Details

05 September 2023

Hits: 1509

 Information & News

 

Progress of the transposition of the NIS 2 directive

he NIS 2 Directive was published on December 27, 2022, in the Official Journal of the European Union, and requires each Member State to transpose the various regulatory requirements into national law.

The transposition of the directive takes place in two main phases:
The preparation phase of the draft law, which was presented to the Council of Ministers on October 15, 2024, with a view to its submission to Parliament and adoption.
The production phase of the decrees and orders, which will result from the consultations, in order to submit them for interministerial validation for publication in the months following the promulgation of the law.
NIS 2 will therefore enter into force in France as soon as all the transposition texts (laws, decrees, orders) have been promulgated. It is worth noting that the entry into force date does not correspond to the application date of all the regulatory requirements that will be imposed on regulated entities.

For more information:
You can find the Draft Law on the Resilience of Critical Infrastructure and the Strengthening of Cybersecurity (PRMD2412608L) on the Légifrance website.
This draft law is subject to amendment during parliamentary proceedings.

 

 What guidelines and best practices should be used to implement information security measures?

What is ISO/IEC 27002?

ISO/IEC 27002 is an International Standard that provides guidance for organizations seeking to establish, implement, and improve a cybersecurity-focused information security management system (ISMS). While ISO/IEC 27001 outlines the requirements for an ISMS, ISO/IEC 27002 establishes best practices and control objectives related to key aspects of cybersecurity, including access control, cryptography, human resource security, and incident response. This standard provides a practical reference model for organizations seeking to effectively protect their data from cyber threats. Businesses that implement the guidelines in ISO/IEC 27002 can take a proactive approach to cybersecurity risk management and protect critical data from unauthorized access and the risk of data loss.

Why is ISO/IEC 27002 essential?

 The rapidly evolving digital landscape has opened up unprecedented opportunities for businesses, but it has also introduced a myriad of vulnerabilities and threats. In this context, ISO/IEC 27002 is an essential tool that helps organizations navigate the complex web of information security challenges. It provides businesses with a proven framework of best practices to not only protect their sensitive data but also strengthen the trust of their stakeholders, customers, and partners. Implementing the controls and guidelines in ISO/IEC 27002 is based on a proactive approach to information security, helping to minimize the risks of data breaches, unauthorized access, and potential financial and reputational damage.

Link to ISO 27001:2022

• ISO 27002:2022 provides detailed guidelines for implementing the controls in Annex A of ISO 27001:2022.
• It is not certifiable but is essential for practical implementation.

Note:

• Organizations certified to ISO 27001 should refer to this version for updates.
• An application document (ISO 27002:2022/Amd 1) was published in 2023 for additional clarifications.

  

• Cyber Risks Training
• Cyber security Training
• My Coaching
• Formations office
• Office Training
• Continuity and resilience training
• Cyber ​​security awareness