We’re excited to share that Data Core Systems has been officially recognized as an authorized auditor for the NIS Directive by the National Cyber Security Directorate (DNSC). We are now better equipped to guide organizations through the complexities of compliance, ensuring they are well-protected against potential cyber risks.
Meet Our Expert: Valentin Soare
A key figure behind this accreditation is Valentin Soare, whose deep expertise and DNSC recognition as an auditor are invaluable to our mission of helping organizations comply with the NIS Directive. With over 15 years of hands-on experience in cybersecurity, Valentin has worked on a wide range of national and international projects. Currently, he leads our Security Operation Center (SOC), where he not only develops advanced security strategies but also guides and mentors a talented team of specialists.
Valentin’s dedication to excellence in cybersecurity is evident through his impressive array of certifications. He is a DNSC Certified Cybersecurity Auditor, a Certified Information Security Manager (CISM) from ISACA, and a Certified Information Systems Security Professional (CISSP) through ISC2. His expertise also extends to being an ISC2 Certified Cloud Security Professional (CCSP), a GIAC Security Leadership Certification (GSLC) holder, and an OffSec Wireless Professional (OSWP). Additionally, he is a CompTIA Cybersecurity Analyst (CySA+) and a Certified Ethical Hacker (CEH) from EC-Council. These credentials reflect his commitment to upholding the highest industry standards and providing expert cybersecurity guidance to our clients.
Understanding the NIS Directive
The Network and Information Systems (NIS) Directive, known formally as Directive (EU) 2016/1148, is a crucial piece of EU legislation aimed at boosting cybersecurity across member states. It focuses on three main areas:
- Enhancing National Cybersecurity Capabilities:
- Every EU member state is required to develop a national strategy for network and information systems security.
- Member states must appoint competent authorities to oversee the directive’s implementation and enforcement.
- Each state must establish Computer Security Incident Response Teams (CSIRTs) to manage cybersecurity incidents.
- Fostering Cross-Border Collaboration:
- A Cooperation Group facilitates strategic collaboration and information sharing among member states.
- The CSIRT Network encourages swift and effective operational cooperation in handling cybersecurity incidents.
- Securing Critical Sectors:
- Essential service operators in sectors like energy, transport, banking, healthcare, and digital infrastructure must implement strong security measures and report significant incidents.
- Digital service providers, including online marketplaces and cloud services, are also required to ensure their systems’ security and report significant incidents.
Introducing NIS2: A Stronger Cybersecurity Framework
Recognizing the evolving landscape of cyber threats, the EU has introduced an updated version of the directive, known as NIS2 (Directive (EU) 2022/2555). NIS2 addresses gaps in the original directive and strengthens the overall cybersecurity framework. Key improvements include:
- Expanded Coverage: NIS2 now includes additional sectors like manufacturing of critical products, public administration, and space, and applies to medium and large entities to ensure broader protection.
- Stricter Security Measures: Organizations must adopt comprehensive risk management practices, including supply chain security, encryption, access controls, and vulnerability handling. Incident reporting has also been enhanced, requiring an initial notification within 24 hours and a detailed report within one month.
- Improved Governance: Member states must regularly update their national cybersecurity strategies and clearly define the roles and responsibilities of their competent authorities and CSIRTs. Enhanced cooperation mechanisms among member states and EU institutions are also a key feature.
- Increased Penalties: Non-compliance with NIS2 can lead to significant fines, with sanctions proportional to the breach’s severity and the entity’s size. Accountability at the management level for cybersecurity risks is also emphasized.
Why Partner with Data Core Systems?
Data Core Systems is perfectly positioned to help your organization navigate the complexities of both the NIS Directive and NIS2. Our auditing services are designed to ensure your network and information systems are secure, resilient, and fully compliant with the latest regulatory requirements.
When you partner with Data Core Systems, you gain:
- Expert Guidance: Leverage the deep knowledge and experience of a DNSC-accredited auditor who understands the intricacies of both the NIS Directive and NIS2.
- Customized Solutions: Get tailored recommendations and strategies that address your unique cybersecurity needs and regulatory obligations.
- Peace of Mind: Rely on our unwavering commitment to upholding the highest levels of security and regulatory compliance, ensuring your organization is both protected and compliant.
For more information on how we can assist with your cybersecurity needs, don’t hesitate to reach out. Together, we can build a safer, more secure digital future.