NIS2 direktiva / NIS2 Directive
#1
Quote:The Network and Information Security (NIS) Directive is the first piece of EU-wide legislation on cybersecurity, and its specific aim was to achieve a high common level of cybersecurity across the Member States. While it increased the Member States' cybersecurity capabilities, its implementation proved difficult, resulting in fragmentation at different levels across the internal market. To respond to the growing threats posed with digitalisation and the surge in cyber-attacks, the Commission has submitted a proposal to replace the NIS Directive and thereby strengthen the security requirements, address the security of supply chains, streamline reporting obligations, and introduce more stringent supervisory measures and stricter enforcement requirements, including harmonised sanctions across the EU. The proposed expansion of the scope covered by NIS2, by effectively obliging more entities and sectors to take measures, would assist in increasing the level of cybersecurity in Europe in the longer term. Within the European Parliament, the file has been assigned to the Committee on Industry, Research and Energy. The committee adopted its report on 28 October 2021, as well as a mandate to enter into interinstitutional negotiations. For its part, the Council agreed its position on 3 December 2021. The co-legislators reached a provisional agreement on the text on 13 May 2022. The text now needs to be adopted formally by both institutions, with the Parliament due to vote on it in plenary in the coming months. Third edition. The 'EU Legislation in Progress' briefings are updated at key stages throughout the legislative procedure.

Linkovi:
https://www.europarl.europa.eu/thinktank...021)689333
https://www.europarl.europa.eu/RegData/e...333_EN.pdf

Na pitanje: "Jel ima neki commentary o uticaju ove regulative na SMB IT preduzeca? Koje su nam nove zakonske obaveze?", Slobodan Marković odgovara jednom veoma zanimljivom tabelom:

[Image: attachment.php?aid=438]

Izvor: https://twitter.com/ivanhoe011/status/16...6787575808, arhivirano: https://archive.ph/cVllM.

Za našu diskusiju koju smo pomenuli ovde, a povodom community CERT-a i uopšte obaveza CERT-a, ovde: https://bezbedanbalkan.net/thread-317.html, relevantan je jako član 11, paragraf 3: 

Quote:The CSIRTs may carry out proactive non-intrusive scanning of publicly accessible network and information systems of essential and important entities. Such scanning shall be carried out to detect vulnerable or insecurely configured network and information systems and inform the entities concerned. Such scanning shall not have any negative impact on the functioning of the entities’ services.

Hvala @smarkovic na skretanju pažnje.


Attached Files Image(s)
   
“If you think you are too small to make a difference, try sleeping with a mosquito.” - Dalai Lama XIV
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)