Network and Information Security (NIS2)
摘要
The practice protecting network and information systems from cyber risks is part of cybersecurity efforts. These cyber risks are usually aimed at accessing, changing, or destroying sensitive information and/or interrupting normal business processes and others. Against this background, the European Union (EU), in Western Europe, introduced in 2016 the Network and Information Security (NIS) Directive, to conquer on this danger. The Western Europe EU Member States had to transpose NIS in their national law by 2018. December 2020, the enhanced EU cybersecurity strategy was presented that aims to bolster the EU’s collective resilience against cyber risks, to ensure that EU citizens and businesses benefit from trustworthy, reliable services and digital tools, which finally results in the Network and Information Security NIS2 Directive. The aim of NIS2 is to strengthen the collective cybersecurity level of Western Europe EU Member States by means of increasing cybersecurity enforcement requirements for high critical and critical sectors. NIS2 sets out rules for a regulatory directive and lays down cooperation mechanisms among relevant authorities in each EU Member State. Furthermore, NIS2 expands the scope of sectors and activities subject, to cybersecurity obligations, and improves their enforcement. With it, the implementation of NIS2 will reshape EU Member States cybersecurity landscape, fostering a digital ecosystem by means of introduced compliance challenges. Furthermore, standardized practices aligned with this Directive enable an opportunity to evaluate cybersecurity awareness and practices, across high critical and other critical sectors. Therefore, cybersecurity is not only a technical expense but also a cornerstone of organization resilience. Given that fact, this chapter introduce in Sect. 2.1 in the determining background that applies to NIS2. Section 2.2 focus on NIS2 Chapter I General Provision, and Sect. 2.3 on NIS2 Chapter II Coordinated Cybersecurity Frameworks. Section 2.4 refer to NIS2 Chapter III Cooperation at Union and International Level, and Sect. 2.5 introduce in detail NIS2 Chapter IV Cybersecurity Risk-Management Measures and Reporting Obligations. This Section also contain detailed hints for methodological, practical and application-oriented solutions. Thereafter, Section 2.6 focusses on NIS2 Chapter V Jurisdiction and Registration, while Sect. 2.7 refers on NIS2 Chapter VI Information Sharing. NIS2 Chapter VII in Sect. 2.8 dealing with a text on Supervision and Enforcement. Finally, Section 2.9 introduce NIS2 Chapter VIII Delegated and Implementing Acts, while Sect. 2.10 focus on NIS2 Chapter IX Final Provisions. Book Sect. 2.11 contains comprehensive questions with specific focus to the esential topics from Sect. 2.5 NIS2 Chapter IV Cybersecurity Risk-Management Measures and Reporting Obligations, followed by references for further reading.