itrust consulting is excited to announce an upcoming training session designed to help you develop essential skills and boost your expertise. The Network and Information Security directive NIS2 is due to be transposed and applicable on 17 October 2024. In order to strengthen management accountability and prevent cyberattacks, the regulators have mandated the decision maker to be trained in cybersecurity. This course teaches managers without technical knowledge on NIS2 requirements: state-of-the-art information security management systems, risk management theories and practices, the technical process for understanding and, managing cyber-attacks. Click here for more information and to register

Interview with Smart Cities, translation by itrust consulting. The NIS2 Directive, Europe’s cybersecurity legislation, introduces legal measures designed to strengthen the protection of networks and information in a Europe faced with increasingly sophisticated threats and malicious acts. It will come into force in Autumn, at which time public and private entities actors will be requested to proof their credentials to the regulator, responsible for sanctioning any related breaches. Carlo Harpes, founder and managing director of itrust consulting, an expert in cybersecurity since 2007, sheds light on the challenges of compliance, and presents the tools specially developed by the company to meet those challenges. “When it comes to cybersecurity, everyone is responsible, especially managers, including sworn civil servants”. The European NIS2 directive will come into force this autumn. What do we need to know about it? Its noble aim is to prepare the public sector and certain new private sectors for the challenge of cybersecurity. It must be transposed by October 15, 2024, by which time all European entities concerned must be compliant. From that date onwards, they will be expected to manage cybersecurity according to “applicable international standards”, based on an “assessment of the probability and consequences” of a series of risk scenarios. It should be noted that they will be obliged to justify themselves to a national regulator, namely the Institut luxembourgeois de Régulation (ILR) or the CSSF for the financial sector.   This second draft of the directive is worrying because it announces penalties similar to those for non-compliance with the GDPR and gives the ILR the right to impose measures including the removal of the top management. What the penalties will really punish is ignorance. Thus, top management is allowed to knowingly refuse to invest in important security measures and choose to run a risk, provided that such decisions are documented and justified. But it will not be entitled to ignore a request for information, or a binding instruction the regulator.   How do your customers react to these requirements? They’re fed up with regulation and compliance. But there’s no point complaining: it’s all part of the zeitgeist. When we carry out GDPR compliance projects, we observe that about a third of the work is linked to documentation and may indeed seem tedious. But another third is devoted to training and empowering staff, a very productive step that many entities neglect. The final third of the effort… Read more »