HU

Strict rules, severe sanctions!

NIS 2 compliance - be prepared in time

The NIS 2 Directive is a European Union regulation aimed at increasing cyber security and reducing the threat to priority sectors. The deadline for compliance with the regulation is 18 October 2024.

Our Cybersecurity team at United Consult will help your organization in the entire preparation process, from the security assessment to the design, implementation and operation of the processes, policies and tooling needed for the appropriate level of certification of your organization.

Prevent administrative fines of up to several million euros, contact our cybersecurity experts.

Consultation
More on the process

Which sectors are affected by the NIS 2 Directive?

The scope of the directive includes actors in risk and critical sectors.

Critical sectors: energy, transport, healthcare, drinking water, waste water, communication service, digital infrastructure, outsourced ICT services, space-based service.

Risk sectors: postal and courier services, food production, processing and distribution, waste management, production and distribution of chemicals, production, digital service providers, research.

What are the cybersecurity requirements for NIS 2?

The NIS2 directive and its member state, i.e .Hungarian, legislative implementation stipulate that organizations falling under its scope must meet certain cyber security requirements.

These requirements are detailed in the law 2023/XXIII., the essence of which are the application of risk management and the creation of risk-proportionate protection. The main points of the requirements are risk analysis and management, detection of and reaction to cyber security incidents, as well as their appropriate reporting; access management, use of encryption and ensuring the continuity of business processes during and after cyber security incidents.

What sanctions can you expect if you do not comply with the NIS 2 directive?

Deadline:

18 October 2024

Organizations that do not comply with the NIS2 directive and its national (Hungarian) legal interpretation must expect the following consequences:

  •  Warning
  • Correcting deficiencies revealed during the audit
  •  Financial penalty up to €10,000,000 or 2% of the total worldwide annual turnover of the preceding financial year, whichever is higher. (more details: here)
  •  Informing the organization’s customers about non-compliance with the requirements
  • Prohibition from activities affected by the lack of security in the given area.

Important deadlines:

30 June 2024 – Registration of organizations
18 October 2024 – Deadline for compliance with the requirements

Briefly about the NIS 2 Directive

The scope of the directive includes actors in risk and critical sectors.

Critical sectors:

  • energy,
  • transport,
  • healthcare,
  • drinking water,
  • waste water,
  • communication service,
  • digital infrastructure,
  • outsourced ICT services,
  • space-based service.

Risk sectors:

  • postal and courier services,
  • food production,
  • processing and distribution,
  • waste management,
  • production and distribution of chemicals,
  • production,
  • digital service providers,
  • research.

The NIS2 directive and its member state, i.e .Hungarian, legislative implementation stipulate that organizations falling under its scope must meet certain cyber security requirements.

These requirements are detailed in the law 2023/XXIII., the essence of which are the application of risk management and the creation of risk-proportionate protection. The main points of the requirements are risk analysis and management, detection of and reaction to cyber security incidents, as well as their appropriate reporting; access management, use of encryption and ensuring the continuity of business processes during and after cyber security incidents.

30 June 2024 – Registration of organizations
18 October 2024 – Deadline for compliance with the requirements

Organizations that do not comply with the NIS2 directive and its national (Hungarian) legal interpretation must expect the following consequences:

  •  Warning
  • Correcting deficiencies revealed during the audit
  •  Financial penalty up to €10,000,000 or 2% of the total worldwide annual turnover of the preceding financial year, whichever is higher. (more details: here)
  •  Informing the organization’s customers about non-compliance with the requirements
  • Prohibition from activities affected by the lack of security in the given area.

Our Services

Our team at United Consult helps your organization in the entire preparation process, from the security assessment to the design, implementation and operation of the processes, policies and tooling needed for the appropriate level of certification of your organization. Our thorough preparation process and the expertise of our staff ensure your organization’s NIS2 compliance.

An organisation faces many cyber security tasks and challenges in its lifetime. With the following services, we strive to support our customers in facing the challenges of NIS 2 compliance at a high level:

  • Security Posture Assessment (SPA)
  • Secure by Design architecture consulting, planning and operation
  • Security Operation Center as a Service (SOCaaS)
  • Penetration testing and vulnerability scannig, on an occasional or regular basis
  • Policy writing and process consulting (CSB, DR, BCP)
  • Introduction of risk management framework
  • Design, implementation and operation of IAM and MFA
Consultation

Certifications

2023_10_01_cyber_sec_certification_CISSP
2023_10_02_cyber_sec_certification_cisa
2023_10_03_cyber_sec_certification_cism_isaca
2023_10_04_cyber_sec_certification_ISO27001
2023_10_04_cyber_sec_certification_OSCP
2023_10_06_cyber_sec_certification_NSE1
2023_10_07_cyber_sec_certification_NSE2
2023_10_07_cyber_sec_certification_NSE3
2023_10_07_cyber_sec_certification_NSE4
2023_10_07_cyber_sec_certification_NSE5

Preparation process in 6 steps

1st step
Security Posture Assessment (SPA)

During the assessment, we examine the domains relevant to the NIS2 directive, so that both you and our team can learn about the organization's current cyber security maturity.

2nd step
Certification level requirements

Based on the assessment, we adjust the individual explored areas to the organization's certification level and determine which requirements must be fulfilled for NIS2 certification.

3rd step
GAP analysis

During the analysis, we assess the gaps between the current security maturity and the requirements for the appropriate certification level of your organization, which forms the basis of a transparent action plan.

4th step
Roadmap creation

We prepare a roadmap and project proposal for the gaps revealed, which includes a list of the domains that need further development. The roadmap contains a set of logical and sequential steps of the implementation.

5th step
Implementation

Our team at United Consult prepares the necessary policies based on the roadmap, helps your organization in the development of required processes as a strategic partner, and designs, implements and operates the architecture of the required security tooling.

6th step
Ready for certification!

At the end of the process, your organization is completely ready to have its relevant certification level audited by the authorized body.

Have questions?

Our team is ready to assist you!

Call us!

contact_photo

Csilla Deák-Nagy

Sales Development Manager

 +36 20 823 5783

You can contact us quickly and directly with any questions you may have.

Click to dial

E-mail us!

After sending the form, we will contact you.

Who are we?

We are United Consult!

More than 20 years ago, the dream of a small group of 16 friends came true with our first successful project. Today with 300+ senior professionals, we have been supporting our partners in the introduction of products and services including development, implementation and testing. We cover a wide range of IT services, thus we lead in supporting processes across various fields e. g. big data, cybersecurity, software development and development with DWH.

Having concluded a number of Hungarian and international projects, we are aware of the demands that enterprises of various sizes and profiles might have. Thus our consultant colleagues are always able to recommend solutions that fit the requirements of the project.

United Consult Zrt. © 2024 All rights reserved

  • Több mint 20 év IT tapasztalat
  • Kiberbiztonsági szakértelem
  • Adatvédelmi és technológiai jogi ügyvédi támogatás

Kérje NIS 2 feladatértelmező tájékoztatónkat!

Töltsd ki az űrlapot és már küldjük is az előadás linkjét!

Töltsd ki az űrlapot és már küldjük is az előadás linkjét!