Network and Information Systems (NIS) Regulations - A pocket guide for digital service providers
By Alan Calder
()
About this ebook
This pocket guide is a primer for any DSPs (digital service providers) that needs to comply with the NIS Regulations, and explores who they are, and why the NIS Regulations are different for them.
An introduction to the new NIS Regulations 2018 that bring the EU’s NIS Directive and Implementing Regulation into UK law.
This guide outlines the key requirements, details exactly which digital service providers are within scope, and explains how the security objectives from ENISA’s Technical Guidelines and international standards can help DSPs achieve compliance.
This guide will help you:
- Clarify how to identify if you are within the scope of the NIS Regulations
- Gain an insight into the NIS Directive
- Unravel the key definitions, authorities and points of contact
- Understand the benefits of a good cyber resilience plan
Your essential guide to understanding the NIS Regulations – buy this book today and get the help and guidance you need.
Alan Calder
Alan Calder is a leading author on IT governance and information security issues. He is the CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. Alan is an acknowledged international cyber security guru. He has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ). He is a frequent media commentator on information security and IT governance issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.
Read more from Alan Calder
Information Security Risk Management for ISO 27001/ISO 27002, third edition Rating: 4 out of 5 stars4/5IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT Rating: 4 out of 5 stars4/5Risk Assessment for Asset Owners Rating: 4 out of 5 stars4/5PCI DSS: A pocket guide, sixth edition Rating: 0 out of 5 stars0 ratingsInformation Security Risk Management for ISO27001/ISO27002 Rating: 4 out of 5 stars4/5ISO/IEC 38500: The IT Governance Standard Rating: 5 out of 5 stars5/5ISO 27001/ISO 27002: A guide to information security management systems Rating: 0 out of 5 stars0 ratingsEU GDPR - A pocket guide, second edition Rating: 0 out of 5 stars0 ratingsPCI DSS: A Pocket Guide, fourth edition Rating: 0 out of 5 stars0 ratingsCyber Essentials: A Pocket Guide Rating: 5 out of 5 stars5/5IT Governance: A Pocket Guide Rating: 3 out of 5 stars3/5Selling Information Security to the Board: A Primer Rating: 0 out of 5 stars0 ratingsCyber Essentials: A guide to the Cyber Essentials and Cyber Essentials Plus certifications Rating: 0 out of 5 stars0 ratingsThe EU Data Protection Code of Conduct for Cloud Service Providers: A guide to compliance Rating: 0 out of 5 stars0 ratingsPCI DSS: A Pocket Guide Rating: 2 out of 5 stars2/5The Case for ISO27001:2013 Rating: 1 out of 5 stars1/5Network and Information Systems (NIS) Regulations - A pocket guide for operators of essential services Rating: 0 out of 5 stars0 ratingsThe Green Office: A Business Guide Rating: 0 out of 5 stars0 ratingsIT Governance Critical Issues Series: Cyber Security Rating: 0 out of 5 stars0 ratingsNine Steps to Success: North American edition: An ISO 27001 Implementation Overview Rating: 0 out of 5 stars0 ratingsCompliance for Green IT: A Pocket Guide Rating: 5 out of 5 stars5/5IT Regulatory Compliance in the UK Rating: 0 out of 5 stars0 ratingsA concise introduction to the NIS Directive: A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratingsPCI DSS: A Pocket Guide - 3rd edition Rating: 0 out of 5 stars0 ratings
Related to Network and Information Systems (NIS) Regulations - A pocket guide for digital service providers
Related ebooks
A concise introduction to the NIS Directive: A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratingsIT Regulatory Compliance in the UK Rating: 0 out of 5 stars0 ratingsNetwork and Information Systems (NIS) Regulations - A pocket guide for operators of essential services Rating: 0 out of 5 stars0 ratingsThe Case for ISO27001:2013 Rating: 1 out of 5 stars1/5Cyber Resilience: Defence-in-depth principles Rating: 0 out of 5 stars0 ratingsIT Governance Critical Issues Series: Cyber Security Rating: 0 out of 5 stars0 ratingsInformation Risk Management: A practitioner's guide Rating: 5 out of 5 stars5/5IT Induction and Information Security Awareness: A Pocket Guide Rating: 0 out of 5 stars0 ratingsManaging Cybersecurity Risk: Book 3 Rating: 0 out of 5 stars0 ratingsEU General Data Protection Regulation (GDPR) - An Implementation and Compliance Guide Rating: 0 out of 5 stars0 ratingsLessons Learned: Critical Information Infrastructure Protection: How to protect critical information infrastructure Rating: 0 out of 5 stars0 ratingsCyber Security and Policy: A substantive dialogue Rating: 0 out of 5 stars0 ratingsCyber Risks for Business Professionals: A Management Guide Rating: 0 out of 5 stars0 ratingsBe Cyber Secure: Tales, Tools and Threats Rating: 0 out of 5 stars0 ratingsInformation Security Breaches: Avoidance and Treatment based on ISO27001 Rating: 0 out of 5 stars0 ratingsThe EU Data Protection Code of Conduct for Cloud Service Providers: A guide to compliance Rating: 0 out of 5 stars0 ratingsManaging Information Risk: A Director's Guide Rating: 0 out of 5 stars0 ratingsThe Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks Rating: 0 out of 5 stars0 ratingsUpcoming Updates In Data Protection: Whistleblowing Channels Rating: 0 out of 5 stars0 ratingsCyber Security: Essential principles to secure your organisation Rating: 0 out of 5 stars0 ratingsEU General Data Protection Regulation (GDPR), third edition: An Implementation and Compliance Guide Rating: 0 out of 5 stars0 ratingsThe Cybersecurity Maturity Model Certification (CMMC) – A pocket guide Rating: 0 out of 5 stars0 ratingsEU GDPR - A pocket guide, second edition Rating: 0 out of 5 stars0 ratingsThreat 2.0: Security and Compliance for Web 2.0 Sites Rating: 0 out of 5 stars0 ratingsNine Steps to Success: An ISO27001:2013 Implementation Overview Rating: 1 out of 5 stars1/5Application Security in the ISO27001 Environment Rating: 0 out of 5 stars0 ratingsInformation Security Governance: A Practical Development and Implementation Approach Rating: 0 out of 5 stars0 ratingsSelling Information Security to the Board: A Primer Rating: 0 out of 5 stars0 ratingsFuture Perspectives Rating: 0 out of 5 stars0 ratingsFight Fire with Fire: Proactive Cybersecurity Strategies for Today's Leaders Rating: 0 out of 5 stars0 ratings
Computers For You
Slenderman: Online Obsession, Mental Illness, and the Violent Crime of Two Midwestern Girls Rating: 4 out of 5 stars4/5Standard Deviations: Flawed Assumptions, Tortured Data, and Other Ways to Lie with Statistics Rating: 4 out of 5 stars4/5SQL QuickStart Guide: The Simplified Beginner's Guide to Managing, Analyzing, and Manipulating Data With SQL Rating: 4 out of 5 stars4/5Procreate for Beginners: Introduction to Procreate for Drawing and Illustrating on the iPad Rating: 0 out of 5 stars0 ratingsMastering ChatGPT: 21 Prompts Templates for Effortless Writing Rating: 5 out of 5 stars5/5101 Awesome Builds: Minecraft® Secrets from the World's Greatest Crafters Rating: 4 out of 5 stars4/5The Invisible Rainbow: A History of Electricity and Life Rating: 4 out of 5 stars4/5Elon Musk Rating: 4 out of 5 stars4/5Dark Aeon: Transhumanism and the War Against Humanity Rating: 5 out of 5 stars5/5Grokking Algorithms: An illustrated guide for programmers and other curious people Rating: 4 out of 5 stars4/5The ChatGPT Millionaire Handbook: Make Money Online With the Power of AI Technology Rating: 0 out of 5 stars0 ratingsHacking: Ultimate Beginner's Guide for Computer Hacking in 2018 and Beyond: Hacking in 2018, #1 Rating: 4 out of 5 stars4/5Alan Turing: The Enigma: The Book That Inspired the Film The Imitation Game - Updated Edition Rating: 4 out of 5 stars4/5CompTIA IT Fundamentals (ITF+) Study Guide: Exam FC0-U61 Rating: 0 out of 5 stars0 ratingsCreating Online Courses with ChatGPT | A Step-by-Step Guide with Prompt Templates Rating: 4 out of 5 stars4/5CompTIA Security+ Practice Questions Rating: 2 out of 5 stars2/5Summary of Max Tegmark's Life 3.0 Rating: 0 out of 5 stars0 ratingsThe Insider's Guide to Technical Writing Rating: 0 out of 5 stars0 ratingsHow to Create Cpn Numbers the Right way: A Step by Step Guide to Creating cpn Numbers Legally Rating: 4 out of 5 stars4/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5CompTIA Security+ Get Certified Get Ahead: SY0-701 Study Guide Rating: 5 out of 5 stars5/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Rating: 4 out of 5 stars4/5Master Builder Roblox: The Essential Guide Rating: 4 out of 5 stars4/5Deep Search: How to Explore the Internet More Effectively Rating: 5 out of 5 stars5/5
Reviews for Network and Information Systems (NIS) Regulations - A pocket guide for digital service providers
0 ratings0 reviews
Book preview
Network and Information Systems (NIS) Regulations - A pocket guide for digital service providers - Alan Calder
Network and Information Systems (NIS) Regulations
A pocket guide for digital service providers
Network and Information Systems (NIS) Regulations
A pocket guide for digital service providers
ALAN CALDER
Every possible effort has been made to ensure that the information contained in this book is accurate at the time of going to press, and the publisher and the author cannot accept responsibility for any errors or omissions, however caused. Any opinions expressed in this book are those of the author, not the publisher. Websites identified are for reference only, not endorsement, and any website visits are at the reader’s own risk. No responsibility for loss or damage occasioned to any person acting, or refraining from action, as a result of the material in this publication can be accepted by the publisher or the author.
Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form, or by any means, with the prior permission in writing of the publisher or, in the case of reprographic reproduction, in accordance with the terms of licences issued by the Copyright Licensing Agency. Enquiries concerning reproduction outside those terms should be sent to the publisher at the following address:
IT Governance Publishing Ltd
Unit 3, Clive Court
Bartholomew’s Walk
Cambridgeshire Business Park
Ely, Cambridgeshire
CB7 4EA
United Kingdom
www.itgovernancepublishing.co.uk
© Alan Calder 2018
The author has asserted the rights of the author under the Copyright, Designs and Patents Act, 1988, to be identified as the author of this work.
First published in the United Kingdom in 2018 by IT Governance Publishing.
ISBN 978-1-78778-050-7
ABOUT THE AUTHOR
Alan Calder is the founder and executive chairman of IT Governance Ltd (www.itgovernance.co.uk), an information, advice and consultancy firm that helps company boards tackle IT governance, risk management, compliance and information security issues. Alan is an acknowledged international cyber security guru and a leading author on information security and IT governance issues. He has many years of senior management experience in the private and public sectors.
CONTENTS
Introduction
Background
A note on Brexit
Guidance
Key definitions
Scope and applicability
Online marketplaces
Online search engines
Cloud computing services
Self-identification
Some special cases
Operators of essential services
Authorities and bodies
Competent authorities
CSIRTs
Single points of contact
Cooperation Group
Powers and penalties
Complying with the Directive
Minimum security measures
Appropriate to the risk
Technical and organisational measures
International standards
Implementing cyber resilience
ISO 27001 and ISO 27002
Standards for Cloud services
ISO 22301
ISO 27035
Combining standards
Appendix: Mapping of ENISA’s Technical Guidelines and ISO 27001 Annex A
Further reading
INTRODUCTION
Technology has brought us into a world that many of us only poorly understand. While we may have some grasp of this technology, there is often a lack of real understanding as to how these technologies work and interact. A few decades ago, we understood that if the water levels fell then the hydroelectric plant would not be able to generate electricity. We knew that interchanges connected our phones to other phones elsewhere in the world. We had some appreciation of the fact that supermarkets and other retailers would have to call suppliers and wholesalers in order to have food delivered. Essential services and infrastructure were quite simple to understand.
Nowadays, so much has been automated and interlinked that it can be difficult to understand how our phone calls are connected or where our power comes from. Most people do not need to really understand how society continues to function. They do not need to know that RFID chips attached to crates of fruit make sure there is always fresh fruit on supermarket shelves. The electricity grid is driven by hundreds of power stations, with the flow managed, surpluses stored and shortfalls accounted for automatically. Our phones connect to remote cell towers and flicker between them to maintain the best possible connection.