NIS2 Gap Analysis

Get overview on where to raise your security posture in order to be compliant with NIS2 requirements

Organizations that provide essential services and infrastructure in the EU, must be fully compliant with the NIS2 Directive by mid-2024. (Learn how to determine if your company in impacted below). To bolster Europe’s resilience against current and future cyber threats, the NIS2 Directive requires business take accountability in four overarching areas: risk management, corporate accountability, reporting obligations, and business continuity. Furthermore, NIS2 includes a list of 10 mandates organizations must take to minimize cyber risks. These mandates include establishing incident management, stronger supply chain security, enhanced network security, better access control, and encryption.

 

To prepare for compliance, businesses need to evaluate their security measures and amend policies and procedures to meet the new obligations and mandates. Itm8’s NIS2 Gap Analysis Service can assist companies on their journey to full compliance with a gap analysis. A gap analysis is a method of analysis that compares an organization's current performance with its desired or expected performance. The term “gap” refers to the space between “where we are” (the current performance) and where “we want to be” (the desired performance). Itm8’s NIS2 gap analysis uses acknowledged frameworks like NIST-CF, ISO 27001, and/or CIS-18 to identify where your organization can strengthen its cyber security initiatives and reach an acceptable level of compliance.

Value

  • Measures your cyber security maturity against an acknowledge security framework such as NIST-CF. CIS-18 or ISO 27001

  • Identify areas to improve, creating an overview on where to raise your security posture in order to be compliant with the NIS2 requirements

  • Creates the foundation for a road map and strategical initiatives for raising your organizations overall resilience

Method

Our analysis is built on standards from the CIS 18 v.8 & ISO 2700x frameworks and mapping the existing CIS controls into the ISO 2700x framework to obtain the highest standards and become compliant with relevant authorities. ​

The concluding NIS2 gap analysis is based on a combination of meetings, interviews, and a pragmatic methodical approach involving representatives of IT & Management.​

Product

The deliverable of the NIS2 Gap analysis review is a written report containing the following: ​

  • ​An analysis outlining the current state of cyber security within the organization, assessed through selected hands-on strategic tests & interviews of key stakeholders in the organization. ​

  • Recommendations on enhancing the level of security for the findings identified during the interviews including actions that will effectively optimize the process of becoming NIS2 compliant in a swift and timely manner​.