Cybersecurity Regulations & Compliance

As regulations around the world increase to harmonize systems and join forces to strengthen cyber resilience and combat cyber attacks of all kinds, the information and guidelines can be overwhelming.

This is why we have created dedicated articles and resources to help organizations align with their regional duties regarding incident reporting and security measures. Scroll down for our NIS2 action plan as well as guidelines for every active IT security legislation.

until the new Network and Information Security Directive, NIS2

NIS2 Risk Calculator

As NIS2 approaches, are you aware of your risk and implications? Use the below calculator as a guideline.

NIS2

Under the latest NIS2 directive due on October 17th, 2024, organizations are required to take several measures to ensure the security and resilience of their networks and information systems.

Risk management, technical and organizational measures as well as incident reporting will all be part of this law enforcement throughout the EU.

What’s a key tool for advanced security monitoring? How can you best comply and avoid the penalties? Download the NIS2 action plan and compliance checklist below or read our extensive blog.

How to comply to NIS2 regulations in 2024

DORA

Entered into Force: January 16, 2023
Regulation application: January 17, 2025

The EU Commission's regulation Digital Operational Resilience Act (DORA) that came into force on 16.01.2023 affects all regulated financial companies in the EU and translates into several actions around IT systems and incident reporting.

What are the implications of DORA for Swiss companies? How can companies best fight cyber threats in this scope?

Dora pic

ISG

The recent Information Security Act (ISG) in Switzerland bundles the relevant legal bases for cybersecurity in one law and leads to a fundamental restructuring of cybersecurity by the federal government.

Directives on IT security, how the federal government can order audits and the responsibilities for dealing with major IT attacks are highlighted in our blog. Read about the reporting duties, deadlines and fines below.

From the Perspective of a Data Scientist

"It’s impossible to completely secure an organization against cyber-attacks. At some point, attackers will successfully compromise nearly any organization.

Thus, the relevant question is, can an organization detect and mitigate a cyber -attack before their data is stolen and encrypted?"

- Dr. sc. David Gugelmann, Co-CEO @ Exeon Analytics

David

What Should You Do Today?

Below is a to-do list grouped into four focus areas to provide organizations with an overview of best practices towards the compliance for all regulations mentioned above.

By completing these four steps, your organization will not only reach higher levels of corporate and IT security, but you will also save time and costs on reactive measures and potential penalties through complete processes, planning and adequate tools.

1. Analyze and assess your security risks:

  • Conduct a comprehensive risk assessment to identify potential threats and vulnerabilities.
  • Prioritize risks based on their likelihood and potential impact on the organization.
  • Develop a risk management plan outlining strategies for prevention, detection, identification, containment, mitigation, and incident response.

2. Ensure business continuity and crisis management:

  • Develop and regularly update a business continuity plan to ensure your organization can continue its critical operations in the event of a disruption.
  • Establish crisis management procedures to respond effectively to unexpected incidents, such as cyberattacks, natural disasters, or other emergencies.
  • Conduct regular drills and simulations to test the effectiveness of the business continuity and crisis management plans.

3. Ensure security in third-party procurement, development, and maintenance of networks and information systems:

  • Implement a robust vendor risk management program to assess and monitor the security practices of third-party vendors.
  • Include security requirements in procurement contracts to ensure vendors adhere to the organization's cybersecurity standards.
  • Regularly audit and assess the security posture of third-party systems and networks.

4. Test and evaluate the effectiveness of IT security risk management measures:

  • Conduct regular penetration testing and vulnerability assessments to identify weaknesses in the organization's IT systems.
  • Implement security awareness training programs for employees to reduce the likelihood of human error leading to security incidents.
  • Establish key performance indicators (KPIs) to measure the effectiveness of security measures and regularly review and update security protocols based on the findings.

Result: You Can Achieve Cyber-Resilience

By addressing these tasks, you can enhance your company’s overall cybersecurity posture, reduce the risk of security incidents, and be better prepared to respond to and recover from any potential disruptions. Regular monitoring, evaluation, and updating of security measures are crucial in the ever-evolving landscape of cybersecurity threats.

Consultancy and Guidance on IT Security

Are you uncertain of the required actions for your organization or wish to discuss the details of these regulations with a security expert?

We invite you to share your requirements and concerns directly, and we will propose solutions.

As Written by our Security Experts

As a passionate and interdisciplinary team of security specialists data scientists, white hat hackers and business professionals, we’ve accumulated a wealth of knowledge on cybersecurity regulations.

By maintaining frequent communication and engaging in discussions with industry leaders and decision-makers in IT security, our goal is to translate these insights into relevant and captivating blog posts for you. Explore our latest blog posts below and feel free to get in touch with the authors for comments and questions.