Network and Information Systems (NIS) Regulations - A pocket guide for digital service providers

By Alan Calder

This pocket guide is a primer for any DSPs (digital service providers) that needs to comply with the NIS Regulations, and explores who they are, and why the NIS Regulations are different for them.

An introduction to the new NIS Regulations 2018 that bring the EU’s NIS Directive and Implementing Regulation into UK law.  

This guide outlines the key requirements, details exactly which digital service providers are within scope, and explains how the security objectives from ENISA’s Technical Guidelines and international standards can help DSPs achieve compliance.

This guide will help you:

• Clarify how to identify if you are within the scope of the NIS Regulations
• Gain an insight into the NIS Directive
• Unravel the key definitions, authorities and points of contact
• Understand the benefits of a good cyber resilience plan

Your essential guide to understanding the NIS Regulations – buy this book today and get the help and guidance you need.

 

 

 

• Language: English
• Publisher: itgovernance
• Release date: Nov 1, 2018
• ISBN: 9781787780507

Alan Calder

Alan Calder is a leading author on IT governance and information security issues. He is the CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. Alan is an acknowledged international cyber security guru. He has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ). He is a frequent media commentator on information security and IT governance issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.

Book preview

Network and Information Systems (NIS) Regulations

A pocket guide for digital service providers

Network and Information Systems (NIS) Regulations

A pocket guide for digital service providers

ALAN CALDER

Every possible effort has been made to ensure that the information contained in this book is accurate at the time of going to press, and the publisher and the author cannot accept responsibility for any errors or omissions, however caused. Any opinions expressed in this book are those of the author, not the publisher. Websites identified are for reference only, not endorsement, and any website visits are at the reader’s own risk. No responsibility for loss or damage occasioned to any person acting, or refraining from action, as a result of the material in this publication can be accepted by the publisher or the author.

Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form, or by any means, with the prior permission in writing of the publisher or, in the case of reprographic reproduction, in accordance with the terms of licences issued by the Copyright Licensing Agency. Enquiries concerning reproduction outside those terms should be sent to the publisher at the following address:

IT Governance Publishing Ltd

Unit 3, Clive Court

Bartholomew’s Walk

Cambridgeshire Business Park

Ely, Cambridgeshire

CB7 4EA

United Kingdom

www.itgovernancepublishing.co.uk

© Alan Calder 2018

The author has asserted the rights of the author under the Copyright, Designs and Patents Act, 1988, to be identified as the author of this work.

First published in the United Kingdom in 2018 by IT Governance Publishing.

ISBN 978-1-78778-050-7

ABOUT THE AUTHOR

Alan Calder is the founder and executive chairman of IT Governance Ltd (www.itgovernance.co.uk), an information, advice and consultancy firm that helps company boards tackle IT governance, risk management, compliance and information security issues. Alan is an acknowledged international cyber security guru and a leading author on information security and IT governance issues. He has many years of senior management experience in the private and public sectors.

CONTENTS

Introduction

Background

A note on Brexit

Guidance

Key definitions

Scope and applicability

Online marketplaces

Online search engines

Cloud computing services

Self-identification

Some special cases

Operators of essential services

Authorities and bodies

Competent authorities

CSIRTs

Single points of contact

Cooperation Group

Powers and penalties

Complying with the Directive

Minimum security measures

Appropriate to the risk

Technical and organisational measures

International standards

Implementing cyber resilience

ISO 27001 and ISO 27002

Standards for Cloud services

ISO 22301

ISO 27035

Combining standards

Appendix: Mapping of ENISA’s Technical Guidelines and ISO 27001 Annex A

Further reading

INTRODUCTION

Technology has brought us into a world that many of us only poorly understand. While we may have some grasp of this technology, there is often a lack of real understanding as to how these technologies work and interact. A few decades ago, we understood that if the water levels fell then the hydroelectric plant would not be able to generate electricity. We knew that interchanges connected our phones to other phones elsewhere in the world. We had some appreciation of the fact that supermarkets and other retailers would have to call suppliers and wholesalers in order to have food delivered. Essential services and infrastructure were quite simple to understand.

Nowadays, so much has been automated and interlinked that it can be difficult to understand how our phone calls are connected or where our power comes from. Most people do not need to really understand how society continues to function. They do not need to know that RFID chips attached to crates of fruit make sure there is always fresh fruit on supermarket shelves. The electricity grid is driven by hundreds of power stations, with the flow managed, surpluses stored and shortfalls accounted for automatically. Our phones connect to remote cell towers and flicker between them to maintain the best possible connection.