Google, eBay, Facebook, Yahoo!, Foursquare and Microsoft have said that they want nothing to do with the proposed Network and Information Security (NIS) Directive.
In the current text of the directive, “market operators” are required to notify the authorities about any cyber security incidents. There is a lot of discussion as what constitutes as a “market operator”, however.
The Computer and Communications Industry Association (CCIA) is in agreement that this includes critical infrastructure, online banking services and other financial institutions, but there is room for debate over whether “Internet enabling services” should be included.
Many Internet enabling services – such as that of Google and Microsoft – are already regulated for cyber security incidents and believe that additional legislation would only introduce extra complexity, confusion and cost.
Google claimed that, “Such massive reporting, and often double reporting, to poorly resourced authorities would expose citizens’ personal data to unnecessary risk at no significant security benefits.”
Many organisations – regardless of sector – are choosing ISO27001 certification to demonstrate their dedication to cyber security. This information security standard is recognised internationally and provides an effective approach to managing the confidentiality, integrity and availability of data.
Organisations with multiple compliance requirements often seek certification to ISO27001, as its comprehensive approach to information security can centralise and simplify disjointed compliance efforts. It is often the case that companies will achieve compliance with a host of legislative requirements simply by achieving ISO27001 certification.
The latest version of the Standard, ISO27001:2013, is simple to follow and has been developed with business in mind. It presents a comprehensive and logical approach to developing, implementing and managing an ISMS, and provides associated guidance for conducting risk assessments and applying the necessary risk treatments. In addition, ISO27001:2013 has been developed to harmonise with other standards, so the process of auditing other ISO standards will be a smooth, integrated process, removing the need for multiple audits.
For further information on how you can leverage ISO27001 as a single framework for creating a cyber secure organisation while supporting adherence to the GDPR, the NIS Directive and many other cyber security laws, download our free guide.
Source: The Register