Keywords
NIS2, ISO 27001, TISAX, registration, checklist, liability risk, common sense
Summary
Klaus Kilvinger of Opexa Advisory eases the fear of NIS2 over regulation and implementation fatigue. He argues that the basics are already existing in many companies, and that dealing with cyber risks is just another pillar of regular risk management practices the management has always been responsible for.
Takeaways
All in all, companies from 18 sectors and with more than 50 employees are affected by NIS2.
There is no external source which tells companies if they fall under NIS2. Every management has to do its homework.
NIS2 is no one-size-fits-all but can be implemented according to a company’s risk profile. Common sense is good best practice advise.
It’s absolutely sensible to follow NIS2. After all, it’s common sense for companies to have a risk management for finances and an emergency plan in production, too.
There is nothing new about the management’s liability risk since it has been in the DNA of management since decades.
Companies who have implemented ISO 27001 or (in automotive) TISAX already have done most of their NIS2 homework. There is no need to re-invent the wheel.
The first steps: Check if you fall under NIS2. Conduct a gap analysis.
Apart from several cyberattack prevention topics, the emergency and contingency management is priority of NIS2 compliance.
Multi-national companies with locations in different EU countries should check if they treat the locations separately or in context to each other.
Sound Bites
Klaus Kilvinger: NIS2 is sensible because it’s risk-oriented.
Klaus Kilvinger: Management shocked by the regulation should ask themselves what exactly they are shocked by.
Klaus Mochalski: NIS2 brings nothing really new for management. They have been responsible for mitigating risks for their company for ages.
Klaus Mochalski: Multi-factor authentication is like the safety belt in cars. It’s sensible to use.
Klaus Kilvinger: There is no need for management to panic, they don’t have to become IT gurus to be qualified for implementing NIS2. The basic knowledge can be learned in 4 hours.
Klaus Kilvinger: NIS2 implementation can be easily based on existing management systems. It’s recycling, recycling, recycling.
Chapters
00:00 Introduction
00:45 NIS2 basics: Who is affected? When to start?
04:00 Is NIS2 over-regulating?
07:40 Secondary activity, reporting obligations, liability risk
09:55 Why NIS2 is simple common sense
12:30 What’s new regarding management liability risk?
16:30 Tools and steps for newbees
19:10 A quick introduction to NIS2 elements
21:33 The first 2 or 3 steps to implement NIS2
24:39 Don’t re-invent the wheel
More podcasts with Klaus Kilvinger: https://www.rhebo.com/en/podcast/iso-27001-for-ot-benefit-or-overhead
