The decree applies to Essential Services Operators (OSE) and Digital Service Providers (FSD). The OSE are the subjects, public or private, that provide essential services for society and the economy in the health, energy, transport, banking, financial market infrastructures, drinking water supply and distribution and infrastructures sectors. digital. FSDs, on the other hand, are the legal entities that provide e-commerce, cloud computing or search engine services, with their main establishment, registered office or designated representative on the national territory. Both the "OSE" and the "FSD": Architectural job descriptions
they are called upon to adopt adequate and proportionate technical and organizational measures for risk management and to prevent and minimize the impact of accidents affecting the security of networks and information systems, in order to ensure continuity of service.
have the obligation to report, without undue delay, accidents that have a significant impact (according to the individual definitions of the reference sector), respectively on the continuity and on the provision of the service, to the Italian Computer Security Incident Response Team (CSIRT), also informing the competent NIS reference authority.
DNV GL can support both subjects in pursuing compliance with the requirements of the NIS Directive, which are mandatory and also punishable. The addendum to the decree implementing the NIS, in fact, the dl of 21 September 2019, n. 105 which deals with the "Urgent provisions concerning the cybernetic national security perimeter", establishes the penalties for failure to comply with regulations which are particularly significant: eg. failure to comply with the obligations to prepare and update the list of networks, information systems and IT services referred to in paragraph 2, letter b), is punished with an administrative fine of between € 200,000 and € 1,200,000.
What are the advantages of a verification by DNV GL?
A verification by DNV GL is useful for identifying the limits of an organization's cyber security programs, supporting it in the prioritization of objectives and in the path taken to obtain complete compliance with mandatory legislation, by identifying the level current compliance with current requirements and best industry best practices. The main benefits deriving from third-party and independent evaluations help companies to answer crucial questions, concerning:
what losses can be catastrophic for the organization;
how long the organization can last;
what information cannot end up in the wrong hands;
what is the role of the organization in the socio-economic system;
what damage would cause serious disruption by the organization.
The implementation of a Cyber Risk Management process is crucial for organizations because, to date, it can make the difference between success and failure for a cutting edge company.
What types of companies does it apply to?
The areas of competence are:
Energy sector - Electricity, gas and oil subsectors
Digital infrastructure sector
Digital services
Transport sector - Air transport, rail transport, water transport and road transport sub-sectors
Banking sector
Financial market infrastructure sector
Healthcare sector
Drinking water supply and distribution sector
The DNV GL methodology
DNV GL makes its experience available to companies in the field of process analysis and risk assessment to guarantee the achievement of compliance objectives through a methodological approach that follows
Verification and analysis of the main critical assets and processes, underlying the essential services
Verification of risk analyzes (process, outsourcing, IT, OT) for each identified process / asset
Verification of the classification and mapping of the detected risks to assess their degree of consistency with the exposure
Business Impact Analysis assessment (focused on the consequences of higher value risks
Assessment of the action plan to mitigate the heat
Evaluation of the contents in relation to the tables of the National Framework provided for the specific OSE / FSD Guidelines
they are called upon to adopt adequate and proportionate technical and organizational measures for risk management and to prevent and minimize the impact of accidents affecting the security of networks and information systems, in order to ensure continuity of service.
have the obligation to report, without undue delay, accidents that have a significant impact (according to the individual definitions of the reference sector), respectively on the continuity and on the provision of the service, to the Italian Computer Security Incident Response Team (CSIRT), also informing the competent NIS reference authority.
DNV GL can support both subjects in pursuing compliance with the requirements of the NIS Directive, which are mandatory and also punishable. The addendum to the decree implementing the NIS, in fact, the dl of 21 September 2019, n. 105 which deals with the "Urgent provisions concerning the cybernetic national security perimeter", establishes the penalties for failure to comply with regulations which are particularly significant: eg. failure to comply with the obligations to prepare and update the list of networks, information systems and IT services referred to in paragraph 2, letter b), is punished with an administrative fine of between € 200,000 and € 1,200,000.
What are the advantages of a verification by DNV GL?
A verification by DNV GL is useful for identifying the limits of an organization's cyber security programs, supporting it in the prioritization of objectives and in the path taken to obtain complete compliance with mandatory legislation, by identifying the level current compliance with current requirements and best industry best practices. The main benefits deriving from third-party and independent evaluations help companies to answer crucial questions, concerning:
what losses can be catastrophic for the organization;
how long the organization can last;
what information cannot end up in the wrong hands;
what is the role of the organization in the socio-economic system;
what damage would cause serious disruption by the organization.
The implementation of a Cyber Risk Management process is crucial for organizations because, to date, it can make the difference between success and failure for a cutting edge company.
What types of companies does it apply to?
The areas of competence are:
Energy sector - Electricity, gas and oil subsectors
Digital infrastructure sector
Digital services
Transport sector - Air transport, rail transport, water transport and road transport sub-sectors
Banking sector
Financial market infrastructure sector
Healthcare sector
Drinking water supply and distribution sector
The DNV GL methodology
DNV GL makes its experience available to companies in the field of process analysis and risk assessment to guarantee the achievement of compliance objectives through a methodological approach that follows
Verification and analysis of the main critical assets and processes, underlying the essential services
Verification of risk analyzes (process, outsourcing, IT, OT) for each identified process / asset
Verification of the classification and mapping of the detected risks to assess their degree of consistency with the exposure
Business Impact Analysis assessment (focused on the consequences of higher value risks
Assessment of the action plan to mitigate the heat
Evaluation of the contents in relation to the tables of the National Framework provided for the specific OSE / FSD Guidelines
No comments:
Post a Comment