Field notes from the SOC and the audit room.
Two new posts a month. Written by the people who run the platform.
National Cybersecurity Strategies Under NIS2: What Article 7 Requires
NIS2 Article 7 requirements for national strategies: policy framework, sectoral governance, research, and risk assessment mandates for Member States.
NIS2 for MSPs and MSSPs: From Vendor to Regulated Entity
NIS2 scope for MSPs and MSSPs: understand how managed service providers become regulated entities under Annex I, Sector 9.
NIS2 and GDPR: Where Cybersecurity Meets Data Protection
Understand NIS2-GDPR overlap: how cybersecurity obligations under NIS2 Articles 21, 35 complement GDPR Articles 32, 33-34 data protection requirements.
What Makes an Incident 'Significant'? Understanding the Reporting Threshold
Understand NIS2's significant incident threshold under Article 23(3): criteria for mandatory 24-hour reporting to authorities and CSIRTs.
NIS2 for Transport: Aviation, Rail, Maritime, and Road
NIS2 for transport sector: understand obligations for aviation, rail, maritime, and road operators under Annex I, Sector 2.
The NIS2 Institutional Architecture: Authorities, CSIRTs, and Contact Points
Understand NIS2's governance structure: competent authorities, CSIRTs, single contact points, and their roles in incident response and coordination.
Administrative Fines Under NIS2: The EUR 10M and EUR 7M Frameworks
Understand NIS2 administrative fines under Articles 34-35: EUR 10 million for major violations, EUR 7 million for non-compliance. Enforcement, appeals, and mitigation.
NIS2 for Healthcare: Hospitals, Pharma, and Medical Device Manufacturers
NIS2 for healthcare sector: understand obligations for hospitals, pharmaceutical manufacturers, and medical device makers under Annex I, Sector 5.
NIS2, CER Directive, and DORA: Navigating Overlapping Frameworks
Navigate overlapping EU cybersecurity regulations: NIS2, DORA, and CER. Understand scope, Article 4 distinctions, and governance architecture.