Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

New ’NIS2’ Cybersecurity standards - Expert Comment

May 2022 by Experts

Following the news that Europe has moved closer toward new cybersecurity standards and reporting rules following a provisional network and information systems agreement dubbed NIS2 by the European Council and Parliament, the comments from Saket Modi, who highlights that the new regulations are a step in the right direction, but more needs to be done, and Paul Brucciani, who offers comments around the ways organisations should also look to logical cybersecurity rules as compliance doesn’t always make you safer:

Saket Modi, CEO and Co-founder at Safe Security

“Cyberattacks on critical infrastructure have increased both in frequency and sophistication in the last few years. It is important, now more than ever, that regulators bring in stricter guidelines and laws to proactively and better manage cyber risk. We are seeing this regulatory push not just in the critical infrastructure sector, but across sectors globally. Whether that is the SEC guidelines in the US, or the new agreement between EU countries and lawmakers, it is a step in the right direction. The impact of these regulatory changes will depend on the quality of implementation. The management team (CEO, CFO, CIO, CISO) and the security teams need to acknowledge that cyber risk is now a business discussion, not just a technical discussion.

As businesses continue to adopt technology, the attack surface continues to rise too, and both security and business leaders need better visibility of cyber risks, to understand where the weakest links are and the potential financial value that is at risk - there is an innate need to quantify cyber risks to be able to manage it better.

While these are positive movements, I believe that the cybersecurity industry still lacks a common language and framework to communicate and understand cyber risk. In the same way that a company’s financial statement provides a common language to discuss financial risk, both businesses and regulators need a common metric for cyber risk. This is where Cyber Risk Quantification and Management platforms can be a game-changer. It can augment a company’s present cybersecurity practices and bring a much-needed unified, real-time, and objective metric to manage cyber risk more efficiently.”

Paul Brucciani, Cyber Security Advisor at WithSecure

“Favour discretion over rules. Cyber security based on compliance rules or standards may make it easier to get through client audits, but it may not make you secure. Standards take many years to agree and implement, by which the cyber threat has moved on, and they reflect the minimum capability that standard-setters consider to be generally appropriate, rather than a target capability.

Excessive emphasis on codes of compliance rather than responsibility gives rise to complacency and raises the risk of failure. Independently scrutinise standards set by consensus and create a logical, defensible cyber risk strategy, specific and appropriate to individual business.”


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts