GENESIS - Guidelines for public authorities and SME providers of strategic services for the risk-oriented implementation of the NIS Directive

Date: 
01/01/2017

In recent years, the number of cyber-attacks on enterprises has increased drastically and attackers have shifted their focus more and more towards critical infrastructures. Due to their role as crucial utility providers, incidents within critical infrastructures have far-reaching impacts on society. In order to prevent such incidents and to provide protective measures, the European Parliament has issued the directive on security of network and information systems (NIS Directive) in 2016, which will become Austrian law in 2018 as the "Cybersicherheitsgesetz". The NIS Directive addresses operators of essential services from selected sectors of critical infrastructures as well as digital service providers and thus affects small and medium-sized enterprises (SMEs) to a large amount. However, it is often difficult for SMEs to implement the comprehensive action catalogues specified in the standardized security and risk management frameworks covered by the NIS Directive. The project GENESIS aims to develop a risk management framework for the SMEs affected by the NIS Directive. The goal of this framework is to meet both, the requirements of the NIS Directive, and the results of the current national legislative process. Therefore, a guideline is derived from recognized standards and best practices from the fields of risk management, information security and cybersecurity management. In particular, the risk management framework focusses on modularity, practice orientation and cost-efficiency, as well as individual applicability both for the authorities as well as for SMEs from different areas. Additionally, the project aims to formulate the risk management framework in such a way that a resource-efficient monitoring and audit can be carried out by the "NIS authority", which will be installed in the future. Therefore, the main outcome of the GENESIS project is a flexible and cost-effective risk management framework for SMEs, which implements the requirements of the NIS Directive and the "Cybersicherheitsgesetz". Based on this framework, an application guideline is derived supporting organizations of different size and from different areas to implement the risk management framework. A third core result of the project is a catalogue defining audit objects and their minimum security requirements. The primary audience of the study resulting from the project is both critical infrastructure operators and public authorities. On the one hand, the results will support a cost-efficient, modular and individual implementation of the NIS Directive for SMEs. On the other hand, a clear definition of minimum security requirements as guidance and verification for authorities and SMEs will be provided. The long-term goal of GENESIS is to achieve a sustainable increase of the security level within critical infrastructures of different size in Austria.

Week: 
Monday, 10 December, 2018

Project type:

News

SMESEC project Open Call for SMEs and SME associations
SMESEC has released an open call for SMEs and SME associations in order to validate SMESEC framework and at the same time improve their systems’ security.
 
SMESEC is inviting SMEs to participate in the validation of the SMESEC framework. By participating you not only have influence on the evaluation of the SMESEC framework, but also improve your own company security and get up to €20.000 of funds!

Future Events

CYBERUK 2019
24/04/2019 to 25/04/2019
Image:

CYBERUK is the UK government’s flagship cyber security event. Hosted by the National Cyber Security Centre (NCSC), it features world-class speakers, solutions and opportunities for interaction between the public and private sectors. You will be briefed on the evolving cyber threat and how we must respond as individuals and as a community to keep Britain safe in cyberspace.

CYBERUK 2019
24/04/2019 to 25/04/2019
Image:

Where: Scottish Event Campus (SEC), Glasgow
When: 24-25 April 2019
 
CYBERUK is the UK government’s flagship cyber security event. Hosted by the National Cyber Security Centre (NCSC), it features world-class speakers, solutions and opportunities for interaction between the public and private sectors. You will be briefed on the evolving cyber threat and how we must respond as individuals and as a community to keep Britain safe in cyberspace.