Publication du rapport d'activité 2024 de l'ANSSI: https://cyber.gouv.fr/actualites/lanssi-publie-son-rapport-dactivite-2024

Au menu: Jeux Olympiques et Paralympiques de #Paris2024, directive #NIS2, nouvelle mission Contrôles et Supervision (et plein d'autres choses)

“I love deadlines. I love the whooshing noise they make as they go by.” – Douglas Adams

Happy NIS2 deadline wooshing by day!

“Article 3(4) of Directive (EU) 2022/2555 refers to Article 3(3) of that Directive, which requires the Member States to establish a list of essential and important entities, as well as entities providing domain name registration services, by 17 April 2025. Member States must review and, where appropriate, update that list regularly and at least every two years thereafter.”

“According to Article 3(5) of Directive (EU) 2022/2555, by 17 April 2025 and every two years thereafter, Member States must notify the Commission and the Cooperation Group, at least the number of essential and important entities listed pursuant to Article 3(3) of that Directive for each sector and subsector referred to in Annexes I and II of the Directive”

Can, should the #EU step in with filling the gap left behind by #MITRE & #CVE ?

Sure: this is clearly for the public good, and plays nicely with the work on #CRA #PLD #NIS2 etc.

A key problem is the sheer velocity: destruction via tyranny&fascism is fast, building up structures via democratic processes relatively slow.

The EU needs a Fast Track Program to respond to the chaos of the US. The time is ... yesterday.

Bestuurders krijgen met de #NIS2 te maken met een persoonlijke (civiele) bestuurdersaansprakelijkheid voor #informatiebeveiliging. Laten we de rol van bestuurder wel aantrekkelijk houden voor mensen met bestuurlijke kwaliteiten, stelt Walter Van Holst.

https://ibestuur.nl/artikel/houd-de-bestuurdersrol-aantrekkelijk/

From ISO to NIS2 – Mapping Compliance Requirements Globally https://gbhackers.com/iso-to-nis2/ #CyberSecurityNews #cybersecurity #NIS2 #ISO

NIS2: De gamechanger in cybersecurity! Directieleden, bereid je voor op persoonlijke aansprakelijkheid. Is jouw organisatie al klaar voor deze revolutie? #Cybersecurity #NIS2  
https://itinsights.nl/van-de-redactie/cybersecurity-bestuurlijke-revolutie-door-nis2-wetgeving/

Soluzioni di controllo accessi: fondamentali per la compliance NIS2. A secsolutionforum speech di Mauriello (Genetec): A secsolutionforum, l’unico evento digitale rivolto ai professionisti della sicurezza, giunto oggi, 11 aprile, alla terza giornata di live streaming, interviene...
#secsolutionforum #sicurezzafisica #sicurezzalogica #NIS2 #controlloaccessi http://dlvr.it/TK5W1G

#NIS2-Umsetzung verzögert sich – Unternehmen müssen trotzdem handeln | iX Magazin https://www.heise.de/hintergrund/NIS2-Umsetzung-verzoegert-sich-Unternehmen-muessen-trotzdem-handeln-10345213.html

Celebration time! We’ve just passed the external audit for ISO 27001 (Information Security), ISO 14001 & ISO 9001 (Environmental & Quality Management) and full readiness for NIS2 and NEN7510. This isn’t just about compliance. It’s about staying true to our founding promise: Give people and businesses control over their communications, data, and digital identity. #DigitalSovereignty #ISO #CyberSecurity #SustainableTech #IndependentCloud #NIS2

#Datensicherheit in der #Politik - wenn die #Dropbox immer noch der Goldstandard ist: Schon die gescheiterte #NIS2-Umsetzung hat im vergangenen Jahr gezeigt, dass das Thema #Cybersecurity definitiv noch nicht nicht überall in der Politik angelangt ist. Nun wurden im Rahmen einer Recherche über 500 Darknet-Datenleaks von Politiker:innen festgestellt - u.a. für Dropbox. In einem Fall konnten gar 14 Passwörter im Klartext einer Einzelperson zugeordnet werden:

https://www.golem.de/news/grossteil-im-klartext-passwoerter-deutscher-politiker-im-darknet-entdeckt-2504-195217.html

Es bestätigt sich immer mehr: Die #Politik und #Verwaltung hat die größten #IT #Sicherheitslücken und ist somit die größe „Systemlücke“ im bundesweiten #Datenschutz #DSGVO #NIS2 #SOR … Gibt es eine Gegenrede?

Interested in a NIS2 Readiness Assessment

EU has released NIS2 to all countries within the European Union. In 2024 NIS will be adopted to local law enforcement and become relevant for a large amount of companies. Check Point can help you preparing your company for NIS2 and assist you in improving your security standards and procedures.

A team of senior Check Point consultants will analyze your business for compliance with the NIS2 directive. The assessment is typically done on site but can also be performed remotely on request. We will summarize the findings in a report and provide a recommended action plan to increase compliance with the NIS2 directive.

Benefits:

Determine what areas of your cyber landscape are impacted
Get an overview of the necessary technical requirements
Present the processes needed for full compliance
Risk management
Asset management
Business continuity management
Vulnerability management
Supply chain management
Incident response procedures
Current security architecture and controls review
Obtain details to help train your security team

https://www.checkpoint.com/services/infinity-global/nis2-readiness-assessment/

Umsetzung von #NIS2 verzögert sich, doch das Gesetz gilt ohne Übergangsfrist, sobald es in Kraft tritt. https://www.heise.de/hintergrund/NIS2-Umsetzung-verzoegert-sich-Unternehmen-muessen-trotzdem-handeln-10345213.html

@privacyDE: „IT-Angriffe auf Systeme mit personenbezogenen Daten gelten als Datenschutzvorfälle. BSI-Chefin Plattner fordert den BSI-Grundschutz, der auch datenschutzrechtliche Anforderungen abdeckt, durchgängig in der Verwaltung. Mangelnde Regelungen im IT-Schwachstellenmanagement stellen ein Risiko für IT-Sicherheit und betroffene Personen dar.“

#TeamDatenschutz

In parallel to a boycott of mainstream US products by EU citizens to push back on Trump tariffs, a New big deal should be negotiated now between EU, japan, Vietnam and China related to GPUs and other electronics needed to rebuilt EU computer industry for scientific theoritical and applied computer/AI research, quantum cryptanalysis/cryptography, space satellites belts, and supporting serious EU scientific's no commercial bullshit AI with both civil and military defense applications.

Opt out of US cloud should start now with EU Datacenters belonging to companies whose shareholders and applications hosted must remain EU based (only submitted to EU laws and EU companies only operating controls (continuity). This should be part of DORA and other cybersecurity regulations (NIS2, GDPR). GDPR could be relaxed, but only for complete EU sovereign stack (AI algorithmes, AI framework, application/middleware/datacenters, locations, shareholders,...).

Diversity in supply chains and enhanced autonomy of actions in business, science and war is required in those complex times.

Not all eggs in the same basket.

Nobody must be in position to disrupt remotely by design the EU business, society and military intelligence, decisions making and execution processes.

Ooda loop confidentiality, integrity and availability must become at light speed 100% sovereign in current and immediate future context. Tools that are close to Trump/musk such as palantir should not be used by EU critical insfrastructures/businesses as the information they collect on EU business, military and citizens could be used in nefarious ways and these tools (like other AI tools) learn a lot of their users/gov concerns/plans by observing the questions asked to them.

Heute habe ich für @hisolutions beim Bitkom Roundtable Digitale #Luftfahrt erklärt:

Was bedeutet die Umsetzung der #NIS2-Richtlinie für den #Luftverkehr?

Danke an Felix Lennart Hake und Felix Kuhlenkamp für die Einladung und Martin Zobel vom @bsi für seinen tollen Vortrag! :)

A secsolutionforum: NIS2 e GDPR, sinergie normative per la sicurezza logica e fisica integrata: A secsolutionforum, l’unico evento digitale della sicurezza che da domani fino all’11 aprile alza nuovamente il sipario sui nuovi scenari della sicurezza...
#secsolutionforum #sicurezzafisica #sicurezzalogica #NIS2 #GDPR http://dlvr.it/TK1mnk

Der Podcast @DieSicherheits_luecke soll Wissenslücken füllen – mit praxisnahen Einblicken und verständlichen Erklärungen rund um #Cybersicherheit.

In der aktuellen Episode zu Gast ist @kenji, der als Teil des GI-Präsidiums die Empfehlungen und Positionen der GI mitgestaltet. Er und die Hosts Volker Skwarek, Monina Schwarz und Ingo Timm nehmen die #NIS2 unter die Lupe, die IT-Sicherheit in der EU verbessern soll.

Hier reinhören https://www.sicherheitsluecke.fm/5-nis-2-kipker

Neue Folge von @DieSicherheits_luecke! Zu Gast ist @kenji und es geht um #NIS2: Entstehung, Zuschnitt, Besonderheiten und bevorstehende Umsetzung der EU-Richtline zu #Cybersicherheit im deutschen Recht.

Keine Folge mehr verpassen? Abonniert Die Sicherheits_lücke überall dort, wo es Podcasts gibt. Alle Links hier: https://www.sicherheitsluecke.fm

Sneak peak #EUVD: https://euvd.enisa.europa.eu