What is NIS 2?
NIS 2 is the current, updated version of the Network and Information Systems Directive (EU) 2022/0383 (NIS 2). This Directive is designed to boost the overall level of cybersecurity within the EU. It applies to all member states of the EU (and, both public, and private entities within the EU) by requiring them to be appropriately prepared for cybersecurity incidents and their response to any incidents.
This is to be delivered through ensuring cooperation amongst member states, and by ensuring a culture of security across vital economic sectors within those states, such as energy, water, transport, banking and other financial market infrastructures, healthcare and digital infrastructure.
Cybersecurity Risk Management
All entities who provide these essential services must have (amongst other requirements) documented cybersecurity risk analysis, vulnerability management and ICT supply chain security policies.
The emphasis in NIS 2 in addressing supply chain security, does mean that businesses who are outside of the direct scope of NIS 2 may also be impacted; their vulnerabilities and security policies and policies and processes must also be considered.
In-scope entities must also adopt adequate technical, operational and organisational measures, proportional to “the degree of the entity’s exposure to risks, its size and the likelihood of occurrence of incidents and their severity, including their societal and economic impact”. NIS 2 expects entities to undertake a risk assessment to determine what measures are appropriate.
How can Vicarius vRx help?
vRx can assist both providers of essential services, and organisations who are part of the supply chain to these providers, to address some of these requirements.
Risk analysis & prioritisation:
vRx is a cloud based solution, with agents running on managed endpoints. These agents provide accurate insights into your digital footprint through vRx’s real-time asset visibility with an exhaustive catalogue of active servers and workstations, and the Operating Systems and Applications running on those systems.
With full visibility into the endpoints, vRx will first of all identify the vulnerabilities present in the environment. Then vRx's Asset Risk Analysis engine ranks the vulnerabilities of any deployed asset in your organisation, providing a risk score based on their level of analysed risk and exposure, specific to your unique environment.
Threat analysis and prioritisation isn’t a one-size-fits-all deal and CVSS scores don’t consider an organisation’s unique infrastructure. Contextual factors play a much larger role in the overall threat of a vulnerability than other risk management solutions take into account.
vRx's x_tags give you a real-time, contextually based report that highlights the real threats so that IT and infosec teams can confidently prioritise risk remediation. Each xTag defines a contextual execution property of an application on an asset. x_tags help prioritise threats using context-based properties like prioritisation parameters, access authority and activity status in order to determine the risk level of every application and asset in your organisation.
Reporting
vRx also has full reporting capabilities in order to provide wider visibility to ensure information can be shared between departments and organisations to keep all stakeholders in the loop, with automated scheduling of reports. vRx provides extensive, and flexible reports based around all aspects of vulnerabilities, risk, remediation and associated events which are seen within the dashboard.
Click here for a trial of vRx.
