Daniel Kallstenius’ Post

CRA is now a regulation! 👉🏻 The Cyber Resilience Act (CRA) became a regulation on November 20, published in the Official Journal of the European Union (OJEU). This regulation applies to all products with digital components and mandates that "vulnerability handling" requirements be fulfilled within 21 months from the publication date. Additionally, all other "essential cybersecurity" requirements must be met within 36 months. 👉🏻 There are slight differences between the initial proposal published in 2022 (EU/2022/0272) and the final regulation (EU/2024/2847). Notably, the proposal's requirement to "place products on the market without known vulnerabilities" has been replaced by a clause related to "cybersecurity assessment," affecting the numbering of essential requirements. Security upgrades, previously listed last in the proposal, are now placed higher in the regulation. 👉🏻 A new clause has been added to align with other cybersecurity regulations and the EU Data Act. This clause requires entities to provide options for permanently removing or securely transferring all user data. This aims to ensure data protection, safe storage, implementation of the "right to be forgotten," secure data transfer, interoperable use, and integrated data use for generating meaningful new insights. 👉🏻 The compliance process has begun, and entities must evaluate and prepare organizationally to meet these new requirements. Time is ticking for compliance! #CRA #CyberResilienceAct #essentialrequirements #productsecurity #compliance

NIS2 represents a pivotal advancement in fostering cybersecurity and bolstering resilience across Europe's digital landscape, are you ready? NIS2 takes effect across the EU from 18 October 2024. The Directive (EU) 2022/2555 (‘NIS2’) is EU-wide legislation on cybersecurity that provides legal measures to increase the overall level of cybersecurity in the EU. Public and private sector organisations must now determine its impact on their current cybersecurity posture, identify their compliance roadmap and understand the far reaching consequences of non-compliance – which includes stricter supervision and enforcement, administrative fines and personal responsibility for senior executives. Are you ready for NIS2, are you prepared? To have a confidential and informed conversation across the full lifecycle of the directive, from the perspective of law, technology, risk, people, organisational change and cyber connect with our team of experts Ronan Walsh, Graham Reid, Tom Slattery, John Ward, Hugh Callaghan, Carol Murphy, Robert Haniver, Ian Fahey, Jason Guy, Rebecca H., Peter Sheerin and Neha Agrawal. #nis2 #cyber #europe #digitalsecurity Emma Moriarty Kate H. Bhaswati Mukhopadhyay https://shorturl.at/opwyL

Yesterday, NIS2 should have been implemented by all Member States. As you can see in our blog, quite some countries are too late and are still in the progress of getting their legislation ready! Quite remarkable I would as say as cyber resilience is considered so important.

The federal government is facing a backlog of over 200,000 FOIA requests 👀 In order to catch up, agencies need a data risk management platform that will elevate their capabilities around #discovery, #privacy, #datagovernance, #digitalforensics and #cybersecurity compliance. We teamed up with GovLoop in this resource to cover market trends and best practices surrounding risk and compliance. Read it here:

https://lnkd.in/eYiRXBvu Great insights from John. Some salient points.. 1. The NIS2 Directive went into effect January 2023. EU member states were imposed a deadline of Oct. 17, 2024, to transpose the directive into law. 2. “Costs could approach €10 billion (US$10.9 billion) annually, EU-wide,” according to Wright. “However, ISO 27001 certified entities have a head start, with approximately 70% of NIS2 requirements already covered.” 3. The measures required by NIS2, such as cyber risk management, supply chain security, and business continuity, are good business practices that enhance organisational resilience. 4. Businesses may need to consider NIS2 alongside other national, regional, and international regulations such as DORA (the EU’s Digital Operations Resilience Act), GDPR, and the EU AI Act.

🌐 As our reliance on network and information systems continues to grow, there is increasing need for a more secure and resilient cyber posture. This idea was echoed yesterday by 🔐 Peter GEELEN while discussing the impact of NIS2 Directive on businesses at the cybersecurity workshop organised by #CyberWayFinder. ⚖️ The NIS2 Directive, officially published by the Council and the European Parliament in December 2022 to strengthen cybersecurity across the Union, is a successor to the first NIS Directive. In Belgium, upon completion of the transposition procedure, NIS2 Directive is expected to enter into force by October 2024. 💻 This new directive addresses the key limitations of the former by improving sector coverage, incident response reporting, vulnerability disclosures, and enhancing (EU) cross-border cooperation. 🔐Businesses are obliged take measures to improve safety and resilience of their processes and services through data backup and disaster recovery plan, risk management strategies, incidence reporting (including near-misses), amongst others. 💡Furthermore, entities may embrace security frameworks such as relevant #ISO standards to comply with the directive as non-compliance attracts sanctions from temporary shutdown to huge financial penalties. Big thanks to 🔐 Peter GEELEN for the insights, and to CyberWayFinder for hosting the event. Useful links: https://lnkd.in/e7HQ8sbG https://lnkd.in/efe7MXsD

The federal government is facing a backlog of over 200,000 FOIA requests 👀 In order to catch up, agencies need a data risk management platform that will elevate their capabilities around #discovery, #privacy, #datagovernance, #digitalforensics and #cybersecurity compliance. We teamed up with GovLoop in this resource to cover market trends and best practices surrounding risk and compliance. Read it here:

For most organizations, the pressure, cost, and effort required to sustain compliance have never been higher.   Join our experts, who will discuss best practices that organizations are using to ensure essential compensating controls are in place for when the next audit or mandate deadline comes along.   Thales and Imperva have come together to provide you with the information and solutions you need to achieve end-to-end data protection, maintain compliance, and reduce risk.   #datasecurity #cybersecurity #informationsecurity #cloudsecurity

Now available on demand. Romain Deslorieux and Terry Ray covering the latest on #DORA #PCI and applying #NISTCSF2 as a guide to help reduce data security risk.

The federal government is facing a backlog of over 200,000 FOIA requests 👀 In order to catch up, agencies need a data risk management platform that will elevate their capabilities around #discovery, #privacy, #datagovernance, #digitalforensics and #cybersecurity compliance. We teamed up with GovLoop in this resource to cover market trends and best practices surrounding risk and compliance. Read it here: