What is the NIS Directive?

The Networks and Information Systems (NIS) Directive is the first piece of EU-wide legislation on cyber security. The purpose of the legislation is to ensure a universal standard of security across all European member states. It is a vital piece of legislation which may prevent severe threats from compromising the security of European businesses and Operators of Essential Services (OES). Incidents of this nature could cause significant damage to the UK economy. For example, the 2017 WannaCry attack on the NHS, whereby data on their computer systems was scrambled and hackers demanded money in return for access to the files. The NIS Directive was enforced a year later but could have stopped the WannaCry attack if it was in place.

Nis Objectives and Principles



What is the NCSC Cyber Assessment Framework?

The National Cyber Security Centre has implemented the Cyber Assessment Framework (CAF) in order to help businesses to comply with the NIS Directive. This framework enables businesses within the cybersecurity industry to check whether they are compliant with the NIS legislation.

Nexor can help organisations within the sector with our CyberShield Secure services, by undertaking a gap assessment against the CAF using a maturity model approach. We can then help to plan a development programme and highlight changes which must be made in order to become compliant.


The Impact of the NIS Directive on the Critical National Infrastructure (CNI)

The Critical National Infrastructure (CNI) refers to businesses which the country relies upon in order to function. In the United Kingdom, these businesses have been defined as:

  • Chemicals
  • Civil Nuclear Communications
  • Defence
  • Emergency Services
  • Energy
  • Finance
  • Food
  • Government
  • Health
  • Space
  • Transport
  • Water

With guidance from the Cyber Assessment Framework, the NIS Directive will give structure to Operators of Essential Services and help them to become as secure as possible. They must thoroughly assess their current security systems, identify gaps in the NIS guidelines, and implement improvement plans in order to remove opportunities for attacks.


How Does Nexor Utilise These?

Our consultancy service can help you to identify the shortfalls within your security systems. Our CyberShield Secure services focus on five key areas:

  1. Security Assessment – Our consultants use a range of tools to provide threat and vulnerability assessments.
  2. Security Architecture – Our security architects will design a solution that balances the mitigation of identified security risks with successful business outcomes.
  3. Security Solutions – Nexor’s technical consultants are experienced at working in high assurance environments and have the appropriate documentation to enable system maintenance and accreditation.
  4. Security Management – Nexor’s consultants can advise on management strategies and processes to ensure a solution continues to meet security and business objectives as threats and needs evolve.
  5. Applied Research – Nexor’s consultants are Subject Matter Experts, at the forefront of cross-domain technology.

Nexor can help businesses to understand and comply with the NIS Directive. Our experts specialise in helping clients to identify risks, quickly detect breaches and balance this with the usability, performance and cost of your systems.

Contact our expert team today and find out how we can improve your security systems.


Be the first to know about developments in secure information exchange