stakeholder trust, and contributing to a safer digital ecosystem, ultimately improving their overall cybersecurity posture.

Outlines

plate

Dieser Bereich ist nur für Premium-Benutzer verfügbar. Bitte führen Sie ein Upgrade durch, um auf diesen Abschnitt zuzugreifen.

Upgrade durchführen

Mindmap

plate

Dieser Bereich ist nur für Premium-Benutzer verfügbar. Bitte führen Sie ein Upgrade durch, um auf diesen Abschnitt zuzugreifen.

Upgrade durchführen

Keywords

plate

Dieser Bereich ist nur für Premium-Benutzer verfügbar. Bitte führen Sie ein Upgrade durch, um auf diesen Abschnitt zuzugreifen.

Upgrade durchführen

Highlights

plate

Dieser Bereich ist nur für Premium-Benutzer verfügbar. Bitte führen Sie ein Upgrade durch, um auf diesen Abschnitt zuzugreifen.

Upgrade durchführen

Transcripts

plate

Dieser Bereich ist nur für Premium-Benutzer verfügbar. Bitte führen Sie ein Upgrade durch, um auf diesen Abschnitt zuzugreifen.

Upgrade durchführen

Weitere ähnliche Videos ansehen

NIS2 vodcast: Kockázatkezelés

La directive NIS2 - Quel est l'impact sur mon entreprise ?

EU Finance Podcast: Episode 13 - The one about sustainability reporting

HAPPENING NOW: Military Authorized To Use LETHAL FORCE To ASSIST Civilian Police In Civil Unrest...

Licensing for Cybersecurity Service Providers Under Malaysia's Cyber Security Act 2024

What is a European Union AML Directive | 6MLD | Money Laundering Directive | AML Regulatory Scope

Rate This

5.0 / 5 (0 votes)

Summary
Outlines
Mindmap
Keywords
Highlights
Transcripts
Ähnliche Tags
cybersecurityNIS2EU directivedata protectionprivacy laworganizational securitycyber threatsregulationsdigital transformationEU legislation
Benötigen Sie eine Zusammenfassung auf Englisch?