The New Network & Information Security Directive - Are You Prepared for May?
Those affected by the NIS need to have in place by 9 May 2018 for sufficient and adequate security measures, processes and documented procedures to ensure continuity of service and the ability to identify and deal expeditiously with any 'cyber incident' such as hacking, ransomware, denial of service attacks and 'disasters' such as data centre power outages, floods or lightning strikes.
The NIS is far from being limited to personal data: Being GDPR compliant is most unlikely to make an affected organisation NIS compliant. Non-compliance, even if there were no 'cyber incident', could lead to severe fines in line with GDPR penalties. There will be mandatory reporting requirements which you need to follow.
The public and private sectors affected by the NIS Directive include energy, transport, banking, credit providers, other financial institutions, healthcare services, water supplies, as well as digital service providers ('DSPs') including digital infrastructure providers.
What You Will Learn
This course will cover the following:
- Identification of other 'Operators of Essential Services' ('OES') at the UK national level
- The position of Micro and Small Entities - do they fall under the scope of the Directive?
- Some special provisions for DSPs, including cloud providers and online marketplaces
- Who might an affected enterprise's competent authority be?
- The NIS designated state bodies
- The vital need to keep abreast of and implement warnings issued
- Obligations imposed on an OES
- Responding to a cyber incident - the sorts of cyber incidents that are or are likely to be notifiable
- Liability, enforcement and the ability to impose severe penalties and fines
9:30am - 5:15pm
Please let us know if you wish to be notified when new dates are added for this programme