This service expansion enables you to meet the strict deadlines posed by the NIS2 Directive’s reporting and monitoring obligation concerning significant cyber security incidents. We can handle the notifications to the authorities according to your needs as well as take care of the reporting – if necessary, our Security Operations Center (SOC) can do this independently.
In case of a significant incident that meets the criteria, we will:
Issue a first notification to the authorities and stakeholders within 24 hours of detection
Issue a follow-up notification to the authorities and stakeholders within 72 hours of detection
Limit the disturbance with the immediate countermeasures that are at the SOC’s disposal.
Engage in any necessary further investigation, limiting the disturbance, and restoring the normal status under an appointed DFIR investigation leader.
As necessary, taking care the intermediate and final reporting required by the directive and coordinating the communication with the authorities.
The implementation of the service includes the specification of all the initial data that is required in order to successfully meet the directive’s reporting obligation.
The authority’s entity list notification
Written definition of notification parties
Clarification of the criteria for a significant incident
In order to comply with the European NIS2 service level, a service for managing significant cyber security incidents requires effective, 24/7 SOC services because the NIS2 Directive requires that the first notification of an incident must be made within 24 hours of detection. This requires monitoring and response capabilities that function 24/7.
Furthermore, it should be noted that monitoring and reporting are carried out in the scope of services purchased from the SOC. The further investigation of significant incidents requires the purchase of the DFIR services.